API Bug if VPN PSK or RSA Key contains '+' character

Hello Sophos, Hello Community,

I have found a bug in the v19 API. When I create an IPSec connection (VPNIPSecConnection) via API on the firewall, the PresharedKey or the RemoteRSAKey is not correctly entered on the firewall if it contains a '+' character.

I noticed this when I wanted to create a connection with an RSA key via API. The RSA key contains '+' characters in several places. After the API request, the field on the firewall no longer contains '+' characters, they were all replaced with spaces.

At first I thought of an error in my script, but the web request is correctly created and submitted with '+' characters.
To verify the problem, I configured a tunnel between 2 XGs: On one XG I created the VPN configuration via API and on the other one by hand. The PSK has several '+' characters. The tunnel does not establish. As a cross check, I did the same with a PSK without '+' characters and the tunnel is established. Therefore, there is a bug in the API when either the PSK or the RSA key contain '+' characters.

Regards,

Ben



Edited TAGs
[edited by: emmosophos at 10:53 PM (GMT -7) on 6 Jul 2022]