Page MenuHomeVyOS Platform

L2TP over IPSEC broken
Closed, ResolvedPublicBUG

Description

Latest IPSEC python upgrade did something with the "roadrunner" ipsec configuration for l2tp.

set vpn ipsec auto-update '1800'
set vpn ipsec ipsec-interfaces interface 'eth0'
set vpn ipsec ipsec-interfaces interface 'eth3'
set vpn l2tp remote-access authentication local-users username primoz password 'XYZ'
set vpn l2tp remote-access authentication mode 'local'
set vpn l2tp remote-access client-ip-pool start '192.168.180.100'
set vpn l2tp remote-access client-ip-pool stop '192.168.180.200'
set vpn l2tp remote-access gateway-address '192.168.180.1'
set vpn l2tp remote-access idle '1800'
set vpn l2tp remote-access ipsec-settings authentication mode 'pre-shared-secret'
set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret 'abc'
set vpn l2tp remote-access ipsec-settings ike-lifetime '3600'
set vpn l2tp remote-access ipsec-settings lifetime '3600'
set vpn l2tp remote-access mtu '1320'
set vpn l2tp remote-access name-server '1.1.1.1'
set vpn l2tp remote-access outside-address '1.2.3.4'

doesn't result in any configuration in ipsec.conf.

Regards,

Primoz

Details

Difficulty level
Unknown (require assessment)
Version
1.4-rolling-202107090351
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)

Event Timeline

c-po changed the task status from Open to Confirmed.Sat, Jul 10, 9:00 AM
c-po added a subscriber: c-po.

I can confirm this on the latest rolling versions, seems to be a problem with the IPSec rewrite/move to swanctl.conf.

With 1.4-rolling-202107202017 at the latest l2tp over ipsec works with swanctl.

c-po assigned this task to sdev.