some tunnels may not show up when executing runtime show commands such as:
show vpn ike sa
or
show vpn debug
Description
Description
Details
Details
- Version
- 1.2.0-rc9
Related Objects
Related Objects
- Mentioned In
- rVYOSONEX898889396f3c: Merge pull request #63 from daniel-pro/T1077
- Mentioned Here
- T1079: Duplicated IPSec Tunnel
Event Timeline
Comment Actions
when trying to run the commands in rc10 the following error occurs
show vpn ipsec sa Traceback (most recent call last): File "/usr/libexec/vyos/op_mode/show_ipsec_sa.py", line 51, in <module> raise e File "/usr/libexec/vyos/op_mode/show_ipsec_sa.py", line 39, in <module> time, _, _, ip, id = parse_conn_spec(status) File "/usr/libexec/vyos/op_mode/show_ipsec_sa.py", line 11, in parse_conn_spec Status of IKE charon daemon (strongSwan 5.6.2, Linux 4.19.4-amd64-vyos, x86_64): uptime: 97 seconds, since Dec 06 01:50:30 2018 malloc: sbrk 2822144, mmap 0, used 815136, free 2007008 worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 1 loaded plugins: charon test-vectors ldap pkcs11 tpm aes rc2 sha2 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dn skey sshkey pem openssl gcrypt af-alg fips-prf gmp curve25519 agent xcbc cmac hm ac ctr ccm gcm curl attr kernel-netlink resolve socket-default connmark stroke v ici updown eap-identity eap-aka eap-md5 eap-gtc eap-mschapv2 eap-radius eap-tls eap-ttls eap-tnc xauth-generic xauth-eap xauth-pam xauth-noauth tnc-tnccs dhcp l ookip error-notify certexpire led addrblock counters
output of the sudo ipsec statusall command is:
Status of IKE charon daemon (strongSwan 5.6.2, Linux 4.19.4-amd64-vyos, x86_64): uptime: 6 minutes, since Dec 06 01:50:30 2018 malloc: sbrk 2822144, mmap 0, used 815104, free 2007040 worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 1 loaded plugins: charon test-vectors ldap pkcs11 tpm aes rc2 sha2 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl gcrypt af-alg fips-prf gmp curve25519 agent xcbc cmac hmac ctr ccm gcm curl attr kernel-netlink resolve socket-default connmark stroke vici updown eap-identity eap-aka eap-md5 eap-gtc eap-mschapv2 eap-radius eap-tls eap-ttls eap-tnc xauth-generic xauth-eap xauth-pam xauth-noauth tnc-tnccs dhcp lookip error-notify certexpire led addrblock counters Listening IP addresses: x.x.x.x Connections: peer-remotefqdn.com-tunnel-0: xxx.xxx.xxx.xxx ...remotefqdn.com IKEv1 peer-remotefqdn.com-tunnel-0: local: [localfqdn.com] uses pre-shared key authentication peer-remotefqdn.com-tunnel-0: remote: [remotefqdn.com] uses pre-shared key authentication peer-remotefqdn.com-tunnel-0: child: 192.168.xxx.0/24 === 192.168.xxx.0/24 TUNNEL Security Associations (0 up, 1 connecting): peer-remotefqdn.com-tunnel-0[1]: CONNECTING, xxx.xxx.xxx.xxx[%any]...xxx.xxx.xxx.xxx[%any] peer-remotefqdn.com-tunnel-0[1]: IKEv1 SPIs: a0f838cd9a686f8d_i* 0000000000000000_r peer-remotefqdn.com-tunnel-0[1]: Tasks queued: QUICK_MODE peer-remotefqdn.com-tunnel-0[1]: Tasks active: ISAKMP_VENDOR ISAKMP_CERT_PRE MAIN_MODE ISAKMP_CERT_POST ISAKMP_NATD