Hello.
Not sure if this is a bug per se, or different configuration is needed for it to work. I have only noticed it after upgrading to 1.1.8 from 1.1.7 (which involved a reboot) The same behaviour happens on 1.1.7 and 1.1.8.
Steps to reproduce on clean vyos installation:
- load & commit basic config that has ipsec/l2tp remote access configured
interfaces {
ethernet eth0 {
address 192.168.1.100/24
duplex auto
smp_affinity auto
speed auto
loopback lo {
}
}
}
protocols {
static {
route 0.0.0.0/0 {
next-hop 192.168.1.1 {
}
}
}
}
system {
config-management {
commit-revisions 20
}
console {
device ttyS0 {
speed 9600
}
}
host-name vyos
login {
user vyos {
authentication {
encrypted-password $1$5HsQse2v$VQLh5eeEp4ZzGmCG/PRBA1
plaintext-password ""
}
level admin
}
}
name-server 8.8.8.8
ntp {
server 0.pool.ntp.org {
}
server 1.pool.ntp.org {
}
server 2.pool.ntp.org {
}
}
package {
auto-sync 1
repository community {
components main
distribution helium
password ""
url http://packages.vyos.net/vyos
username ""
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone UTC
}
vpn {
ipsec {
ipsec-interfaces {
interface eth0
}
nat-networks {
allowed-network 0.0.0.0/0 {
}
}
nat-traversal enable
}
l2tp {
remote-access {
authentication {
local-users {
username testuser {
password testpassword
}
}
mode local
}
client-ip-pool {
start 10.10.10.1
stop 10.10.10.254
}
dns-servers {
server-1 8.8.8.8
}
ipsec-settings {
authentication {
mode pre-shared-secret
pre-shared-secret testpresharedkeysecret
}
ike-lifetime 3600
}
outside-address 192.168.1.100
}
}
}
/* Warning: Do not remove the following line. */
/* === vyatta-config-version: "cluster@1:config-management@1:conntrack-sync@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@4:nat@4:qos@1:quagga@2:system@6:vrrp@1:wanloadbalance@3:webgui@1:webproxy@1:zone-policy@1" === */
/* Release version: VyOS 1.1.7 */- Ipsec/l2tp remote access works fine (tested on Windows 10 and IOS) at this stage.
- load & commit config that has only vrrp added to the previous configuration.
interfaces {
ethernet eth0 {
address 192.168.100.100/24
duplex auto
smp_affinity auto
speed auto
vrrp {
vrrp-group 1 {
advertise-interval 1
preempt true
sync-group sunc1
virtual-address 192.168.1.100/24
}
}
loopback lo {
}
}
}
protocols {
static {
route 0.0.0.0/0 {
next-hop 192.168.1.1 {
}
}
}
}
system {
config-management {
commit-revisions 20
}
console {
device ttyS0 {
speed 9600
}
}
host-name vyos
login {
user vyos {
authentication {
encrypted-password $1$5HsQse2v$VQLh5eeEp4ZzGmCG/PRBA1
plaintext-password ""
}
level admin
}
}
name-server 8.8.8.8
ntp {
server 0.pool.ntp.org {
}
server 1.pool.ntp.org {
}
server 2.pool.ntp.org {
}
}
package {
auto-sync 1
repository community {
components main
distribution helium
password ""
url http://packages.vyos.net/vyos
username ""
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone UTC
}
vpn {
ipsec {
ipsec-interfaces {
interface eth0
}
nat-networks {
allowed-network 0.0.0.0/0 {
}
}
nat-traversal enable
}
l2tp {
remote-access {
authentication {
local-users {
username testuser {
password testpassword
}
}
mode local
}
client-ip-pool {
start 10.10.10.1
stop 10.10.10.254
}
dns-servers {
server-1 8.8.8.8
}
ipsec-settings {
authentication {
mode pre-shared-secret
pre-shared-secret testpresharedkeysecret
}
ike-lifetime 3600
}
outside-address 192.168.1.100
}
}
}
/* Warning: Do not remove the following line. */
/* === vyatta-config-version: "cluster@1:config-management@1:conntrack-sync@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@4:nat@4:qos@1:quagga@2:system@6:vrrp@1:wanloadbalance@3:webgui@1:webproxy@1:zone-policy@1" === */
/* Release version: VyOS 1.1.7 */- Ipsec/l2tp remote access works fine (tested on Windows 10 and IOS) at this stage. I can restart vpn or vrrp services and I can always reconnect without a problem.
- reboot vyos system
- suddenly it is impossible to connect via l2tp/ipsec. restarting vpn or vrrp services does not help.