Bug 12075

Summary: assigning static IP address pools for OpenVPN fails: already in use for an IPsec connection
Product: IPFire Reporter: Peter Müller <peter.mueller>
Component: ---Assignee: Erik Kapfer <ummeegge>
Status: CLOSED DUPLICATE QA Contact: Peter Müller <peter.mueller>
Severity: Minor Usability    
Priority: Will affect an average number of users CC: alexander.marx, michael.tremer
Version: 2   
Hardware: all   
OS: All   
See Also: https://bugzilla.ipfire.org/show_bug.cgi?id=11823

Description Peter Müller 2019-05-11 09:45:11 UTC 
The OpenVPN GUI seems to do wrong IP/CIDR calculations when trying to add a new static IP address pool. It always reports a given subnet is already in use by an IPsec N2N connection - however, it is not.

Steps to reproduce:
(a) Set up an IPsec N2N connection with arbitrary remote/local networks (used 10.XXX.XXX.0/24 for both).
(b) Activate the connection.
(c) Add a new OpenVPN static IP address pool with an arbitrary subnet (used 10.XXX.XXX.0/24, with an IP address range not covered by mentioned IPsec connection).

Step (c) fails, no matter which IP address range I choose (it even fails with 192.168.XXX.XXX). It seems like this GUI is miscalculating IP/CIDR stuff.

CIDR notation or /255.255.255.0 does not matter.
Comment 1 Peter Müller 2019-05-11 10:22:45 UTC 
Bug #11823 sounds quite similar...
Comment 2 Peter Müller 2019-06-16 16:37:20 UTC 
I think this is because of IPsec subnet calculation gone wrong.

*** This bug has been marked as a duplicate of bug 11235 ***