From 1c9677c82a5b2e4245ca49588b003f55d30692c2 Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Tue, 30 May 2023 18:01:27 +0200
Subject: [PATCH] VPN: IPsec: Connections - Support the default selector
 ([dynamic]) when local_ts or remote_ts are left empty. closes
 https://github.com/opnsense/core/issues/6579

---
 .../app/controllers/OPNsense/IPsec/forms/dialogChild.xml  | 8 ++++++--
 src/opnsense/mvc/app/models/OPNsense/IPsec/Swanctl.xml    | 2 --
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/opnsense/mvc/app/controllers/OPNsense/IPsec/forms/dialogChild.xml b/src/opnsense/mvc/app/controllers/OPNsense/IPsec/forms/dialogChild.xml
index 905424949..160456616 100644
--- a/src/opnsense/mvc/app/controllers/OPNsense/IPsec/forms/dialogChild.xml
+++ b/src/opnsense/mvc/app/controllers/OPNsense/IPsec/forms/dialogChild.xml
@@ -100,7 +100,9 @@
         <type>select_multiple</type>
         <style>tokenize</style>
         <allownew>true</allownew>
-        <help>List of local traffic selectors to include in CHILD_SA. Each selector is a CIDR subnet definition.</help>
+        <help>List of local traffic selectors to include in CHILD_SA. Each selector is a CIDR subnet definition.
+              When left empty the address will be replaced by the tunnel outer address or the virtual IP if negotiated ([dynamic]).
+        </help>
     </field>
     <field>
         <id>child.remote_ts</id>
@@ -108,7 +110,9 @@
         <type>select_multiple</type>
         <style>tokenize</style>
         <allownew>true</allownew>
-        <help>List of remote traffic selectors to include in CHILD_SA. Each selector is a CIDR subnet definition.</help>
+        <help>List of remote traffic selectors to include in CHILD_SA. Each selector is a CIDR subnet definition.
+              When left empty the address will be replaced by the tunnel outer address or the virtual IP if negotiated ([dynamic])
+        </help>
     </field>
     <field>
         <id>child.rekey_time</id>
diff --git a/src/opnsense/mvc/app/models/OPNsense/IPsec/Swanctl.xml b/src/opnsense/mvc/app/models/OPNsense/IPsec/Swanctl.xml
index 01f570651..c110d9100 100644
--- a/src/opnsense/mvc/app/models/OPNsense/IPsec/Swanctl.xml
+++ b/src/opnsense/mvc/app/models/OPNsense/IPsec/Swanctl.xml
@@ -304,13 +304,11 @@
                     <Required>Y</Required>
                 </policies>
                 <local_ts type="NetworkField">
-                    <Required>Y</Required>
                     <FieldSeparator>,</FieldSeparator>
                     <asList>Y</asList>
                     <WildcardEnabled>N</WildcardEnabled>
                 </local_ts>
                 <remote_ts type="NetworkField">
-                    <Required>Y</Required>
                     <FieldSeparator>,</FieldSeparator>
                     <asList>Y</asList>
                     <WildcardEnabled>N</WildcardEnabled>