Page MenuHomeVyOS Platform

VyOS 1.4: Invalid error message while deleting ipsec vpn configuration
Open, Requires assessmentPublicBUG

Description

There is no configuration related to the L2TP protocol but while deleting the existing configuration, I am getting the following error message "ERROR: failed to reapply L2TP IPSec settings!":

[edit interfaces]
-vti vti0 {
-    address 10.0.0.2/30
-}
[edit vpn]
-ipsec {
-    esp-group espA {
-        proposal 1 {
-            encryption aes256
-            hash sha256
-        }
-    }
-    ike-group ikeA {
-        proposal 1 {
-            dh-group 16
-            encryption aes256
-            hash sha256
-        }
-    }
-    ipsec-interfaces {
-        interface eth0
-    }
-    site-to-site {
-        peer 203.0.113.46 {
-            authentication {
-                mode pre-shared-secret
-                pre-shared-secret vyos
-            }
-            ike-group ikeA
-            local-address 203.0.113.45
-            vti {
-                bind vti0
-                esp-group espA
-            }
-        }
-    }
-}
[edit]
vyos@vyos# commit
[ vpn ipsec ]
ERROR: failed to reapply L2TP IPSec settings!


[edit]
vyos@vyos# compare
No changes between working and active configurations.
[edit]

The commit is successful and no issues are seen after the commit.

Version:          VyOS 1.4-rolling-202107122017
Release Train:    sagitta

Built by:         autobuild@vyos.net
Built on:         Tue 13 Jul 2021 07:17 UTC
Build UUID:       0b7a0c5f-8e68-4e69-83ef-afa9696aa8a1
Build Commit ID:  1a0da9f0bc8774

Details

Difficulty level
Unknown (require assessment)
Version
1.4-rolling-202107122017
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)

Event Timeline

SrividyaA renamed this task from VyoOS 1.4: Invalid error message while deleting ipsec vpn configuration to VyOS 1.4: Invalid error message while deleting ipsec vpn configuration.Jul 13 2021, 3:26 PM
SrividyaA created this task.

This error occurs because the ipsec module blindly updates the l2tp module after a commit change to ensure any l2tp via ipsec config is then refreshed also.

This'll be fixed soon in my PR that brings L2TP over IPSec under the main ipsec module.