Page MenuHomeVyOS Platform
Create Task
Maniphest T842

Adopt VyOS CLI to latest StrongSwan options and deprecated Keywords
Closed, ResolvedPublicFEATURE REQUEST
Actions

Description

Logfiles contain messages like:
Sep 11 18:26:33 LR1 ipsec_starter[6113]: # deprecated keyword 'nat_traversal' in config setup

And StrongSwan PPL say: https://wiki.strongswan.org/issues/1547

Thus we should remove VyOS CLI options for set vpn ipsec nat-traversal 'enable' and set vpn ipsec ipsec-interfaces interface 'eth1'

Details

Difficulty level
Normal (likely a few hours)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Behavior change

Related Objects
Search...

Event Timeline

c-po created this task.Sep 11 2018, 4:34 PM
syncer triaged this task as Normal priority.Sep 25 2018, 2:05 PM
pasik added a subscriber: pasik.Oct 1 2018, 9:50 AM
syncer edited projects, added VyOS 1.2 Crux (VyOS 1.2.0-rc4); removed VyOS 1.2 Crux.Oct 13 2018, 10:09 AM
syncer assigned this task to c-po.Oct 13 2018, 7:06 PM
syncer edited projects, added VyOS 1.2 Crux (VyOS 1.2.0-rc5); removed VyOS 1.2 Crux (VyOS 1.2.0-rc4).Oct 24 2018, 4:39 PM
syncer edited projects, added VyOS 1.2 Crux (VyOS 1.2.0-rc6); removed VyOS 1.2 Crux (VyOS 1.2.0-rc5).Oct 29 2018, 6:16 PM
dmbaturin edited projects, added VyOS 1.3 Equuleus; removed VyOS 1.2 Crux (VyOS 1.2.0-rc6).Nov 3 2018, 11:23 PM
dmbaturin added a subscriber: dmbaturin.

Since it does no harm, I suppose we can address it when we get to rewriting those scripts.

c-po removed c-po as the assignee of this task.Apr 3 2019, 8:10 PM
dmbaturin added a parent task: T2816: Rewrite IPsec scripts with the new XML/Python approach.Aug 20 2020, 3:47 PM
zsdc changed Difficulty level from Unknown (require assessment) to Normal (likely a few hours).Mar 11 2021, 7:00 PM
zsdc set Is it a breaking change? to Behavior change.
Viacheslav mentioned this in T3588: IPSec: migrate no longer available options from CLI which are now hardcoded/enabled in strongSwan.Jun 1 2021, 10:13 AM
Viacheslav added a subscriber: Viacheslav.Jun 1 2021, 10:17 AM

Note
ipsec-interface not deprecated. This option needed.

set vpn ipsec ipsec-interfaces interface 'eth1'
c-po added a parent task: T3588: IPSec: migrate no longer available options from CLI which are now hardcoded/enabled in strongSwan.Jun 1 2021, 8:46 PM
c-po closed this task as Resolved.Jun 6 2021, 5:35 PM
c-po claimed this task.
c-po edited projects, added VyOS 1.4 Sagitta; removed VyOS 1.3 Equuleus.
c-po moved this task from Need Triage to Finished on the VyOS 1.4 Sagitta board.Jun 13 2021, 11:23 AM