Page MenuHomeVyOS Platform
Create Task
Maniphest T1119

'show vpn ipsec sa' shows tunnel twice in 1.2.0-RC11
Closed, ResolvedPublicBUG
Actions

Description

There is only one GRE/IPsec tunnel on this installation. As you can see here:

user@vyos:~$ sudo swanctl --list-conns
peer-vpn.domain.com-tunnel-1: , no reauthentication, no rekeying
  local:  172.16.101.16
  remote: vpn.domain.com
  local public key authentication:
    id: vpn10.domain.com
    certs: C=XX, ST=XX, L=XXX, O=XX, OU=XX, CN=vpn10.domain.com, [email protected]
  remote public key authentication:
    id: vpn.domain.com
  peer-vpn.domain.com-tunnel-1: TUNNEL, rekeying every 3060s
    local:  172.20.10.1/32[gre]
    remote: 172.20.1.1/32[gre]

But 'show vpn ipsec sa' shows this tunnel twice:

user@vyos:~$ show vpn ipsec sa
Connection                     State    Up       Bytes In/Out    Remote address    Remote ID        Proposal
-----------------------------  -------  -------  --------------  ----------------  ---------------  ---------------------------------------
peer-vpn.domain.com-tunnel-1  up       3 hours  1M/1M           1.2.3.4           vpn.domain.com  AES_CBC_128/HMAC_SHA2_256_128/MODP_2048
peer-vpn.domain.com-tunnel-1  up       3 hours  1M/1M           1.2.3.4           vpn.domain.com  AES_CBC_128/HMAC_SHA2_256_128/MODP_2048

Tunnel is fully functional.

Details

Difficulty level
Unknown (require assessment)
Version
1.2.0-rc11
Why the issue appeared?
Will be filled on close

Related Objects

Event Timeline

Line2 created this task.Dec 19 2018, 12:43 PM
syncer assigned this task to dmbaturin.Dec 21 2018, 10:24 AM
syncer triaged this task as Low priority.
syncer edited projects, added VyOS 1.2 Crux ( VyOS 1.2.0-EPA); removed VyOS 1.2 Crux.
pasik added a subscriber: pasik.Dec 22 2018, 10:05 AM
syncer edited projects, added VyOS 1.2 Crux (VyOS 1.2.0-EPA2); removed VyOS 1.2 Crux ( VyOS 1.2.0-EPA).Jan 1 2019, 6:10 PM
syncer edited projects, added VyOS 1.2 Crux (VyOS 1.2.0-EPA3); removed VyOS 1.2 Crux (VyOS 1.2.0-EPA2).Jan 3 2019, 1:54 PM
Line2 added a comment.Jan 6 2019, 1:44 PM

I just updated to VyOS-1.2.0-rolling+201901061111 and it seems to be fixed. I only see one tunnel now:

user@vyos:~$ show vpn ipsec sa
Connection                     State    Up         Bytes In/Out    Remote address    Remote ID        Proposal
-----------------------------  -------  ---------  --------------  ----------------  ---------------  -----------------------------
peer-vpn.domain.com-tunnel-1  	up      8 minutes  307K/341K       1.2.3.4           vpn.domain.com   AES_CBC_128/HMAC_SHA2_256_128
user@vyos:~$
Line2 mentioned this in T1079: Duplicated IPSec Tunnel.Jan 9 2019, 7:41 PM
syncer closed this task as Resolved.Jan 12 2019, 7:16 PM
syncer moved this task from Needs Triage to Finished on the VyOS 1.2 Crux (VyOS 1.2.0-EPA3) board.
syncer added a project: VyOS-1.2.0-GA.