Replies: 6 comments 3 replies
-
Yes, I ran into it with the very first IPSec VPN that I tried to document. I would say that this is an overwhelmingly common practice. In theory you could set up separate policies for all of the combinations but that quickly becomes infeasible. Just the above example would require 12 entries in NetBox to duplicate. Then you have the reverse problem of trying to generate a VPN config from what's stored in NetBox. |
Beta Was this translation helpful? Give feedback.
-
No one raised it as an issue either during the development of #9816 or during the month-long beta evaluation period, so it must be not be too common. Had it been raised as a limitation during the beta period, we could have revisited the data model. However, now that v3.7 has been released, any breaking changes will need to wait for a future minor version bump. This is why we beg people to participate in the evaluation period. |
Beta Was this translation helpful? Give feedback.
-
Jeremy, Expecting a large number of people to find some random issue in the bug tracker and follow the discussion in that issue is not reasonable, especially if they aren't looking for it. Expecting a large number of people to participate in a beta test over the winter holidays is not reasonable. Limitations of the model were brought up by @jronnblom before the beta was released but were ignored. I think that this issue and others highlights a deficiency in NetBox's current development model. Large feature changes/additions like this are developed very quickly with discussions that are buried in issues and then design decisions are locked down way too quickly. At the minimum feature additions/changes like this should have a discussion associated with them, probably with a blog post explaining the feature proposal and a link for further discussion. It would help also if the beta announcements would contain reminders about how to access the beta demo site or how to install the beta locally for testing. |
Beta Was this translation helpful? Give feedback.
-
Sorry I'm late to the game but I just found the post after trying all solution to avoid having to put dozen of Ike proposal just to simulate the proposal that I have in reality. So if anyone has a better solution, I will use it. Has anyone tried to modify VPN model to allow multiple selections? |
Beta Was this translation helpful? Give feedback.
-
Beta Was this translation helpful? Give feedback.
-
Heyo! Having a similar issue with getting multiple tied to a proposal. Anyone found a workaround for 4.2.3? |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
I wrote about this in issue #14790 but now creating a discussion since it sounds like this will not be simple to implement. It seems to be common (maybe not best) practice to configure multiple encryption/integrity algorithms in a single isakmp/ikev2 proposals. However, the new vpn model in netbox only allows for a single option to be selected per proposal.
Something like this cannot be documented currently in version v3.7.0 of netbox:
Has anyone else ran into this limitation? Or found a different way to work around it?
Beta Was this translation helpful? Give feedback.
All reactions