nhrp not starting due to missing cisco-authentication value
Confirmed, NormalPublicBUG
Actions

Assigned To

Authored By

	e.khudiyev
	Jun 7 2022, 12:32 PM

Description

nhrp process fails to start with the corresponding logs:

systemd[1]: Starting OpenNHRP...
opennhrp[371721]: opennhrp[371721]: OpenNHRP 0.14-20-g613277f starting
opennhrp[371721]: OpenNHRP 0.14-20-g613277f starting
opennhrp[371721]: opennhrp[371721]: Configuration file syntax error in /run/opennhrp/opennhrp.conf:6, near word '300'
opennhrp[371721]: Configuration file syntax error in /run/opennhrp/opennhrp.conf:6, near word '300'
systemd[1]: opennhrp.service: Control process exited, code=exited, status=4/NOPERMISSION
systemd[1]: opennhrp.service: Failed with result 'exit-code'.
systemd[1]: Failed to start OpenNHRP.

Example configuration causing the issue:

protocols {
    nhrp {
        tunnel tun0 {
            cisco-authentication ""
            holding-time "300"
            multicast "dynamic"
            redirect { }
        }
    }

This is caused by the empty value of the cisco-authentication option that keeps the empty value in /run/opennhrp/opennhrp.conf, while the option shouldn't be added in this case:

# Created by VyOS - manual changes will be overwritten

interface tun100 #hub
    cisco-authentication
    holding-time 300
    multicast dynamic
    redirect

The correct configuration must look like this:

# Created by VyOS - manual changes will be overwritten

interface tun100 #hub
    holding-time 300
    multicast dynamic
    redirect

Details

Difficulty level: Unknown (require assessment)
Version: 1.4-rolling-202206070913
Why the issue appeared?: Will be filled on close
Is it a breaking change?: Unspecified (possibly destroys the router)
Issue type: Bug (incorrect behavior)

Event Timeline

e.khudiyev created this task.Jun 7 2022, 12:32 PM

pasik added a subscriber: pasik.Jun 7 2022, 2:27 PM

From provided log syntax error in config string 6
‘holding-time 300’

But yes “ cisco-authentication” shouldn’t be without values

In T4460#124345, @Viacheslav wrote:

From provided log syntax error in config string 6
‘holding-time 300’

But yes “ cisco-authentication” shouldn’t be without values

Unfortunately in this case log is not accurate and doesn't indicate the exact issue. I think it's due to incomplete string 5 (cisco-authentication) affecting string 6 (holding-time). After tests, it's confirmed that everything works as expected when there is no option cisco-authentication with a blank value.

Here is the string that is responsible for generating cisco-authentication for nhrp config file. As I could understand, the "vyos_defined" doesn't operate as expected and we need to figure out why this function is ignoring "none" value

e.khudiyev changed Difficulty level from Easy (less than an hour) to Unknown (require assessment).Jun 9 2022, 7:46 AM

e.khudiyev changed Is it a breaking change? from Perfectly compatible to Unspecified (possibly destroys the router).

n.fort claimed this task.Jun 10 2022, 2:34 PM

PR: https://github.com/vyos/vyos-1x/pull/1353

n.fort changed the task status from Open to Needs testing.Jun 10 2022, 6:13 PM

Since in previous version set protocols nhrp tunnel tun0 cisco-authentication "" was allowed, a migration script is required. Otherwise, when upgrading, configuration fails.

n.fort closed this task as Resolved.Jul 11 2023, 12:25 PM

Re opening this task. Migration script needs to be added.

syncer triaged this task as Normal priority.Jul 24 2023, 11:08 PM

syncer moved this task from Need Triage to In Progress on the VyOS 1.4 Sagitta board.

dmbaturin added a project: Restricted Project.Feb 15 2024, 12:55 PM

dmbaturin edited projects, added VyOS 1.4 Sagitta (1.4.0-epa1); removed VyOS 1.4 Sagitta.Feb 15 2024, 3:04 PM

@n.fort Which migration are you expecting here?

nhrp not starting due to missing cisco-authentication valueConfirmed, NormalPublicBUGActions

Description

Details

Event Timeline

nhrp not starting due to missing cisco-authentication value
Confirmed, NormalPublicBUG
Actions