Page MenuHomeVyOS Platform

DMVPN broken after tunnel rewrite to XML/Python
Closed, ResolvedPublicBUG

Description

After rewriting tunnel interface to XML and Python DMVPN sessions do not come up anymore - VyOS DMVPN hub functionality is effectively broken

Details

Difficulty level
Unknown (require assessment)
Version
1.3-rolling-202004060851
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)

Event Timeline

c-po triaged this task as High priority.Apr 6 2020, 6:44 PM
c-po created this task.
c-po updated the task description. (Show Details)
c-po added a subscriber: Dmitry.Apr 6 2020, 6:54 PM

@Dmitry maybe you have an idea why?

Dmitry claimed this task.EditedApr 6 2020, 8:31 PM

@c-po let me reproduce this locally, I will find an answer.

Dmitry added a comment.Apr 6 2020, 9:52 PM

The main reason for this issue - we can't create properly tunnel

set interfaces tunnel tun0 address 10.0.0.3/24
set interfaces tunnel tun0 encapsulation gre
set interfaces tunnel tun0 local-ip 0.0.0.0
set interfaces tunnel tun0 multicast enable
set interfaces tunnel tun0 parameters ip key 1

vyos@R4# commit
[ interfaces tunnel tun0 ]
Can not set "multicast" for tunnel gre tun0 at tunnel creation

[[interfaces tunnel tun0]] failed
Commit failed

@Dmitry @c-po is this an other version of strongswan? or is this the strongswan with dmvpn pathes in from vyos repo?

Dmitry added a subscriber: Unicron.EditedApr 6 2020, 10:12 PM

@UnicronNL

vyos@R3# run show version all | match strongswan
ii  strongswan                       5.7.2-1                             all          IPsec VPN solution metapackage

But in this case, we have an issue with command

vyos@R3# sudo ip link add tun0 type gretap local 0.0.0.0
RTNETLINK answers: File exists

In old scripts, tunnels were created by following commands

ip tunnel add tun0 local 0.0.0.0 mode gre key 1 ttl 255 tos inherit
ip link set tun0 multicast on allmulticast on up
ip addr add 10.0.0.4/24 broadcast + dev tun0
ip tunnel cha tun0 local 0.0.0.0
pasik added a subscriber: pasik.Apr 7 2020, 7:14 AM
Dmitry changed the task status from Open to Needs testing.Apr 8 2020, 1:37 PM
c-po added a comment.Apr 12 2020, 10:13 AM

Retested today using VyOS 1.3-rolling-202004120117

vyos@vyos# commit
[ interfaces tunnel tun100 address 172.16.253.134/29 ]


[ interfaces tunnel tun100 local-ip 194.145.151.218 ]


[ interfaces tunnel tun100 mtu 1360 ]


[ interfaces tunnel tun100 parameters ip key 1 ]


[ interfaces tunnel tun100 ]
Can not set "mtu" for tunnel gre tun100 at tunnel creation

[[interfaces tunnel tun100]] failed
[[interfaces tunnel tun100 ip ospf]] failed
Commit failed
thomas-mangin added a subscriber: thomas-mangin.EditedApr 12 2020, 11:13 AM

could you please try this patch. if it still fails, can you remove the 'mtu' from the 'options' line and try again ?

diff --git a/python/vyos/ifconfig/tunnel.py b/python/vyos/ifconfig/tunnel.py
index 0506066..46900ce 100644
--- a/python/vyos/ifconfig/tunnel.py
+++ b/python/vyos/ifconfig/tunnel.py
@@ -141,8 +141,8 @@ class GREIf(_Tunnel):
     default = {'type': 'gre'}
     required = ['local', ]  # mGRE is a GRE without remote endpoint

-    options = ['local', 'remote', 'ttl', 'tos', 'key']
-    updates = ['local', 'remote', 'ttl', 'tos',
+    options = ['local', 'remote', 'ttl', 'tos', 'key', 'mtu']
+    updates = ['local', 'remote', 'ttl', 'tos', 'mtu',
                'multicast', 'allmulticast']

     create = 'ip tunnel add {ifname} mode {type}'

(option 'two' was indeed the right one)

c-po added a comment.Apr 13 2020, 11:44 AM

Fixed in VyOS 1.3-rolling-20200413104

c-po closed this task as Resolved.Apr 13 2020, 11:44 AM
c-po moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus board.May 21 2020, 5:24 PM