Page MenuHomeVyOS Platform
Create Task
Maniphest T1143

VyOS crashes after configuring site-to-site config
Closed, InvalidPublicBUG
Actions

Description

Hi all:

We got a router VyOS with 1.1.6 version. We want to configure an IPSec tunnel (as we already have in others routers). Right now this is the config we got:

set vpn ipsec esp-group ESP compression 'disable'
set vpn ipsec esp-group ESP lifetime '1800'
set vpn ipsec esp-group ESP mode 'tunnel'
set vpn ipsec esp-group ESP pfs 'enable'
set vpn ipsec esp-group ESP proposal 1 encryption 'aes128'
set vpn ipsec esp-group ESP proposal 1 hash 'sha1'
set vpn ipsec esp-group IKE compression 'disable'
set vpn ipsec esp-group IKE lifetime '3600'
set vpn ipsec esp-group IKE mode 'tunnel'
set vpn ipsec esp-group IKE pfs 'enable'
set vpn ipsec esp-group IKE proposal 1 encryption 'aes128'
set vpn ipsec esp-group IKE proposal 1 hash 'sha1'
set vpn ipsec ike-group IKE ikev2-reauth 'no'
set vpn ipsec ike-group IKE key-exchange 'ikev1'
set vpn ipsec ike-group IKE lifetime '3600'
set vpn ipsec ike-group IKE proposal 1 dh-group '2'
set vpn ipsec ike-group IKE proposal 1 encryption 'aes128'
set vpn ipsec ike-group IKE proposal 1 hash 'sha1'
set vpn ipsec ipsec-interfaces interface 'eth0'

No we want to configure the site-to-site config, those are the commands we introduce:

set vpn ipsec site-to-site peer 2.2.2.2 authentication mode 'pre-shared-secret'
set vpn ipsec site-to-site peer 2.2.2.2 authentication pre-shared-secret '$3creT_!!'
set vpn ipsec site-to-site peer 2.2.2.2 connection-type 'initiate'
set vpn ipsec site-to-site peer 2.2.2.2 default-esp-group 'ESP'
set vpn ipsec site-to-site peer 2.2.2.2 ike-group 'IKE'
set vpn ipsec site-to-site peer 2.2.2.2 ikev2-reauth 'inherit'
set vpn ipsec site-to-site peer 2.2.2.2 local-address '20.20.20.20'
set vpn ipsec site-to-site peer 2.2.2.2 tunnel 1 allow-nat-networks 'disable'
set vpn ipsec site-to-site peer 2.2.2.2 tunnel 1 allow-public-networks 'disable'
set vpn ipsec site-to-site peer 2.2.2.2 tunnel 1 local prefix '10.100.200.0/23'
set vpn ipsec site-to-site peer 2.2.2.2 tunnel 1 remote prefix '1.1.1.1/24'

So far, everythings fine. If we launch compare saved it shows the commands with + symbol, so ok. The problem comes up when we hit commit command, in that moment the router stop responding, it freezes completely and the only way to recover it is restarting.

Regards

Details

Difficulty level
Unknown (require assessment)
Version
1.1.6
Why the issue appeared?
Will be filled on close

Event Timeline

seguridad_tic created this task.Dec 28 2018, 9:58 AM
syncer closed this task as Invalid.Dec 28 2018, 10:14 AM
syncer added a project: Rejected.
syncer added a subscriber: syncer.

Hello
Please submit this on forum.vyos.io since it's a most likely configuration issue
provide complete config (you can strip public ips, but keep private)
Also can recommend using 1.2 as 1.1.x EOLed now