Page MenuHomeVyOS Platform

show: vpn ike sa & vpn debug don't show all tunnels setup
Closed, ResolvedPublicBUG

Description

some tunnels may not show up when executing runtime show commands such as:
show vpn ike sa
or
show vpn debug

Details

Version
1.2.0-rc9

Event Timeline

syncer triaged this task as Normal priority.
syncer edited projects, added VyOS 1.2 Crux ( VyOS 1.2.0-rc11); removed VyOS 1.2 Crux.

when trying to run the commands in rc10 the following error occurs

show vpn ipsec sa
Traceback (most recent call last):
  File "/usr/libexec/vyos/op_mode/show_ipsec_sa.py", line 51, in <module>
    raise e
  File "/usr/libexec/vyos/op_mode/show_ipsec_sa.py", line 39, in <module>
    time, _, _, ip, id = parse_conn_spec(status)
  File "/usr/libexec/vyos/op_mode/show_ipsec_sa.py", line 11, in parse_conn_spec
Status of IKE charon daemon (strongSwan 5.6.2, Linux 4.19.4-amd64-vyos, x86_64):
  uptime: 97 seconds, since Dec 06 01:50:30 2018
  malloc: sbrk 2822144, mmap 0, used 815136, free 2007008
  worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled:                                                           1
  loaded plugins: charon test-vectors ldap pkcs11 tpm aes rc2 sha2 sha1 md5 mgf1                                                           random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dn                                                          skey sshkey pem openssl gcrypt af-alg fips-prf gmp curve25519 agent xcbc cmac hm                                                          ac ctr ccm gcm curl attr kernel-netlink resolve socket-default connmark stroke v                                                          ici updown eap-identity eap-aka eap-md5 eap-gtc eap-mschapv2 eap-radius eap-tls                                                           eap-ttls eap-tnc xauth-generic xauth-eap xauth-pam xauth-noauth tnc-tnccs dhcp l                                                          ookip error-notify certexpire led addrblock counters

output of the sudo ipsec statusall command is:

Status of IKE charon daemon (strongSwan 5.6.2, Linux 4.19.4-amd64-vyos, x86_64):
  uptime: 6 minutes, since Dec 06 01:50:30 2018
  malloc: sbrk 2822144, mmap 0, used 815104, free 2007040
  worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 1
  loaded plugins: charon test-vectors ldap pkcs11 tpm aes rc2 sha2 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl gcrypt af-alg fips-prf gmp curve25519 agent xcbc cmac hmac ctr ccm gcm curl attr kernel-netlink resolve socket-default connmark stroke vici updown eap-identity eap-aka eap-md5 eap-gtc eap-mschapv2 eap-radius eap-tls eap-ttls eap-tnc xauth-generic xauth-eap xauth-pam xauth-noauth tnc-tnccs dhcp lookip error-notify certexpire led addrblock counters
Listening IP addresses:
  x.x.x.x
Connections:
peer-remotefqdn.com-tunnel-0:  xxx.xxx.xxx.xxx ...remotefqdn.com  IKEv1
peer-remotefqdn.com-tunnel-0:   local:  [localfqdn.com] uses pre-shared key authentication
peer-remotefqdn.com-tunnel-0:   remote: [remotefqdn.com] uses pre-shared key authentication
peer-remotefqdn.com-tunnel-0:   child:  192.168.xxx.0/24 === 192.168.xxx.0/24 TUNNEL
Security Associations (0 up, 1 connecting):
peer-remotefqdn.com-tunnel-0[1]: CONNECTING, xxx.xxx.xxx.xxx[%any]...xxx.xxx.xxx.xxx[%any]
peer-remotefqdn.com-tunnel-0[1]: IKEv1 SPIs: a0f838cd9a686f8d_i* 0000000000000000_r
peer-remotefqdn.com-tunnel-0[1]: Tasks queued: QUICK_MODE
peer-remotefqdn.com-tunnel-0[1]: Tasks active: ISAKMP_VENDOR ISAKMP_CERT_PRE MAIN_MODE ISAKMP_CERT_POST ISAKMP_NATD