Created attachment 449 [details] patch for multiple ipsec subnets Overview: GUI provides the error message "The given subnet address is already used by an IPsec network" if you have an active IPSec setup (static tunnels) and you try to setup static ip address pools for openVPN. Steps to Reproduce: Setup multiple IPSec remote subnets (e.g. 10.10.0.0/255.255.0.0,10.40.2.10/255.255.255.255,10.1.4.0/255.255.255.0) and try to add a static openVPN address pool (e.g. Test - 192.168.1.0/24) Actual Results: Error "The given subnet address is already used by an IPsec network" Expected Results: A new static openVPN address pool to add. Build Date & Hardware: IPFire 2.19 (x86_64) - Core Update 102 Reason: Multiple subnets are not handled correctly in /var/ipfire/general-functions.pl (starting at line 1140). Solution: See attached patch.
Hi What exactly do you mean with "set up multiple remote subnets"? I tried to add some ipsec net-to-net connections and then add an static ovpn subnet, which worked fine.
Thanks for sending the patch. http://git.ipfire.org/?p=people/amarx/ipfire-2.x.git;a=commit;h=8276e4862542cd487607c3f2cb3db6f7318891d6 should fix it.
I am receiving a similar error when trying to add a network to "Firewall Groups". When adding a /27 network to Firewall groups, I get the error "The given subnet address is already used by an IPsec network. Name: MyTunnel" If I look up the configuration for "MyTunnel", the external IP for that tunnel is not within that range, but does start with the same number (first octet 64 instead of first octet 63 for the range I am adding), while the internal subnets for the tunnel are not at all similar (10.x.x.x) Any chance this is related before I go and open another bug?
Is this bug still up to date? (Currently cleaning up the bug list... :-) )
*** Bug 11429 has been marked as a duplicate of this bug. ***
This issue can be reproduced here with Core Update 116.
(In reply to Peter Müller from comment #6) > This issue can be reproduced here with Core Update 116. Do you have this patch applied? https://cgit.ipfire.org/ipfire-2.x.git/commit/config/cfgroot/network-functions.pl?id=1047805dba564994a96da0adbfb6559a8609ec11
(In reply to Michael Tremer from comment #7) > (In reply to Peter Müller from comment #6) > > This issue can be reproduced here with Core Update 116. > > Do you have this patch applied? > https://cgit.ipfire.org/ipfire-2.x.git/commit/config/cfgroot/network- > functions.pl?id=1047805dba564994a96da0adbfb6559a8609ec11 Yes. However, is it possible that this bug is related to https://bugzilla.ipfire.org/show_bug.cgi?id=10923 ? Sounds very similar...
This has been fixed in Core Update 122. https://www.ipfire.org/news/ipfire-2-21-core-update-122-released