Page MenuHomeVyOS Platform

IPsec ike-group parameters are not saved correctly (after reboot)
Closed, ResolvedPublicBUG

Description

Tested in VyOS 1.3.0-epa3

Create ike-group and save:

vyos@vyos:~$ configure
vyos@vyos# set vpn ipsec ike-group IKE close-action 'none'
vyos@vyos# set vpn ipsec ike-group IKE ikev2-reauth 'no'
vyos@vyos# set vpn ipsec ike-group IKE lifetime '86400'
vyos@vyos# set vpn ipsec ike-group IKE proposal 2 dh-group '2'
vyos@vyos# set vpn ipsec ike-group IKE proposal 2 encryption 'aes128'
vyos@vyos# set vpn ipsec ike-group IKE proposal 2 hash 'sha1'
[edit]
vyos@vyos# commit
vyos@vyos# save

Check config:
vyos@vyos:~$ show configuration commands

set vpn ipsec ike-group IKE close-action 'none'
set vpn ipsec ike-group IKE ikev2-reauth 'no'
set vpn ipsec ike-group IKE lifetime '86400'
set vpn ipsec ike-group IKE proposal 2 dh-group '2'
set vpn ipsec ike-group IKE proposal 2 encryption 'aes128'
set vpn ipsec ike-group IKE proposal 2 hash 'sha1'

Reboot.
Check config after:

set vpn ipsec ike-group IKE close-action 'none'
set vpn ipsec ike-group IKE ikev2-reauth 'no'
set vpn ipsec ike-group IKE key-exchange 'ikev1'
set vpn ipsec ike-group IKE lifetime '86400'
set vpn ipsec ike-group IKE proposal 2 dh-group '2'
set vpn ipsec ike-group IKE proposal 2 encryption 'aes128'
set vpn ipsec ike-group IKE proposal 2 hash 'sha1'

Notice the following NEW lines:
set vpn ipsec ike-group IKE key-exchange 'ikev1'

Details

Difficulty level
Unknown (require assessment)
Version
VyOS 1.3.0-epa3
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Bug (incorrect behavior)