Page MenuHomeVyOS Platform

L2tp over IPsec not working in Crux
Closed, ResolvedPublicBUG

Description

L2tp over IPsec is not working in VyOS 1.2.0 without configured NAT.
I've created the topic about this issue on VyOS forum and didn't get any replies.
Also I've found another topic about this bug with no replies.

Looks like the problem is in unique XFRM marking.
Without "mark=%unique" in ipsec configuration everything working fine.

More details are provided in the topics above.

Details

Difficulty level
Easy (less than an hour)
Version
1.2.0 Release
Why the issue appeared?
Issues in third-party code

Event Timeline

Unknown Object (User) added a subscriber: Unknown Object (User).Aug 23 2019, 8:38 AM
Unknown Object (User) added a comment.Aug 23 2019, 8:43 AM

I confirm, this behavior was reproduced. As I saw, problem with outgoing marked packets from server. Maybe for this case need add some option for marking only incoming packets, like

mark_in=%unique

While using NAT, just set mark=%unique for in and out marking

syncer assigned this task to Unknown Object (User).Aug 30 2019, 10:19 PM
syncer triaged this task as High priority.
Unknown Object (User) added a comment.Aug 31 2019, 12:31 AM

If we will use only mark_in=%unique, this allow us work with or without NAT rules. PR https://github.com/vyos/vyos-1x/pull/120

dmbaturin changed the task status from Open to Needs testing.Aug 31 2019, 12:44 AM
dmbaturin changed Why the issue appeared? from Will be filled on close to Issues in third-party code.