VPN proposal API POST requires authentication_algorithm in the request body #9926

New Issue

adam · 2025-12-29T21:24:31+01:00

adam commented

2025-12-29 21:24:31 +01:00

Originally created by @locklearxd on GitHub (Jul 1, 2024).

Originally assigned to: @jeremystretch on GitHub.

Deployment Type

Self-hosted

NetBox Version

v4.0.6

Python Version

3.10

Steps to Reproduce

This can be done via CURL natively in the API via Swagger UI. Confirmed with a raw request.

Send a POST request to the API without the "authentication_algorithm" in the request body or "null" as the value.
Receive a response The request failed with code 400 Bad Request: {'authentication_algorithm': ['This field is required.']}
OR receive a response The request failed with code 400 Bad Request: {'authentication_algorithm': ['null is not a valid choice.']}

Expected Behavior

The web interface supports creation of IKE proposals without an authentication algorithm in the cases where no auth is specified. This creates an object like so visible in the API:
{
"id": 1,
"url": "https://netbox_fqdn_here/api/vpn/ike-proposals/1/",
"display": "default",
"name": "default",
"description": "",
"authentication_method": {
"value": "preshared-keys",
"label": "Pre-shared keys"
},
"encryption_algorithm": {
"value": "aes-128-cbc",
"label": "128-bit AES (CBC)"
},
"authentication_algorithm": null,
"group": {
"value": 2,
"label": "Group 2"
},
"sa_lifetime": null,
"comments": "",
"tags": [],
"custom_fields": {},
"created": "2024-07-01T18:36:23.031219Z",
"last_updated": "2024-07-01T18:52:15.841523Z"
}

So clearly a null value is intended to be supported and should be supported via API as well.
I expected the API to support either the request body to have this as optional or support a null value. It does not appear to.

Observed Behavior

400 Bad Request: {'authentication_algorithm': ['This field is required.']}
400 Bad Request: {'authentication_algorithm': ['null is not a valid choice.']}

Originally created by @locklearxd on GitHub (Jul 1, 2024). Originally assigned to: @jeremystretch on GitHub. ### Deployment Type Self-hosted ### NetBox Version v4.0.6 ### Python Version 3.10 ### Steps to Reproduce This can be done via CURL natively in the API via Swagger UI. Confirmed with a raw request. 1. Send a POST request to the API without the "authentication_algorithm" in the request body or "null" as the value. 2. Receive a response The request failed with code 400 Bad Request: {'authentication_algorithm': ['This field is required.']} 3. OR receive a response The request failed with code 400 Bad Request: {'authentication_algorithm': ['null is not a valid choice.']} ### Expected Behavior The web interface supports creation of IKE proposals without an authentication algorithm in the cases where no auth is specified. This creates an object like so visible in the API: { "id": 1, "url": "https://netbox_fqdn_here/api/vpn/ike-proposals/1/", "display": "default", "name": "default", "description": "", "authentication_method": { "value": "preshared-keys", "label": "Pre-shared keys" }, "encryption_algorithm": { "value": "aes-128-cbc", "label": "128-bit AES (CBC)" }, _**"authentication_algorithm": null**_, "group": { "value": 2, "label": "Group 2" }, "sa_lifetime": null, "comments": "", "tags": [], "custom_fields": {}, "created": "2024-07-01T18:36:23.031219Z", "last_updated": "2024-07-01T18:52:15.841523Z" } So clearly a null value is intended to be supported and should be supported via API as well. I expected the API to support either the request body to have this as optional or support a null value. It does not appear to. ### Observed Behavior 400 Bad Request: {'authentication_algorithm': ['This field is required.']} 400 Bad Request: {'authentication_algorithm': ['null is not a valid choice.']}

adam added the type: bug status: accepted severity: medium labels 2025-12-29 21:24:31 +01:00

adam closed this issue

2025-12-29 21:24:31 +01:00

adam commented

2025-12-29 21:24:31 +01:00

@locklearxd commented on GitHub (Jul 8, 2024):

@jeremystretch @arthanson

Sorry I should've included this in the original report, but the same issue occurs for IPsec proposals.

Reproduced with a POST to this API endpoint:

/api/vpn/ipsec-proposals/

I would assume that the fix should be the same, either allowing null values or making it not required.

@locklearxd commented on GitHub (Jul 8, 2024): @jeremystretch @arthanson Sorry I should've included this in the original report, but the same issue occurs for IPsec proposals. Reproduced with a POST to this API endpoint: /api/vpn/ipsec-proposals/ I would assume that the fix should be the same, either allowing null values or making it not required.

Sign in to join this conversation.

Branches Tags

main

update-changelog-comments-docs

feature-removal-issue-type

20911-dropdown

20239-plugin-menu-classes-mutable-state

21097-graphql-id-lookups

feature

fix_module_substitution

20923-dcim-templates

20044-elevation-stuck-lightmode

feature-ip-prefix-link

v4.5-beta1-release

20068-import-moduletype-attrs

20766-fix-german-translation-code-literals

20378-del-script

7604-filter-modifiers-v3

circuit-swap

12318-case-insensitive-uniqueness

20637-improve-device-q-filter

20660-script-load

19724-graphql

20614-update-ruff

14884-script

02496-max-page

19720-macaddress-interface-generic-relation

19408-circuit-terminations-export-templates

20203-openapi-check

fix-19669-api-image-download

7604-filter-modifiers

19275-fixes-interface-bulk-edit

fix-17794-get_field_value_return_list

11507-show-aggregate-and-rir-on-api

9583-add_column_specific_search_field_to_tables

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/netbox#9926