openwisp-controller icon indicating copy to clipboard operation
openwisp-controller copied to clipboard
verified publisher icon openwisp

[bug] Prevent changing subnet and IP objects assigned to a VPN Server

Open pandafy opened this issue 5 months ago • 1 comments

Description

There is a need to prevent changes to the subnet and IPAdress objects when they are assigned to a VPN server. Modifying the subnet of the VPN when there are existing VPN clients creates collisions in provisioned IPs, leading to potential network issues.

Steps To Reproduce Steps to reproduce the behavior:

  1. Create a WireGuard VPN server and assign a subnet and IP to it.
  2. Create a template for this VPN and assign it to a device
  3. Edit the subnet object created in step 1 and change the subnet field
  4. Assign the VPN template to another device

Expected behavior Prevent changing subnet and IP address objects if there are existing VpnClients

Actual Behavior Both devices get IP address from different subnets

Image

The second peer has an IP address from

System Information:

  • OS: Ubuntu 24.04 LTS
  • Python Version: Python 3.11.2
  • Django Version: Django 5.2.x

pandafy avatar Jul 24 '25 10:07 pandafy

@pandafy this may not be easy because the IPAM models are not aware of VPN servers, so how can we implement this cleanly?

nemesifier avatar Sep 30 '25 21:09 nemesifier