Page MenuHomeVyOS Platform

DHCP-client exit hook for IPsec is incorrect
Closed, ResolvedPublicBUG

Description

To reproduce configure ipsec site-to-site tunnel with DHCP client
logs:

Nov 28 14:07:35 r1 root[9642]: /etc/dhcp/dhclient-exit-hooks.d/ipsec-dhclient-hook returned non-zero exit status 1
Nov 28 14:07:35 r1 dhclient[1465]: bound to 10.x.x.x -- renewal in 132 seconds.

Execute script:

vyos@r1# /etc/dhcp/dhclient-exit-hooks.d/ipsec-dhclient-hook
Traceback (most recent call last):
  File "<stdin>", line 39, in <module>
NameError: name 'secrets_lines' is not defined
[edit]
vyos@r1#

So secrets_lines is not defined

It could be affected to secrets if DHCP address was changed

Details

Difficulty level
Normal (likely a few hours)
Version
VyOS 1.4-rolling-202211260318
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Bug (incorrect behavior)

Event Timeline

Viacheslav updated the task description. (Show Details)
Viacheslav updated the task description. (Show Details)

I'm having the same error. Even with NO ipsec configured. Just using DHCP.

Latest 1.4 version fetched from git repo.

It seems a simple

if secrets_lines:    # Added
    for i, line in enumerate(secrets_lines):
        if line.find(to_match) > 0:
            secrets_lines[i] = line.replace(old_ip, new_ip)

Would solve the problem.

@fdcastel The thing is, we don't have secrets_lines in the dictionary.
So, it is a wholly broken script and must be deleted or rewritten.

Viacheslav triaged this task as Normal priority.Jan 14 2024, 8:10 PM