nhrp process fails to start with the corresponding logs:
systemd[1]: Starting OpenNHRP... opennhrp[371721]: opennhrp[371721]: OpenNHRP 0.14-20-g613277f starting opennhrp[371721]: OpenNHRP 0.14-20-g613277f starting opennhrp[371721]: opennhrp[371721]: Configuration file syntax error in /run/opennhrp/opennhrp.conf:6, near word '300' opennhrp[371721]: Configuration file syntax error in /run/opennhrp/opennhrp.conf:6, near word '300' systemd[1]: opennhrp.service: Control process exited, code=exited, status=4/NOPERMISSION systemd[1]: opennhrp.service: Failed with result 'exit-code'. systemd[1]: Failed to start OpenNHRP.
Example configuration causing the issue:
protocols { nhrp { tunnel tun0 { cisco-authentication "" holding-time "300" multicast "dynamic" redirect { } } }
This is caused by the empty value of the cisco-authentication option that keeps the empty value in /run/opennhrp/opennhrp.conf, while the option shouldn't be added in this case:
# Created by VyOS - manual changes will be overwritten interface tun100 #hub cisco-authentication holding-time 300 multicast dynamic redirect
The correct configuration must look like this:
# Created by VyOS - manual changes will be overwritten interface tun100 #hub holding-time 300 multicast dynamic redirect