Discrepancy in online leases report - "Status->IPsec->Leases" page
-
Hi,
Sorry, after several unsuccessful attempts to prevent the post from being classified as SPAM, it was necessary to put the text in the attached file.
post.txtThanks,
Geovane
-
Ill give it a try- From post.txt above..
Hi,
PfSense Plataform: CE 2.8.0 and 2.8.1
The generated list by the Status/IPsec/Leases page appears to be including clients with null IP addresses in the calculation of online clients (command line output below), when only those with real assigned IP addresses are listed on the page.
This leads to a very large discrepancy between the clients considered online and all established IKE SAs, output of the command
swanctl --list-sas | grep ESTABLISHED | wc -l
If the null IPs listed as online are excluded from the listing, the listing will be consistent with the list shown on the page, more realistic and practically identical to that of the established IKE Security Associations (SAs).swanctl --list-pools --leases | more
(null) online 'gustav'
(null) online 'gustav'
192.168.100.226 online 'johnk'Comparison:
Status/IPsec/Leases page output: 200 leases on line
swanctl --list-pools --leases | grep online | wc -l
200
swanctl --list-pools --leases | grep online | grep -v null | wc -l
119
swanctl --list-sas | grep ESTABLISHED | wc -l
121Thanks,
Geovane
