fix: do not require 'both' protocol for fqdn remote-gateway #382

jaredhendrickson13 · Jul 29, 2023 · 6657521 · 6657521
1 parent 41ad327
commit 6657521
Show file tree

Hide file tree

Showing 4 changed files with 0 additions and 36 deletions.
diff --git a/pfSense-pkg-API/files/etc/inc/api/framework/APIResponse.inc b/pfSense-pkg-API/files/etc/inc/api/framework/APIResponse.inc
@@ -1625,12 +1625,6 @@ function get($id, $data=[], $all=false) {
             "return" => $id,
             "message" => "IPsec remote gateway must be IPv6 address when protocol is set to 'inet6'"
         ],
-        2169 => [
-            "status" => "bad request",
-            "code" => 400,
-            "return" => $id,
-            "message" => "IPsec remote gateway cannot be a hostname unless protocol is set to 'both'"
-        ],
         2170 => [
             "status" => "bad request",
             "code" => 400,

diff --git a/pfSense-pkg-API/files/etc/inc/api/models/APIServicesIPsecPhase1Create.inc b/pfSense-pkg-API/files/etc/inc/api/models/APIServicesIPsecPhase1Create.inc
@@ -167,10 +167,6 @@ class APIServicesIPsecPhase1Create extends APIModel {
             elseif (is_ipaddrv4($this->initial_data["remote-gateway"]) and $this->validated_data["protocol"] === "inet6") {
                 $this->errors[] = APIResponse\get(2168);
             }
-            # For domain name remote gateways, ensure the protocol is 'both'
-            elseif (is_fqdn($this->initial_data["remote-gateway"]) and $this->validated_data["protocol"] !== "both") {
-                $this->errors[] = APIResponse\get(2169);
-            }
             # Ensure remote gateway is not already in use
             elseif ($this->is_ipsec_remote_gateway_in_use($this->initial_data["remote-gateway"])) {
                 $this->errors[] = APIResponse\get(2170);

diff --git a/pfSense-pkg-API/files/etc/inc/api/models/APIServicesIPsecPhase1Update.inc b/pfSense-pkg-API/files/etc/inc/api/models/APIServicesIPsecPhase1Update.inc
@@ -245,10 +245,6 @@ class APIServicesIPsecPhase1Update extends APIModel {
             elseif (is_ipaddrv4($this->initial_data["remote-gateway"]) and $this->validated_data["protocol"] === "inet6") {
                 $this->errors[] = APIResponse\get(2168);
             }
-            # For domain name remote gateways, ensure the protocol is 'both'
-            elseif (is_fqdn($this->initial_data["remote-gateway"]) and $this->validated_data["protocol"] !== "both") {
-                $this->errors[] = APIResponse\get(2169);
-            }
             # Ensure remote gateway is not already in use
             elseif ($this->is_ipsec_remote_gateway_in_use($this->initial_data["remote-gateway"])) {
                 $this->errors[] = APIResponse\get(2170);

diff --git a/tests/test_api_v1_services_ipsec_phase1.py b/tests/test_api_v1_services_ipsec_phase1.py
@@ -197,28 +197,6 @@ class APIE2ETestServicesIPsecPhase1(e2e_test_framework.APIE2ETest):
                 "remote-gateway": "127.0.0.1"
             }
         },
-        {
-            "name": "Check remote-gateway domain only when protocol is 'both' constraint (inet)",
-            "status": 400,
-            "return": 2169,
-            "req_data": {
-                "iketype": "ikev2",
-                "protocol": "inet",
-                "interface": "wan",
-                "remote-gateway": "example.com"
-            }
-        },
-        {
-            "name": "Check remote-gateway domain only when protocol is 'both' constraint (inet6)",
-            "status": 400,
-            "return": 2169,
-            "req_data": {
-                "iketype": "ikev2",
-                "protocol": "inet6",
-                "interface": "wan",
-                "remote-gateway": "example.com"
-            }
-        },
         {
             "name": "Check remote gateway unique constraint",
             "status": 400,