Page MenuHomePhabricator

About delete DMVPN set file, but look for dmvpn log in show log
Closed, ResolvedPublicBUG

Description

Hi,

I was test dmvpn at last week, but that not work, so I delete about dmvpn set file from vyos v1.2.0 rc10.

But when I run show log, I can see lot of log about dmvpn, I think of some setup cannot delete from strongSWAN?

I have delete all about DMVPN and Tunnel set.

vyos@vyos:~$ show vpn ipsec sa verbose 
Status of IKE charon daemon (strongSwan 5.6.2, Linux 4.19.4-amd64-vyos, x86_64):
  uptime: 8 days, since Dec 09 15:18:01 2018
  malloc: sbrk 2990080, mmap 0, used 844512, free 2145568
  worker threads: 10 of 16 idle, 5/0/1/0 working, job queue: 0/0/0/0, scheduled: 2
  loaded plugins: charon test-vectors ldap pkcs11 tpm aesni aes rc2 sha2 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl gcrypt af-alg fips-prf gmp curve25519 agent xcbc cmac hmac ctr ccm gcm curl attr kernel-netlink resolve socket-default connmark stroke vici updown eap-identity eap-aka eap-md5 eap-gtc eap-mschapv2 eap-radius eap-tls eap-ttls eap-tnc xauth-generic xauth-eap xauth-pam xauth-noauth tnc-tnccs dhcp lookip error-notify certexpire led addrblock counters
Listening IP addresses:
  116.90.86.xxx
Connections:
peer-0.0.0.0-tunnel-1:  116.90.86.xxx...%any  IKEv1
peer-0.0.0.0-tunnel-1:   local:  [116.90.86.181] uses pre-shared key authentication
peer-0.0.0.0-tunnel-1:   remote: uses pre-shared key authentication
peer-0.0.0.0-tunnel-1:   child:  172.16.101.0/24 === 192.168.101.0/24 TUNNEL
remote-access:  116.90.86.xxx...%any  IKEv1, dpddelay=15s
remote-access:   local:  [116.90.86.xxx] uses pre-shared key authentication
remote-access:   remote: uses pre-shared key authentication
remote-access:   child:  dynamic[l2f] === dynamic TRANSPORT, dpdaction=clear
Security Associations (1 up, 2 connecting):
**vpnprof-dmvpn-tun0[2]: CONNECTING, 116.90.86.xxx[%any]...192.168.200.1[%any]
vpnprof-dmvpn-tun0[2]: IKEv1 SPIs: cf39bb3b70ac04a6_i* 0000000000000000_r
vpnprof-dmvpn-tun0[2]: Tasks queued: QUICK_MODE 
vpnprof-dmvpn-tun0[2]: Tasks active: ISAKMP_VENDOR ISAKMP_CERT_PRE MAIN_MODE ISAKMP_CERT_POST ISAKMP_NATD 
vpnprof-dmvpn-tun0[510]: CONNECTING, 116.90.86.xxx[%any]...115.60.62.155[%any]
vpnprof-dmvpn-tun0[510]: IKEv1 SPIs: 008778365f45076d_i* 0000000000000000_r
vpnprof-dmvpn-tun0[510]: Tasks active: ISAKMP_VENDOR ISAKMP_CERT_PRE MAIN_MODE ISAKMP_CERT_POST ISAKMP_NATD **
peer-0.0.0.0-tunnel-1[779]: ESTABLISHED 15 hours ago, 116.90.86.xxx[116.90.86.xxx]...221.222.25.162[192.168.3.9]
peer-0.0.0.0-tunnel-1[779]: IKEv1 SPIs: 0d5a0690f2968ba2_i bd6da5758d67ab95_r*, rekeying disabled
peer-0.0.0.0-tunnel-1[779]: IKE proposal: AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Dec 18 16:27:22 vyos charon: 06[IKE] initiating Main Mode IKE_SA vpnprof-dmvpn-tun0[510] to 115.60.62.155
Dec 18 16:27:22 vyos charon: 06[ENC] generating ID_PROT request 0 [ SA V V V V V ]
Dec 18 16:27:22 vyos charon: 06[NET] sending packet: from 116.90.86.xxx[500] to 115.60.62.155[500] (216 bytes)
Dec 18 16:27:26 vyos charon: 04[NET] sending packet: from 116.90.86.xxx[500] to 115.60.62.155[500] (216 bytes)
Dec 18 16:27:33 vyos charon: 07[NET] sending packet: from 116.90.86.xxx[500] to 115.60.62.155[500] (216 bytes)
Dec 18 16:27:46 vyos charon: 13[NET] sending packet: from 116.90.86.xxx[500] to 115.60.62.155[500] (216 bytes)
Dec 18 16:28:09 vyos charon: 09[NET] sending packet: from 116.90.86.xxx[500] to 115.60.62.155[500] (216 bytes)
Dec 18 16:28:22 vyos charon: 05[IKE] initiating Main Mode IKE_SA vpnprof-dmvpn-tun0[2] to 192.168.200.1
Dec 18 16:28:22 vyos charon: 05[ENC] generating ID_PROT request 0 [ SA V V V V V ]
Dec 18 16:28:22 vyos charon: 05[NET] sending packet: from 116.90.86.xxx[500] to 192.168.200.1[500] (216 bytes)
Dec 18 16:28:26 vyos charon: 04[NET] sending packet: from 116.90.86.xxx[500] to 192.168.200.1[500] (216 bytes)
Dec 18 16:28:33 vyos charon: 09[NET] sending packet: from 116.90.86.xxx[500] to 192.168.200.1[500] (216 bytes)
Dec 18 16:28:46 vyos charon: 15[NET] sending packet: from 116.90.86.xxx[500] to 192.168.200.1[500] (216 bytes)
Dec 18 16:28:51 vyos charon: 10[NET] sending packet: from 116.90.86.xxx[500] to 115.60.62.155[500] (216 bytes)
Dec 18 16:29:10 vyos charon: 06[NET] sending packet: from 116.90.86.181[500] to 192.168.200.1[500] (216 bytes)
Dec 18 16:29:52 vyos charon: 13[NET] sending packet: from 116.90.86.181[500] to 192.168.200.1[500] (216 bytes)
Dec 18 16:30:07 vyos charon: 11[IKE] initiating Main Mode IKE_SA vpnprof-dmvpn-tun0[510] to 115.60.62.155
Dec 18 16:30:07 vyos charon: 11[ENC] generating ID_PROT request 0 [ SA V V V V V ]
Dec 18 16:30:07 vyos charon: 11[NET] sending packet: from 116.90.86.xxx[500] to 115.60.62.155[500] (216 bytes)
Dec 18 16:30:11 vyos charon: 12[NET] sending packet: from 116.90.86.xxx[500] to 115.60.62.155[500] (216 bytes)
Dec 18 16:30:18 vyos charon: 15[NET] sending packet: from 116.90.86.xxx[500] to 115.60.62.155[500] (216 bytes)
Dec 18 16:30:31 vyos charon: 05[NET] sending packet: from 116.90.86.xxx[500] to 115.60.62.155[500] (216 bytes)

Thanks

Details

Difficulty level
Hard (possibly days)
Version
1.2.0 Rc10
Why the issue appeared?
Will be filled on close

Event Timeline

syncer assigned this task to UnicronNL.Dec 21 2018, 10:27 AM
syncer triaged this task as Low priority.
syncer edited projects, added VyOS 1.2 Crux ( VyOS 1.2.0-EPA); removed VyOS 1.2 Crux.
pasik added a subscriber: pasik.Dec 22 2018, 10:04 AM

@bjtangseng I do not know if dmvpn was in rc.10.
Can you please try the same in the last roling release?

https://downloads.vyos.io/rolling/current/amd64/vyos-1.2.0-rolling%2B201901150337-amd64.iso

and after you delete all check the /etc/swanctl/swanctl.conf file, here is where the dmvpn ipsec connections are.
I just tried and for me it states "# No VPN configuration exists." after deletion in that file.

hi kim

I will help you test issue at tomorrow. Will I have any information send to you

发自我的 iPhone

Hi Kim

I test this issue. have fix it. thanks

syncer closed this task as Resolved.Jan 20 2019, 11:22 AM