starred/netbox
1
0
Fork 0
mirror of https://github.com/netbox-community/netbox.git synced 2026-01-13 13:53:31 +01:00
Code Issues 273 Packages Projects Releases 10 Wiki Activity

VPN IKE policy API POST requires mode in the request body for IKE version 2 #9956

New Issue
Closed
opened 2025-12-29 21:24:55 +01:00 by adam · 1 comment
adam commented 2025-12-29 21:24:55 +01:00
Owner
Copy Link

Originally created by @locklearxd on GitHub (Jul 8, 2024).

Originally assigned to: @locklearxd on GitHub.

Deployment Type

Self-hosted

NetBox Version

v4.0.6

Python Version

3.10

Steps to Reproduce

  1. Attempt to create a VPN IKE policy via API with version '2' in the request body and no 'mode' field specified or 'null' for the field's value.
  2. Witness the response "The request failed with code 400 Bad Request: {'mode': ['This field is required.']"
  3. OR receive a response The request failed with code 400 Bad Request: {'mode': ['null is not a valid choice.']}

If you attempt to include version 2 with a mode field specified, you will get this response:
{
"all": [
"Mode cannot be used for selected IKE version"
]
}

This is further reinforced as an issue by the web interface clearly stating these fields are not meant to be combined when IKE version 2 is specified:

image

Expected Behavior

I expected a VPN IKE policy to be supported in creation via API via a POST request without specifying the 'mode' since IKEv2 does not support a 'main' or 'aggressive' mode like IKEv1.

IKEv2 as a protocol has nothing analogous to 'main mode' and 'aggressive mode' and therefore it shouldn't be required in the request when version 2 is provided in the request body. This is obviously understood in the web interface but not the API at this time.

Observed Behavior

When attempting to create an IKEv2 policy via the API, if you do not include the mode, you will receive this in an error message from your server:

The request failed with code 400 Bad Request: {'mode': ['This field is required.']

or

{
"all": [
"Mode cannot be used for selected IKE version"
]
}

Originally created by @locklearxd on GitHub (Jul 8, 2024). Originally assigned to: @locklearxd on GitHub. ### Deployment Type Self-hosted ### NetBox Version v4.0.6 ### Python Version 3.10 ### Steps to Reproduce 1. Attempt to create a VPN IKE policy via API with version '2' in the request body and no 'mode' field specified or 'null' for the field's value. 2. Witness the response "The request failed with code 400 Bad Request: {'mode': ['This field is required.']" 3. OR receive a response The request failed with code 400 Bad Request: {'mode': ['null is not a valid choice.']} If you attempt to include version 2 with a mode field specified, you will get this response: { "__all__": [ "Mode cannot be used for selected IKE version" ] } This is further reinforced as an issue by the web interface clearly stating these fields are not meant to be combined when IKE version 2 is specified: ![image](https://github.com/netbox-community/netbox/assets/105985337/7cc48f80-7e0f-4ce1-a745-b4885470fb5b) ### Expected Behavior I expected a VPN IKE policy to be supported in creation via API via a POST request without specifying the 'mode' since IKEv2 does not support a 'main' or 'aggressive' mode like IKEv1. IKEv2 as a protocol has nothing analogous to 'main mode' and 'aggressive mode' and therefore it shouldn't be required in the request when version 2 is provided in the request body. This is obviously understood in the web interface but not the API at this time. ### Observed Behavior When attempting to create an IKEv2 policy via the API, if you do not include the mode, you will receive this in an error message from your server: The request failed with code 400 Bad Request: {'mode': ['This field is required.'] or { "__all__": [ "Mode cannot be used for selected IKE version" ] }
adam added the type: bugstatus: acceptedseverity: low labels 2025-12-29 21:24:55 +01:00
adam closed this issue 2025-12-29 21:24:55 +01:00
adam commented 2025-12-29 21:24:55 +01:00
Author
Owner
Copy Link

@locklearxd commented on GitHub (Jul 8, 2024):

netbox/vpn/api/serializers_/crypto.py

class IKEPolicySerializer(NetBoxModelSerializer):

    mode = ChoiceField(
        choices=IKEModeChoices,
        required=False
    )

potential fix here

or some kind of IF statement for when version = 2, required=false for mode?

@locklearxd commented on GitHub (Jul 8, 2024): netbox/vpn/api/serializers_/crypto.py class IKEPolicySerializer(NetBoxModelSerializer): ``` mode = ChoiceField( choices=IKEModeChoices, required=False ) ``` potential fix here or some kind of IF statement for when version = 2, required=false for mode?
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
beta
breaking change
complexity: high
complexity: low
complexity: medium
needs milestone
netbox
pending closure
plugin candidate
pull-request
Mirrored from GitHub Pull Request
 severity: high
severity: low
severity: medium
status: accepted
status: backlog
status: blocked
status: duplicate
status: needs owner
status: needs triage
status: revisions needed
status: under review
topic: GraphQL
topic: Internationalization
topic: OpenAPI
topic: UI/UX
topic: cabling
topic: event rules
topic: htmx navigation
topic: industrialization
topic: migrations
topic: plugins
topic: scripts
topic: templating
topic: testing
type: bug
type: deprecation
type: documentation
type: feature
type: housekeeping
type: translation
No Label severity: low status: accepted type: bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/netbox#9956
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?