NAT - Port Forward - Destination Dropdown missing Virtual IPs

[collierusf02]

Important notices

Before you add a new report, we ask you kindly to acknowledge the following:

• [X] I have read the contributing guide lines at https://github.com/opnsense/core/blob/master/CONTRIBUTING.md
• [X] I am convinced that my issue is new after having checked both open and closed issues at https://github.com/opnsense/core/issues?q=is%3Aissue

Describe the bug

When creating a new Port Forward, the virtual IPs are missing from the drop down box in the destination section. Aliases and Network are in the drop down, but Virtual IPs are not. There are virtual IP's that are not in use.

To Reproduce

Steps to reproduce the behavior:

1. Go to NAT -> Port Forward
2. Click on + to create a new NAT Rule
3. Scroll down to "Destination"
4. Expand using the down error. Virtual IP's are missing from this list

Expected behavior

Virtual IP's should be listed in the dropdown

Describe alternatives you considered

The only way I have found is to type in the Virtual IP address in my case the External WAN Virtual IP

Additional context

Rebooted Firewall, no change Tried different Web Browser, no change

Environment

OPNsense 23.1 (amd64, OpenSSL). Intel(R) Xeon(R) CPU E5-2620 v4 @ 2.10GHz (3 cores, 6 threads) HyperV Virtual Machine - Intel I210

[AdSchellevis]

To be honest, I don't know it it's a good idea to try to aim for inclusion of these addresses as on selection it would just fill in the address like a statically chosen address. It's often better to add the addresses as aliases as they're less sensitive to change.

[csutcliff]

They are also missing from outbound NAT where they have previously been. My existing rules that were the VIP name all appear now as the raw IP address but with a /12 netmask.

[fichtner]

This is how they are actually stored like Ad suggested: as plain values. The VIP abstraction doesn't make sense here and has been removed, because updating the VIP would not update the rule settings. But besides not being selectable it doesn't break any setup.

A more convenient solution might be to wrap VIPs into automatic aliases, but currently no plan to spend resources on this.

Cheers, Franco

[csutcliff]

The VIP abstraction doesn't make sense here and has been removed, because updating the VIP would not update the rule settings.

In that direction sure but at least for me I have to fairly regularly change outgoing IP for certain traffic and it was very helpful to just choose from the dropdown rather than manually input the IP. I guess I will make aliases for now.

[collierusf02]

I'm in the same boat as csutcliff. I know you can't make everyone happy and I understand that everything must change, but removing this functionality that has been around and used every time I create a Port Forward or Outbound NAT settings was helpful as you could also see the names you assigned to those VIPs. As you mentioned that alias I guess is going to be the way to go as typing in the IP address manually introduces a possibility of human error. Is there an official best practices document so our configurations can be aligned with the direction the product is going?

[AdSchellevis]

It looks like this was a slip of the pen, https://github.com/opnsense/core/commit/657be3ce6ac66f893e5fc99c4b1d7ede6a117121 should bring the addresses back, although they are indeed stored as plain addresses (without relation to the configured vip).