Page MenuHomeVyOS Platform
Create Task
Maniphest T4658

Rename DPD action `hold` to `trap`
Closed, ResolvedPublicFEATURE REQUEST
Actions

Description

DPD action values are outdated.

vyos@vyos# set vpn ipsec ike-group IKE-HUB dead-peer-detection action
Possible completions:
   hold                 Attempt to re-negotiate the connection when matching traffic is seen
   clear                Remove the connection immediately
   restart              Attempt to re-negotiate the connection immediately

but in strongswan documentation
https://docs.strongswan.org/docs/5.9/swanctl/swanctlConf.html

child>.dpd_action

Action to perform for this CHILD_SA on DPD timeout. The default clear closes the CHILD_SA and does not take further action. trap installs a trap policy, which will catch matching traffic and tries to re-negotiate the tunnel on-demand (note that this is redundant if start_action includes trap. restart immediately tries to re-negotiate the CHILD_SA under a fresh IKE_SA.

Details

Difficulty level
Normal (likely a few hours)
Version
VyOS 1.4-rolling-202208290458
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Config syntax change (migratable)
Issue type
Improvement (missing useful functionality)

Related Objects

Event Timeline

a.apostoliuk created this task.Aug 30 2022, 12:17 PM
zsdc changed the subtype of this task from "Bug" to "Feature Request".Aug 30 2022, 12:40 PM
zsdc added a subscriber: zsdc.

Not the bug, because it is internally translated to the proper value: https://github.com/vyos/vyos-1x/blob/b01f27b3bb3f4cbc6096011856d83009d0440313/data/templates/ipsec/swanctl/peer.j2#L90

But renaming hold to trap can be considered for a CLI improvement.

zsdc renamed this task from DPD action values are outdated to Rename DPD action `hold` to `trap`.Aug 30 2022, 12:40 PM
pasik added a subscriber: pasik.Aug 30 2022, 12:55 PM
Viacheslav added a subscriber: Viacheslav.Sep 2 2022, 4:08 AM

Could be a part of T4118

dmbaturin triaged this task as High priority.Jan 9 2024, 5:41 PM
dmbaturin changed Is it a breaking change? from Perfectly compatible to Config syntax change (migratable).
dmbaturin changed Issue type from Bug (incorrect behavior) to Improvement (missing useful functionality).
c-po added a subscriber: c-po.Jan 11 2024, 3:33 PM

We've discussed this in the maintainer meeting and we agreed on migrating the hold CLI option to trap.

a.apostoliuk claimed this task.Jan 11 2024, 3:36 PM
a.apostoliuk changed the task status from Open to In progress.Jan 16 2024, 12:54 PM
a.apostoliuk changed the task status from In progress to Needs testing.Jan 17 2024, 8:40 AM
a.apostoliuk closed this task as Resolved.
a.apostoliuk added a project: VyOS 1.5 Circinus.
a.apostoliuk moved this task from Need Triage to Finished on the VyOS 1.4 Sagitta board.
a.apostoliuk moved this task from Need Triage to Finished on the VyOS 1.5 Circinus board.