Page MenuHomePhabricator

IPSEC vti issue
Open, Requires assessmentPublicBUG


We have an VPN infrastructure with one central Vyos and several VyOS by site.
First sites are connected to Central with MAN network (Private address).
Last sites are connected to Central with WAN network (Public address).

Central VyOS have only one network interface with two IP address :

  • 1 on LAN with /24
  • 1 public address /32

Since we have added wan site and conf WAN on Central Vyos we have some issue with IPsec VTI tunnel.
When we restart vpn service on one site, vpn service on central VyOS fall down and we have to restart it to resolve the issue.
If we don't restart it, site can't ping Cenytral VyOS public address , but after vpn service is restarted on it, ping is OK.

We have applied upgrade 1.2.2 on all of our sites and on VyOS central.
We have tried to downgrade VyOS central to 1.2.0, to know if issue came from update, but it's the same behavior.


Difficulty level
Unknown (require assessment)
Why the issue appeared?
Will be filled on close

Event Timeline

MarcSim created this task.Fri, Jul 26, 1:40 PM

All of VyOS is VMs hosted on ESXI

pasik added a subscriber: pasik.Tue, Jul 30, 9:40 AM