Page MenuHomeVyOS Platform

DMVPN is always listed as down in "show vpn ipsec sa"
Open, Requires assessmentPublicBUG

Description

When operating VyOS as DMVPN HUB the DMVPN tunnel is always down when issuing the show vpn ipsec sa command. The DMVPN configuration is from https://docs.vyos.io/en/latest/vpn/dmvpn.html

vyos@vyos:~$ show vpn ipsec sa
Connection                     State    Up          Bytes In/Out    Remote address    Remote ID    Proposal
-----------------------------  -------  ----------  --------------  ----------------  -----------  ------------------------------------------------
peer-172.18.203.10-tunnel-vti  up       52 seconds  252B/252B       172.18.203.10     N/A          AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
dmvpn-NHRPVPN-tun100           down     N/A         N/A             N/A               N/A          N/A

vyos@vyos:~$ show interfaces tunnel tun100
tun100@NONE: <MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1360 qdisc noqueue state UNKNOWN group default qlen 1000
    link/gre 172.18.201.10 brd 0.0.0.0
    inet 172.18.100.6/29 brd 172.18.100.7 scope global tun100
       valid_lft forever preferred_lft forever
    inet6 fe80::5efe:ac12:c90a/64 scope link
       valid_lft forever preferred_lft forever

    RX:  bytes    packets     errors    dropped    overrun      mcast
         99016        990          0          0          0          0
    TX:  bytes    packets     errors    dropped    carrier collisions
         95056        950          0          0          0          0

I do not know if this is intended or not...

Details

Difficulty level
Unknown (require assessment)
Version
1.2.2
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)