Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPv4 VTI tunnel - set network mask

    Scheduled Pinned Locked Moved IPsec
    vti
    3 Posts 2 Posters 783 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mix_room
      last edited by

      Prior to upgrading to 2.4.5 I was able to select the size of the VTI local and remote networks in the interface.

      I used this to set /31 networks for my links. They are point-to-point, and it makes numbering them a little easier for me. ( Using (10.0.0.0,10.0.0.1), (10.0.0.2,10.0.0.3) as pairs is easier to remember than (10.0.0.1,10.0.0..2), (10.0.0.5,10.0.0.6) )

      In 2.4.5 the option to change this is not available, see screenshot. VTI.png

      Is this intended behaviour of the new version? I am worried that this will force me to renumber all my links, as next time I update I will not be able to set the correct network size, and they will default to a /30.

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        It is intended to assume /30 there since it's point-to-point. Though I could see how /31 might work for some.

        We recently did fix a bug here, https://redmine.pfsense.org/issues/10418, but that was after 2.4.5 was created.

        In 2.4.5 you could change the mode to tunnel, change the type to network, then fix the mask, then switch back to VTI and save.

        We might have to revisit https://redmine.pfsense.org/issues/10418 before the next release yet.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        M 1 Reply Last reply Reply Quote 0
        • M
          mix_room @jimp
          last edited by mix_room

          @jimp said in IPv4 VTI tunnel - set network mask:

          It is intended to assume /30 there since it's point-to-point. Though I could see how /31 might work for some.

          We recently did fix a bug here, https://redmine.pfsense.org/issues/10418, but that was after 2.4.5 was created.
          Ok, then I know why.

          In 2.4.5 you could change the mode to tunnel, change the type to network, then fix the mask, then switch back to VTI and save.
          We might have to revisit https://redmine.pfsense.org/issues/10418 before the next release yet.

          The work-around works. I can live with that for now. Thanks for the hint.
          Edit: the assigned interface does not seem to come up.

          I changed this particular tunnel to be a /30 to check. The interface does not show up when calling "ifconfig" from the command line. It can be assingned under "Interfaces / Interface Assignments". The IPsec tunnel shows as up in the IPSec status tab. -> New thread for this issue as I see it with a separate tunnel as well: https://forum.netgate.com/topic/152246/interface-ipsec6000-not-being-added-for-vti-tunnel

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.