Page MenuHomeVyOS Platform
Create Task
Maniphest T1784

DMVPN with IPSec does not work in HUB mode
Closed, ResolvedPublicBUG
Actions

Description

If DMVPN use IPSec, related configuration for strongSwan adding via /etc/swanctl/swanctl.conf and reloading configuration with swanctl -q. So, it is not stored inside the strongSwan configuration file permanently and requires reloading with swanctl -q to make configuration active.
Inside ipsec-settings.py in apply function exists ipsec restart operation.

When ipsec-settings.py running after the DMVPN config (dmvpn-config.pl), it restarts strongSwan and, as a result, remove DMVPN-related connections configuration.
If VyOS configured as spoke, this is not critical, as swanctl -q additionally runs by opennhrp-script, but if it acts as a hub, DMVPN IPSec configuration will never being active.

Details

Difficulty level
Normal (likely a few hours)
Version
1.2-rolling-201911021616
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Bug (incorrect behavior)

Event Timeline

zsdc changed the task status from Open to Confirmed.Nov 2 2019, 5:09 PM
zsdc created this task.
syncer assigned this task to dmbaturin.Nov 2 2019, 9:29 PM
syncer triaged this task as High priority.
syncer edited projects, added VyOS 1.3 Equuleus, VyOS 1.2 Crux (VyOS 1.2.4); removed VyOS 1.2 Crux.
Unknown Object (User) added a subscriber: Unknown Object (User).Nov 3 2019, 2:06 PM
pasik added a subscriber: pasik.Nov 4 2019, 9:51 AM
syncer reassigned this task from dmbaturin to Unknown Object (User).Nov 16 2019, 11:59 PM
syncer added a subscriber: dmbaturin.
syncer edited projects, added VyOS 1.2 Crux (VyOS 1.2.5); removed VyOS 1.2 Crux (VyOS 1.2.4).Nov 17 2019, 12:01 AM
systo added a subscriber: systo.Nov 23 2019, 6:21 AM
Unknown Object (User) changed the task status from Confirmed to Needs testing.Dec 5 2019, 12:48 PM

https://github.com/vyos/vyos-1x/pull/177
https://github.com/vyos/vyatta-cfg-vpn/pull/27

Unknown Object (User) added a comment.Dec 29 2019, 8:31 PM

For rolling we need add small fix to opennhtp.init
https://github.com/vyos/vyos-nhrp/pull/3

syncer changed the task status from Needs testing to Backport pending.Jan 1 2020, 1:08 PM
syncer reassigned this task from Unknown Object (User) to c-po.
syncer moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus board.
syncer moved this task from Needs Triage to Backlog on the VyOS 1.2 Crux (VyOS 1.2.5) board.
c-po removed a project: VyOS 1.2 Crux (VyOS 1.2.5).Jan 21 2020, 1:26 PM

This was only a problem in rolling and is fixed

c-po closed this task as Resolved.Jan 21 2020, 1:27 PM
erkin set Issue type to Bug (incorrect behavior).Aug 31 2021, 6:23 PM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.0); removed VyOS 1.3 Equuleus.Aug 30 2022, 2:06 PM
syncer moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0) board.