Hello.
Not sure if this is a bug per se, or different configuration is needed for it to work. I have only noticed it after upgrading to 1.1.8 from 1.1.7 (which involved a reboot) The same behaviour happens on 1.1.7 and 1.1.8.
Steps to reproduce on clean vyos installation:
- load & commit basic config that has ipsec/l2tp remote access configured
interfaces { ethernet eth0 { address 192.168.1.100/24 duplex auto smp_affinity auto speed auto loopback lo { } } } protocols { static { route 0.0.0.0/0 { next-hop 192.168.1.1 { } } } } system { config-management { commit-revisions 20 } console { device ttyS0 { speed 9600 } } host-name vyos login { user vyos { authentication { encrypted-password $1$5HsQse2v$VQLh5eeEp4ZzGmCG/PRBA1 plaintext-password "" } level admin } } name-server 8.8.8.8 ntp { server 0.pool.ntp.org { } server 1.pool.ntp.org { } server 2.pool.ntp.org { } } package { auto-sync 1 repository community { components main distribution helium password "" url http://packages.vyos.net/vyos username "" } } syslog { global { facility all { level notice } facility protocols { level debug } } } time-zone UTC } vpn { ipsec { ipsec-interfaces { interface eth0 } nat-networks { allowed-network 0.0.0.0/0 { } } nat-traversal enable } l2tp { remote-access { authentication { local-users { username testuser { password testpassword } } mode local } client-ip-pool { start 10.10.10.1 stop 10.10.10.254 } dns-servers { server-1 8.8.8.8 } ipsec-settings { authentication { mode pre-shared-secret pre-shared-secret testpresharedkeysecret } ike-lifetime 3600 } outside-address 192.168.1.100 } } } /* Warning: Do not remove the following line. */ /* === vyatta-config-version: "cluster@1:config-management@1:conntrack-sync@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@4:nat@4:qos@1:quagga@2:system@6:vrrp@1:wanloadbalance@3:webgui@1:webproxy@1:zone-policy@1" === */ /* Release version: VyOS 1.1.7 */
- Ipsec/l2tp remote access works fine (tested on Windows 10 and IOS) at this stage.
- load & commit config that has only vrrp added to the previous configuration.
interfaces { ethernet eth0 { address 192.168.100.100/24 duplex auto smp_affinity auto speed auto vrrp { vrrp-group 1 { advertise-interval 1 preempt true sync-group sunc1 virtual-address 192.168.1.100/24 } } loopback lo { } } } protocols { static { route 0.0.0.0/0 { next-hop 192.168.1.1 { } } } } system { config-management { commit-revisions 20 } console { device ttyS0 { speed 9600 } } host-name vyos login { user vyos { authentication { encrypted-password $1$5HsQse2v$VQLh5eeEp4ZzGmCG/PRBA1 plaintext-password "" } level admin } } name-server 8.8.8.8 ntp { server 0.pool.ntp.org { } server 1.pool.ntp.org { } server 2.pool.ntp.org { } } package { auto-sync 1 repository community { components main distribution helium password "" url http://packages.vyos.net/vyos username "" } } syslog { global { facility all { level notice } facility protocols { level debug } } } time-zone UTC } vpn { ipsec { ipsec-interfaces { interface eth0 } nat-networks { allowed-network 0.0.0.0/0 { } } nat-traversal enable } l2tp { remote-access { authentication { local-users { username testuser { password testpassword } } mode local } client-ip-pool { start 10.10.10.1 stop 10.10.10.254 } dns-servers { server-1 8.8.8.8 } ipsec-settings { authentication { mode pre-shared-secret pre-shared-secret testpresharedkeysecret } ike-lifetime 3600 } outside-address 192.168.1.100 } } } /* Warning: Do not remove the following line. */ /* === vyatta-config-version: "cluster@1:config-management@1:conntrack-sync@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@4:nat@4:qos@1:quagga@2:system@6:vrrp@1:wanloadbalance@3:webgui@1:webproxy@1:zone-policy@1" === */ /* Release version: VyOS 1.1.7 */
- Ipsec/l2tp remote access works fine (tested on Windows 10 and IOS) at this stage. I can restart vpn or vrrp services and I can always reconnect without a problem.
- reboot vyos system
- suddenly it is impossible to connect via l2tp/ipsec. restarting vpn or vrrp services does not help.