Hi,
I was test dmvpn at last week, but that not work, so I delete about dmvpn set file from vyos v1.2.0 rc10.
But when I run show log, I can see lot of log about dmvpn, I think of some setup cannot delete from strongSWAN?
I have delete all about DMVPN and Tunnel set.
vyos@vyos:~$ show vpn ipsec sa verbose Status of IKE charon daemon (strongSwan 5.6.2, Linux 4.19.4-amd64-vyos, x86_64): uptime: 8 days, since Dec 09 15:18:01 2018 malloc: sbrk 2990080, mmap 0, used 844512, free 2145568 worker threads: 10 of 16 idle, 5/0/1/0 working, job queue: 0/0/0/0, scheduled: 2 loaded plugins: charon test-vectors ldap pkcs11 tpm aesni aes rc2 sha2 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl gcrypt af-alg fips-prf gmp curve25519 agent xcbc cmac hmac ctr ccm gcm curl attr kernel-netlink resolve socket-default connmark stroke vici updown eap-identity eap-aka eap-md5 eap-gtc eap-mschapv2 eap-radius eap-tls eap-ttls eap-tnc xauth-generic xauth-eap xauth-pam xauth-noauth tnc-tnccs dhcp lookip error-notify certexpire led addrblock counters Listening IP addresses: 116.90.86.xxx Connections: peer-0.0.0.0-tunnel-1: 116.90.86.xxx...%any IKEv1 peer-0.0.0.0-tunnel-1: local: [116.90.86.181] uses pre-shared key authentication peer-0.0.0.0-tunnel-1: remote: uses pre-shared key authentication peer-0.0.0.0-tunnel-1: child: 172.16.101.0/24 === 192.168.101.0/24 TUNNEL remote-access: 116.90.86.xxx...%any IKEv1, dpddelay=15s remote-access: local: [116.90.86.xxx] uses pre-shared key authentication remote-access: remote: uses pre-shared key authentication remote-access: child: dynamic[l2f] === dynamic TRANSPORT, dpdaction=clear Security Associations (1 up, 2 connecting): **vpnprof-dmvpn-tun0[2]: CONNECTING, 116.90.86.xxx[%any]...192.168.200.1[%any] vpnprof-dmvpn-tun0[2]: IKEv1 SPIs: cf39bb3b70ac04a6_i* 0000000000000000_r vpnprof-dmvpn-tun0[2]: Tasks queued: QUICK_MODE vpnprof-dmvpn-tun0[2]: Tasks active: ISAKMP_VENDOR ISAKMP_CERT_PRE MAIN_MODE ISAKMP_CERT_POST ISAKMP_NATD vpnprof-dmvpn-tun0[510]: CONNECTING, 116.90.86.xxx[%any]...115.60.62.155[%any] vpnprof-dmvpn-tun0[510]: IKEv1 SPIs: 008778365f45076d_i* 0000000000000000_r vpnprof-dmvpn-tun0[510]: Tasks active: ISAKMP_VENDOR ISAKMP_CERT_PRE MAIN_MODE ISAKMP_CERT_POST ISAKMP_NATD ** peer-0.0.0.0-tunnel-1[779]: ESTABLISHED 15 hours ago, 116.90.86.xxx[116.90.86.xxx]...221.222.25.162[192.168.3.9] peer-0.0.0.0-tunnel-1[779]: IKEv1 SPIs: 0d5a0690f2968ba2_i bd6da5758d67ab95_r*, rekeying disabled peer-0.0.0.0-tunnel-1[779]: IKE proposal: AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Dec 18 16:27:22 vyos charon: 06[IKE] initiating Main Mode IKE_SA vpnprof-dmvpn-tun0[510] to 115.60.62.155 Dec 18 16:27:22 vyos charon: 06[ENC] generating ID_PROT request 0 [ SA V V V V V ] Dec 18 16:27:22 vyos charon: 06[NET] sending packet: from 116.90.86.xxx[500] to 115.60.62.155[500] (216 bytes) Dec 18 16:27:26 vyos charon: 04[NET] sending packet: from 116.90.86.xxx[500] to 115.60.62.155[500] (216 bytes) Dec 18 16:27:33 vyos charon: 07[NET] sending packet: from 116.90.86.xxx[500] to 115.60.62.155[500] (216 bytes) Dec 18 16:27:46 vyos charon: 13[NET] sending packet: from 116.90.86.xxx[500] to 115.60.62.155[500] (216 bytes) Dec 18 16:28:09 vyos charon: 09[NET] sending packet: from 116.90.86.xxx[500] to 115.60.62.155[500] (216 bytes) Dec 18 16:28:22 vyos charon: 05[IKE] initiating Main Mode IKE_SA vpnprof-dmvpn-tun0[2] to 192.168.200.1 Dec 18 16:28:22 vyos charon: 05[ENC] generating ID_PROT request 0 [ SA V V V V V ] Dec 18 16:28:22 vyos charon: 05[NET] sending packet: from 116.90.86.xxx[500] to 192.168.200.1[500] (216 bytes) Dec 18 16:28:26 vyos charon: 04[NET] sending packet: from 116.90.86.xxx[500] to 192.168.200.1[500] (216 bytes) Dec 18 16:28:33 vyos charon: 09[NET] sending packet: from 116.90.86.xxx[500] to 192.168.200.1[500] (216 bytes) Dec 18 16:28:46 vyos charon: 15[NET] sending packet: from 116.90.86.xxx[500] to 192.168.200.1[500] (216 bytes) Dec 18 16:28:51 vyos charon: 10[NET] sending packet: from 116.90.86.xxx[500] to 115.60.62.155[500] (216 bytes) Dec 18 16:29:10 vyos charon: 06[NET] sending packet: from 116.90.86.181[500] to 192.168.200.1[500] (216 bytes) Dec 18 16:29:52 vyos charon: 13[NET] sending packet: from 116.90.86.181[500] to 192.168.200.1[500] (216 bytes) Dec 18 16:30:07 vyos charon: 11[IKE] initiating Main Mode IKE_SA vpnprof-dmvpn-tun0[510] to 115.60.62.155 Dec 18 16:30:07 vyos charon: 11[ENC] generating ID_PROT request 0 [ SA V V V V V ] Dec 18 16:30:07 vyos charon: 11[NET] sending packet: from 116.90.86.xxx[500] to 115.60.62.155[500] (216 bytes) Dec 18 16:30:11 vyos charon: 12[NET] sending packet: from 116.90.86.xxx[500] to 115.60.62.155[500] (216 bytes) Dec 18 16:30:18 vyos charon: 15[NET] sending packet: from 116.90.86.xxx[500] to 115.60.62.155[500] (216 bytes) Dec 18 16:30:31 vyos charon: 05[NET] sending packet: from 116.90.86.xxx[500] to 115.60.62.155[500] (216 bytes)
Thanks