Page MenuHomePhabricator

L2tp over IPsec not working in Crux
Closed, ResolvedPublicBUG

Description

L2tp over IPsec is not working in VyOS 1.2.0 without configured NAT.
I've created the topic about this issue on VyOS forum and didn't get any replies.
Also I've found another topic about this bug with no replies.

Looks like the problem is in unique XFRM marking.
Without "mark=%unique" in ipsec configuration everything working fine.

More details are provided in the topics above.

Details

Difficulty level
Easy (less than an hour)
Version
1.2.0 Release
Why the issue appeared?
Issues in third-party code

Event Timeline

koef created this task.Aug 22 2019, 12:48 PM
Dmitry added a subscriber: Dmitry.Aug 23 2019, 8:38 AM

I confirm, this behavior was reproduced. As I saw, problem with outgoing marked packets from server. Maybe for this case need add some option for marking only incoming packets, like

mark_in=%unique

While using NAT, just set mark=%unique for in and out marking

pasik added a subscriber: pasik.Aug 25 2019, 9:06 PM
syncer assigned this task to Dmitry.Aug 30 2019, 10:19 PM
syncer triaged this task as High priority.

If we will use only mark_in=%unique, this allow us work with or without NAT rules. PR https://github.com/vyos/vyos-1x/pull/120

dmbaturin changed the task status from Open to Needs testing.Aug 31 2019, 12:44 AM
dmbaturin changed Why the issue appeared? from Will be filled on close to Issues in third-party code.
syncer moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus board.
syncer closed this task as Resolved.Sep 4 2019, 1:31 AM