Bug 11620

Summary: REQUEST: Combine General and Advanced IPSec Config Pages
Product: IPFire Reporter: Tom Rymes <tomvend>
Component: ---Assignee: Assigned to nobody - feel free to grab it and work on it <nobody>
Status: CLOSED WONTFIX QA Contact:
Severity: Aesthetic Issue    
Priority: - Unknown - CC: michael.tremer
Version: 2   
Hardware: unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 11618    

Description Tom Rymes 2018-02-06 23:24:36 UTC 
Currently, when adding or modifying an IPSec connection, the user must first configure the general settings, and then click on "Advanced" to reach a completely different page with the advanced settings, such as the cipher suite, etc.

This can be annoying for the user, as they may need to change or confirm one of the main settings after clicking advanced, and that requires the user to cancel or save then re-open the main config page.

Another issue with the current setup is that, when adding a new tunnel, the tunnel is brought up by Strongswan using the default settings. Once the tunnel has been initiated, the advanced settings page is displayed. This seems to be out of order, and it would make more sense to configure all of the settings before adding the tunnel and initiating it.

I would like to request that the advanced settings be combined with the main settings, such that advanced settings are always displayed, or perhaps placed in a collapsible panel that is normally closed (with a triangle or button to open). Expanding the panel would allow the user to still see and configure all tunnel settings after clicking "Advanced".
Comment 1 Michael Tremer 2018-02-12 00:00:28 UTC 
I understand your request that this makes sense for the POV of an experienced user. I don't like the extra click either.

However for the beginners, it is quite nice to have a somple page with the bare necessities to put in. They don't have to bother with the crypto stuff at all and actually even most advanced users break more then they do good here. Therefore it makes a lot of sense.

Finally the vpnmain.cgi is very fragile and we will break a lot when we put things together.

In IPFire 3 we have completely moved the crypto stuff to an extra area called security policies which are configured first and then the connections are created. We provide good defaults though. https://man-pages.ipfire.org/network/network-vpn-security-policies.html So I suppose the web UI will look a bit similar to what we have now.