Page MenuHomeVyOS Platform

Change GRE tunnel failed
Closed, ResolvedPublicBUG

Description

To reproduce

set interfaces ethernet eth0 address '192.168.122.11/24'
set interfaces tunnel tun1 address '10.20.30.1/30'
set interfaces tunnel tun1 encapsulation 'gre'
set interfaces tunnel tun1 local-ip '192.168.122.11'
set interfaces tunnel tun1 multicast 'disable'
commit
set interfaces tunnel tun1 remote-ip 192.168.122.12
commit

After the second commit

Traceback (most recent call last):
  File "/usr/libexec/vyos/conf_mode/interfaces-tunnel.py", line 189, in <module>
    apply(c)
  File "/usr/libexec/vyos/conf_mode/interfaces-tunnel.py", line 179, in apply
    tun.change_options()
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/tunnel.py", line 85, in change_options
    self._cmd('{} {}'.format(change.format(**self.config), options))
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/control.py", line 51, in _cmd
    return cmd(command, self.debug)
  File "/usr/lib/python3/dist-packages/vyos/util.py", line 179, in cmd
    raise OSError(code, feedback)
PermissionError: [Errno 1] failed to run command: ip tunnel change tun1 mode gre local 192.168.122.11 remote 192.168.122.12 ttl 0 tos inherit
returned: 
exit code: 1

noteworthy:
cmd 'ip tunnel change tun1 mode gre local 192.168.122.11 remote 192.168.122.12 ttl 0 tos inherit'
returned (out):

returned (err):
add tunnel "tun1" failed: Invalid argument

[[interfaces tunnel tun1]] failed

Details

Difficulty level
Normal (likely a few hours)
Version
VyOS 1.3.0-rc1
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)

Event Timeline

For 1.4 the same fail
Config

set interfaces tunnel tun1 address '10.20.30.1/30'
set interfaces tunnel tun1 encapsulation 'gre'
set interfaces tunnel tun1 source-address '192.168.122.11'
set interfaces tunnel tun1 multicast 'disable'
commit
set interfaces tunnel tun1 remote 192.168.122.12
commit

Commit error

vyos@r-roll01# commit
[ interfaces tunnel tun1 ]


Report Time:      2021-03-02 21:20:49
Image Version:    VyOS 1.4-rolling-202103011828
Release Train:    sagitta

Built by:         autobuild@vyos.net
Built on:         Mon 01 Mar 2021 18:28 UTC
Build UUID:       e1e1673c-2e53-490c-9f9a-c3d422cf5ea7
Build Commit ID:  39ab069e421c6e

Architecture:     x86_64
Boot via:         installed image
System type:      KVM guest

Hardware vendor:  QEMU
Hardware model:   Standard PC (Q35 + ICH9, 2009)
Hardware S/N:     
Hardware UUID:    c483d2ea-9322-4376-b634-6e2beac24547

Traceback (most recent call last):
  File "/usr/libexec/vyos/conf_mode/interfaces-tunnel.py", line 125, in <module>
    apply(c)
  File "/usr/libexec/vyos/conf_mode/interfaces-tunnel.py", line 116, in apply
    tun.update(tunnel)
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/tunnel.py", line 183, in update
    self._change_options()
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/tunnel.py", line 151, in _change_options
    self._cmd(cmd.format(**self.config))
  File "/usr/lib/python3/dist-packages/vyos/ifconfig/control.py", line 51, in _cmd
    return cmd(command, self.debug)
  File "/usr/lib/python3/dist-packages/vyos/util.py", line 179, in cmd
    raise OSError(code, feedback)
PermissionError: [Errno 1] failed to run command: ip tunnel change tun1 mode gre local 192.168.122.11 remote 192.168.122.12 tos inherit ttl 0
returned: 
exit code: 1

noteworthy:
cmd 'ip tunnel change tun1 mode gre local 192.168.122.11 remote 192.168.122.12 tos inherit ttl 0'
returned (out):

returned (err):
add tunnel "tun1" failed: Invalid argument

[[interfaces tunnel tun1]] failed
Commit failed
[edit]

It seems it some upstream issue

vyos@r-roll01# sudo ip tunnel add tun22 mode gre local 203.0.113.1 remote any 
[edit]
vyos@r-roll01# sudo ip tunnel change tun22 mode gre local 203.0.113.1 remote 203.0.113.254
add tunnel "tun22" failed: Invalid argument
[edit]
vyos@r-roll01#
c-po changed the task status from Open to In progress.Mar 3 2021, 8:59 PM
c-po claimed this task.
c-po triaged this task as Normal priority.

Issue also exists in VyOS 1.2.7-rc1

vyos@vyos:~$ show ver
Version:          VyOS 1.2.7-epa1
Release Train:    crux

vyos@vyos:~$ configure
vyos@vyos# set interfaces ethernet eth0 address '192.168.122.11/24'
vyos@vyos# set interfaces tunnel tun1 address '10.20.30.1/30'
vyos@vyos# set interfaces tunnel tun1 encapsulation 'gre'
vyos@vyos# set interfaces tunnel tun1 local-ip '192.168.122.11'
vyos@vyos# set interfaces tunnel tun1 multicast 'disable'
vyos@vyos# commit
[ interfaces tunnel tun1 ]
No remote-ip configured for tun1, tunnel can only be used for mGRE.

vyos@vyos# set interfaces tunnel tun1 remote-ip 192.168.122.12
vyos@vyos# commit
[ interfaces tunnel tun1 remote-ip 192.168.122.12 ]
add tunnel "tun1" failed: Invalid argument

[[interfaces tunnel tun1]] failed
Commit failed

The root cause is that the tunnel is created as mGRE tunnel first and then later we want to change it to GRE with a discrete remote address. This seems to not be supported.

A check must be added if we transition from mGRE to GRE and if so - delete the tunnel in the background and recreate it.

When checking the tunnel configuration we see remote any vs remote 172.18.254.204

>>> from vyos.util import get_json_iface_options
>>> import pprint
>>> pprint.pprint(get_json_iface_options('tun1'))
{'address': '192.168.122.11',
 'broadcast': '172.18.254.204',
 'flags': ['POINTOPOINT', 'NOARP', 'UP', 'LOWER_UP'],
 'group': 'default',
 'gso_max_segs': 65535,
 'gso_max_size': 65536,
 'ifindex': 576,
 'ifname': 'tun1',
 'inet6_addr_gen_mode': 'none',
 'link': None,
 'link_pointtopoint': True,
 'link_type': 'gre',
 'linkinfo': {'info_data': {'erspan_ver': 0,
                            'local': '192.168.122.11',
                            'pmtudisc': True,
                            'remote': '172.18.254.204',
                            'tos': '0x1',
                            'ttl': 0},
              'info_kind': 'gre'},
 'linkmode': 'DEFAULT',
 'max_mtu': 65511,
 'min_mtu': 68,
 'mtu': 1476,
 'num_rx_queues': 1,
 'num_tx_queues': 1,
 'operstate': 'UNKNOWN',
 'promiscuity': 0,
 'qdisc': 'noqueue',
 'txqlen': 1000}
>>> pprint.pprint(get_json_iface_options('tun2'))
{'address': '192.168.122.11',
 'broadcast': '0.0.0.0',
 'flags': ['NOARP', 'UP', 'LOWER_UP'],
 'group': 'default',
 'gso_max_segs': 65535,
 'gso_max_size': 65536,
 'ifindex': 577,
 'ifname': 'tun2',
 'inet6_addr_gen_mode': 'none',
 'link': None,
 'link_type': 'gre',
 'linkinfo': {'info_data': {'erspan_ver': 0,
                            'local': '192.168.122.11',
                            'pmtudisc': True,
                            'remote': 'any',
                            'tos': '0x1',
                            'ttl': 0},
              'info_kind': 'gre'},
 'linkmode': 'DEFAULT',
 'max_mtu': 65511,
 'min_mtu': 68,
 'mtu': 1476,
 'num_rx_queues': 1,
 'num_tx_queues': 1,
 'operstate': 'UNKNOWN',
 'promiscuity': 0,
 'qdisc': 'noqueue',
 'txqlen': 1000}
c-po changed the task status from In progress to Needs testing.Mar 4 2021, 8:33 PM
c-po moved this task from Need Triage to Backport Candidates on the VyOS 1.4 Sagitta board.
c-po moved this task from Backport Candidates to Finished on the VyOS 1.4 Sagitta board.
c-po moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus board.

For 1.2 this could be evaluated in the tunnels node.def file by something like:

ip -d -j link show tun10 | jq '.[]|.linkinfo.info_data.remote'

c-po removed c-po as the assignee of this task.Mar 6 2021, 9:07 AM
c-po added a subscriber: c-po.