Page MenuHomePhabricator

About delete DMVPN set file, but look for dmvpn log in show log
Closed, ResolvedPublicBUG

Description

Hi,

I was test dmvpn at last week, but that not work, so I delete about dmvpn set file from vyos v1.2.0 rc10.

But when I run show log, I can see lot of log about dmvpn, I think of some setup cannot delete from strongSWAN?

I have delete all about DMVPN and Tunnel set.

vyos@vyos:~$ show vpn ipsec sa verbose 
Status of IKE charon daemon (strongSwan 5.6.2, Linux 4.19.4-amd64-vyos, x86_64):
  uptime: 8 days, since Dec 09 15:18:01 2018
  malloc: sbrk 2990080, mmap 0, used 844512, free 2145568
  worker threads: 10 of 16 idle, 5/0/1/0 working, job queue: 0/0/0/0, scheduled: 2
  loaded plugins: charon test-vectors ldap pkcs11 tpm aesni aes rc2 sha2 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl gcrypt af-alg fips-prf gmp curve25519 agent xcbc cmac hmac ctr ccm gcm curl attr kernel-netlink resolve socket-default connmark stroke vici updown eap-identity eap-aka eap-md5 eap-gtc eap-mschapv2 eap-radius eap-tls eap-ttls eap-tnc xauth-generic xauth-eap xauth-pam xauth-noauth tnc-tnccs dhcp lookip error-notify certexpire led addrblock counters
Listening IP addresses:
  116.90.86.xxx
Connections:
peer-0.0.0.0-tunnel-1:  116.90.86.xxx...%any  IKEv1
peer-0.0.0.0-tunnel-1:   local:  [116.90.86.181] uses pre-shared key authentication
peer-0.0.0.0-tunnel-1:   remote: uses pre-shared key authentication
peer-0.0.0.0-tunnel-1:   child:  172.16.101.0/24 === 192.168.101.0/24 TUNNEL
remote-access:  116.90.86.xxx...%any  IKEv1, dpddelay=15s
remote-access:   local:  [116.90.86.xxx] uses pre-shared key authentication
remote-access:   remote: uses pre-shared key authentication
remote-access:   child:  dynamic[l2f] === dynamic TRANSPORT, dpdaction=clear
Security Associations (1 up, 2 connecting):
**vpnprof-dmvpn-tun0[2]: CONNECTING, 116.90.86.xxx[%any]...192.168.200.1[%any]
vpnprof-dmvpn-tun0[2]: IKEv1 SPIs: cf39bb3b70ac04a6_i* 0000000000000000_r
vpnprof-dmvpn-tun0[2]: Tasks queued: QUICK_MODE 
vpnprof-dmvpn-tun0[2]: Tasks active: ISAKMP_VENDOR ISAKMP_CERT_PRE MAIN_MODE ISAKMP_CERT_POST ISAKMP_NATD 
vpnprof-dmvpn-tun0[510]: CONNECTING, 116.90.86.xxx[%any]...115.60.62.155[%any]
vpnprof-dmvpn-tun0[510]: IKEv1 SPIs: 008778365f45076d_i* 0000000000000000_r
vpnprof-dmvpn-tun0[510]: Tasks active: ISAKMP_VENDOR ISAKMP_CERT_PRE MAIN_MODE ISAKMP_CERT_POST ISAKMP_NATD **
peer-0.0.0.0-tunnel-1[779]: ESTABLISHED 15 hours ago, 116.90.86.xxx[116.90.86.xxx]...221.222.25.162[192.168.3.9]
peer-0.0.0.0-tunnel-1[779]: IKEv1 SPIs: 0d5a0690f2968ba2_i bd6da5758d67ab95_r*, rekeying disabled
peer-0.0.0.0-tunnel-1[779]: IKE proposal: AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Dec 18 16:27:22 vyos charon: 06[IKE] initiating Main Mode IKE_SA vpnprof-dmvpn-tun0[510] to 115.60.62.155
Dec 18 16:27:22 vyos charon: 06[ENC] generating ID_PROT request 0 [ SA V V V V V ]
Dec 18 16:27:22 vyos charon: 06[NET] sending packet: from 116.90.86.xxx[500] to 115.60.62.155[500] (216 bytes)
Dec 18 16:27:26 vyos charon: 04[NET] sending packet: from 116.90.86.xxx[500] to 115.60.62.155[500] (216 bytes)
Dec 18 16:27:33 vyos charon: 07[NET] sending packet: from 116.90.86.xxx[500] to 115.60.62.155[500] (216 bytes)
Dec 18 16:27:46 vyos charon: 13[NET] sending packet: from 116.90.86.xxx[500] to 115.60.62.155[500] (216 bytes)
Dec 18 16:28:09 vyos charon: 09[NET] sending packet: from 116.90.86.xxx[500] to 115.60.62.155[500] (216 bytes)
Dec 18 16:28:22 vyos charon: 05[IKE] initiating Main Mode IKE_SA vpnprof-dmvpn-tun0[2] to 192.168.200.1
Dec 18 16:28:22 vyos charon: 05[ENC] generating ID_PROT request 0 [ SA V V V V V ]
Dec 18 16:28:22 vyos charon: 05[NET] sending packet: from 116.90.86.xxx[500] to 192.168.200.1[500] (216 bytes)
Dec 18 16:28:26 vyos charon: 04[NET] sending packet: from 116.90.86.xxx[500] to 192.168.200.1[500] (216 bytes)
Dec 18 16:28:33 vyos charon: 09[NET] sending packet: from 116.90.86.xxx[500] to 192.168.200.1[500] (216 bytes)
Dec 18 16:28:46 vyos charon: 15[NET] sending packet: from 116.90.86.xxx[500] to 192.168.200.1[500] (216 bytes)
Dec 18 16:28:51 vyos charon: 10[NET] sending packet: from 116.90.86.xxx[500] to 115.60.62.155[500] (216 bytes)
Dec 18 16:29:10 vyos charon: 06[NET] sending packet: from 116.90.86.181[500] to 192.168.200.1[500] (216 bytes)
Dec 18 16:29:52 vyos charon: 13[NET] sending packet: from 116.90.86.181[500] to 192.168.200.1[500] (216 bytes)
Dec 18 16:30:07 vyos charon: 11[IKE] initiating Main Mode IKE_SA vpnprof-dmvpn-tun0[510] to 115.60.62.155
Dec 18 16:30:07 vyos charon: 11[ENC] generating ID_PROT request 0 [ SA V V V V V ]
Dec 18 16:30:07 vyos charon: 11[NET] sending packet: from 116.90.86.xxx[500] to 115.60.62.155[500] (216 bytes)
Dec 18 16:30:11 vyos charon: 12[NET] sending packet: from 116.90.86.xxx[500] to 115.60.62.155[500] (216 bytes)
Dec 18 16:30:18 vyos charon: 15[NET] sending packet: from 116.90.86.xxx[500] to 115.60.62.155[500] (216 bytes)
Dec 18 16:30:31 vyos charon: 05[NET] sending packet: from 116.90.86.xxx[500] to 115.60.62.155[500] (216 bytes)

Thanks

Details

Difficulty level
Hard (possibly days)
Version
1.2.0 Rc10
Why the issue appeared?
Will be filled on close
syncer assigned this task to UnicronNL.Dec 21 2018, 10:27 AM
syncer triaged this task as Low priority.
syncer edited projects, added VyOS 1.2 Crux ( VyOS 1.2.0-EPA); removed VyOS 1.2 Crux.
pasik added a subscriber: pasik.Dec 22 2018, 10:04 AM

@bjtangseng I do not know if dmvpn was in rc.10.
Can you please try the same in the last roling release?

https://downloads.vyos.io/rolling/current/amd64/vyos-1.2.0-rolling%2B201901150337-amd64.iso

and after you delete all check the /etc/swanctl/swanctl.conf file, here is where the dmvpn ipsec connections are.
I just tried and for me it states "# No VPN configuration exists." after deletion in that file.

hi kim

I will help you test issue at tomorrow. Will I have any information send to you

发自我的 iPhone

Hi Kim

I test this issue. have fix it. thanks

syncer closed this task as Resolved.Jan 20 2019, 11:22 AM