After rewriting tunnel interface to XML and Python DMVPN sessions do not come up anymore - VyOS DMVPN hub functionality is effectively broken
Description
Description
Details
Details
- Difficulty level
- Unknown (require assessment)
- Version
- 1.3-rolling-202004060851
- Why the issue appeared?
- Will be filled on close
- Is it a breaking change?
- Unspecified (possibly destroys the router)
- Issue type
- Bug (incorrect behavior)
Event Timeline
Comment Actions
The main reason for this issue - we can't create properly tunnel
set interfaces tunnel tun0 address 10.0.0.3/24 set interfaces tunnel tun0 encapsulation gre set interfaces tunnel tun0 local-ip 0.0.0.0 set interfaces tunnel tun0 multicast enable set interfaces tunnel tun0 parameters ip key 1 vyos@R4# commit [ interfaces tunnel tun0 ] Can not set "multicast" for tunnel gre tun0 at tunnel creation [[interfaces tunnel tun0]] failed Commit failed
Comment Actions
@Dmitry @c-po is this an other version of strongswan? or is this the strongswan with dmvpn pathes in from vyos repo?
Comment Actions
vyos@R3# run show version all | match strongswan ii strongswan 5.7.2-1 all IPsec VPN solution metapackage
But in this case, we have an issue with command
vyos@R3# sudo ip link add tun0 type gretap local 0.0.0.0 RTNETLINK answers: File exists
In old scripts, tunnels were created by following commands
ip tunnel add tun0 local 0.0.0.0 mode gre key 1 ttl 255 tos inherit ip link set tun0 multicast on allmulticast on up ip addr add 10.0.0.4/24 broadcast + dev tun0 ip tunnel cha tun0 local 0.0.0.0
Comment Actions
Retested today using VyOS 1.3-rolling-202004120117
vyos@vyos# commit [ interfaces tunnel tun100 address 172.16.253.134/29 ] [ interfaces tunnel tun100 local-ip 194.145.151.218 ] [ interfaces tunnel tun100 mtu 1360 ] [ interfaces tunnel tun100 parameters ip key 1 ] [ interfaces tunnel tun100 ] Can not set "mtu" for tunnel gre tun100 at tunnel creation [[interfaces tunnel tun100]] failed [[interfaces tunnel tun100 ip ospf]] failed Commit failed
Comment Actions
could you please try this patch. if it still fails, can you remove the 'mtu' from the 'options' line and try again ?
diff --git a/python/vyos/ifconfig/tunnel.py b/python/vyos/ifconfig/tunnel.py index 0506066..46900ce 100644 --- a/python/vyos/ifconfig/tunnel.py +++ b/python/vyos/ifconfig/tunnel.py @@ -141,8 +141,8 @@ class GREIf(_Tunnel): default = {'type': 'gre'} required = ['local', ] # mGRE is a GRE without remote endpoint - options = ['local', 'remote', 'ttl', 'tos', 'key'] - updates = ['local', 'remote', 'ttl', 'tos', + options = ['local', 'remote', 'ttl', 'tos', 'key', 'mtu'] + updates = ['local', 'remote', 'ttl', 'tos', 'mtu', 'multicast', 'allmulticast'] create = 'ip tunnel add {ifname} mode {type}'
(option 'two' was indeed the right one)