Page MenuHomeVyOS Platform
Create Task
Maniphest T2623

Creating sit tunnel fails with “Can not set “local” for tunnel sit tun1 at tunnel creation”
Closed, ResolvedPublicBUG
Actions

Description

The following config is what I used on my router to trigger this bug:

tunnel tun1 {
     6rd-prefix 2607:FA48:6ED8::/45
     6rd-relay-prefix 24.225.128.0/17
     address 2607:FA48:6ED8:8A50::1/60
     description "Videotron 6rd Tunnel"
     encapsulation sit
     firewall {
         in {
             ipv6-name WAN6_IN6
         }
         local {
             ipv6-name WAN6_LOCAL6
         }
     }
     local-ip 24.225.136.165
     mtu 1480
     multicast disable
     parameters {
         ip {
             ttl 255
         }
     }
     remote-ip 24.225.128.1
 }

Additionally, if I remove the local ip and commit, I will get a python stacktrace and a borked tunnel interface. If I commit again without changing anything, the tunnel is finally created but it still lacks a local ip.

Details

Difficulty level
Unknown (require assessment)
Version
1.3-rolling-202005051136
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Bug (incorrect behavior)

Event Timeline

starcraft66 created this task.Jun 21 2020, 7:21 AM
zsdc assigned this task to SrividyaA.Jul 14 2020, 6:21 PM
SrividyaA added a comment.Jul 17 2020, 10:22 PM

The issue did not reproduce in the VyOS 1.3-rolling-202007140117 version. Also commit fails if the local-ip is missing

vyos@vyos# delete interfaces tunnel tun1 local-ip 'x.x.x.x'
[edit]
vyos@vyos# commit
[ interfaces tunnel tun1 ]
Can not remove "local", it is an mandatory option for tunnel sit tun1

interfaces tunnel tun1 failed
Commit failed
[edit]

Please share the python stack trace received as mentioned above and also the steps followed to recreate the problem.

starcraft66 added a comment.EditedJul 20 2020, 12:55 AM

This happens when the system starts up:

Jul 19 20:41:55 235-gw Traceback (most recent call last):
Jul 19 20:41:55 235-gw   File "/usr/libexec/vyos/conf_mode/interfaces-tunnel.py", line 665, in <module>
Jul 19 20:41:55 235-gw     apply(c)
Jul 19 20:41:55 235-gw   File "/usr/libexec/vyos/conf_mode/interfaces-tunnel.py", line 616, in apply
Jul 19 20:41:55 235-gw     tunnel = kls(ifname, **config)
Jul 19 20:41:55 235-gw   File "/usr/lib/python3/dist-packages/vyos/ifconfig/tunnel.py", line 94, in __init__
Jul 19 20:41:55 235-gw     super().__init__(ifname, **config)
Jul 19 20:41:55 235-gw   File "/usr/lib/python3/dist-packages/vyos/ifconfig/interface.py", line 217, in __init__
Jul 19 20:41:55 235-gw     self._create()
Jul 19 20:41:55 235-gw   File "/usr/lib/python3/dist-packages/vyos/ifconfig/tunnel.py", line 333, in _create
Jul 19 20:41:55 235-gw     self.set_interface('state','down')
Jul 19 20:41:55 235-gw   File "/usr/lib/python3/dist-packages/vyos/ifconfig/tunnel.py", line 120, in set_interface
Jul 19 20:41:55 235-gw     self.change.format(**self.config), option, value))
Jul 19 20:41:55 235-gw   File "/usr/lib/python3/dist-packages/vyos/ifconfig/control.py", line 48, in _cmd
Jul 19 20:41:55 235-gw     return cmd(command, self.debug)
Jul 19 20:41:55 235-gw   File "/usr/lib/python3/dist-packages/vyos/util.py", line 155, in cmd
Jul 19 20:41:55 235-gw     raise OSError(code, feedback)
Jul 19 20:41:55 235-gw OSError: [Errno 255] failed to run command: ip tunnel cha tun1 state down
Jul 19 20:41:55 235-gw returned:
Jul 19 20:41:55 235-gw exit code: 255
Jul 19 20:41:55 235-gw noteworthy:
Jul 19 20:41:55 235-gw cmd 'ip tunnel cha tun1 state down'
Jul 19 20:41:55 235-gw returned (out):
Jul 19 20:41:55 235-gw returned (err):
Jul 19 20:41:55 235-gw Error: either "name" is duplicate, or "state" is a garbage.

To get things running, I need to ssh in over ipv4 and run

configure
load
commit

I then end up with a broken tunnel:

tun1@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1480 qdisc noqueue state UNKNOWN group default qlen 1000
link/sit 0.0.0.0 peer 24.225.128.1

I must then manually fix the tunnel with

sudo ip tunnel change tun1 local 24.225.136.165
SrividyaA added a comment.Jul 20 2020, 8:38 PM

Even after restart of the server, the local ip does reflect in the in the interface tunnel status.
I could see that your OS version is 1.3-rolling-202005051136, could you please check in the latest version.

7: tun0@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1472 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000

**link/sit 192.168.255.100 peer 216.66.84.46**
alias HE.NET IPv6 Tunnel

vyos@vyos:~$ show version

Version: VyOS 1.3-rolling-202007200117
Release Train: equuleus

vyos@vyos:~$ show system uptime
20:31:48 up 38 min, 1 user, load average: 0.00, 0.00, 0.00

pasik added a subscriber: pasik.Jul 21 2020, 1:13 PM
starcraft66 added a comment.Jul 31 2020, 6:15 PM

@SrividyaA I just upgraded to the latest rolling image (1.3-rolling-202007311330) and I can still reproduce the exact same issue with the config above. Here's output from show log.

Jul 31 14:06:59 235-gw netplugd[999]: sit0: ignoring event
Jul 31 14:06:59 235-gw systemd-udevd[4512]: link_config: autonegotiation is unset or enabled, the speed and duplex are not writable.
Jul 31 14:06:59 235-gw kernel: sit: IPv6, IPv4 and MPLS over IPv4 tunneling driver
Jul 31 14:06:59 235-gw netplugd[999]: tun1: ignoring event
Jul 31 14:06:59 235-gw systemd-udevd[4511]: link_config: autonegotiation is unset or enabled, the speed and duplex are not writable.
Jul 31 14:07:00 235-gw dhclient-script-vyos[4865]: Deleting nameservers with tag "dhcp-eth2" via vyos-hostsd-client
Jul 31 14:07:00 235-gw python3[4858]: Report Time:      2020-07-31 14:07:00
Jul 31 14:07:00 235-gw python3[4858]: Image Version:    VyOS 1.3-rolling-202007311330
Jul 31 14:07:00 235-gw python3[4858]: Release Train:    equuleus
Jul 31 14:07:00 235-gw python3[4858]: Built by:         [email protected]
Jul 31 14:07:00 235-gw python3[4858]: Built on:         Fri 31 Jul 2020 13:30 UTC
Jul 31 14:07:00 235-gw python3[4858]: Build UUID:       c5dcd109-bd2d-44fa-8d69-f82d03d0ee53
Jul 31 14:07:00 235-gw python3[4858]: Build Commit ID:  09eedb0dccf687
Jul 31 14:07:00 235-gw Architecture[4858]:     x86_64
Jul 31 14:07:00 235-gw python3[4858]: Boot via:         installed image
Jul 31 14:07:00 235-gw python3[4858]: System type:      bare metal
Jul 31 14:07:00 235-gw python3[4858]: Hardware vendor:  HP
Jul 31 14:07:00 235-gw python3[4858]: Hardware model:   HP t730 Thin Client
Jul 31 14:07:00 235-gw python3[4858]: Hardware S/N:     MXL7012LCP
Jul 31 14:07:00 235-gw python3[4858]: Hardware UUID:    cc998d0e-4016-23fe-22b1-38596af292cf
Jul 31 14:07:00 235-gw python3[4858]: Traceback (most recent call last):
Jul 31 14:07:00 235-gw python3[4858]:   File "/usr/libexec/vyos/conf_mode/interfaces-tunnel.py", line 715, in <module>
Jul 31 14:07:00 235-gw python3[4858]:     apply(c)
Jul 31 14:07:00 235-gw python3[4858]:   File "/usr/libexec/vyos/conf_mode/interfaces-tunnel.py", line 665, in apply
Jul 31 14:07:00 235-gw python3[4858]:     tunnel = kls(ifname, **config)
Jul 31 14:07:00 235-gw python3[4858]:   File "/usr/lib/python3/dist-packages/vyos/ifconfig/tunnel.py", line 94, in __init__
Jul 31 14:07:00 235-gw python3[4858]:     super().__init__(ifname, **config)
Jul 31 14:07:00 235-gw python3[4858]:   File "/usr/lib/python3/dist-packages/vyos/ifconfig/interface.py", line 237, in __init__
Jul 31 14:07:00 235-gw python3[4858]:     self._create()
Jul 31 14:07:00 235-gw python3[4858]:   File "/usr/lib/python3/dist-packages/vyos/ifconfig/tunnel.py", line 333, in _create
Jul 31 14:07:00 235-gw python3[4858]:     self.set_interface('state','down')
Jul 31 14:07:00 235-gw python3[4858]:   File "/usr/lib/python3/dist-packages/vyos/ifconfig/tunnel.py", line 120, in set_interface
Jul 31 14:07:00 235-gw python3[4858]:     self.change.format(**self.config), option, value))
Jul 31 14:07:00 235-gw python3[4858]:   File "/usr/lib/python3/dist-packages/vyos/ifconfig/control.py", line 51, in _cmd
Jul 31 14:07:00 235-gw python3[4858]:     return cmd(command, self.debug)
Jul 31 14:07:00 235-gw python3[4858]:   File "/usr/lib/python3/dist-packages/vyos/util.py", line 179, in cmd
Jul 31 14:07:00 235-gw python3[4858]:     raise OSError(code, feedback)
Jul 31 14:07:00 235-gw OSError[4858]: [Errno 255] failed to run command: ip tunnel cha tun1 state down
Jul 31 14:07:00 235-gw returned[4858]:
Jul 31 14:07:00 235-gw python3[4858]: exit code: 255
Jul 31 14:07:00 235-gw noteworthy[4858]:
Jul 31 14:07:00 235-gw python3[4858]: cmd 'ip tunnel cha tun1 state down'
Jul 31 14:07:00 235-gw python3[4858]: returned (out):
Jul 31 14:07:00 235-gw python3[4858]: returned (err):
Jul 31 14:07:00 235-gw Error[4858]: either "name" is duplicate, or "state" is a garbage.
zsdc changed the task status from Open to Confirmed.Aug 3 2020, 7:12 PM
zsdc added a subscriber: zsdc.

Just to make this a bit clearer. A short how-to to reproduce the bug in 1.3-rolling-202008031114 with empty config:

set firewall ipv6-name WAN6_IN6
set firewall ipv6-name WAN6_LOCAL6
set interfaces tunnel tun1 6rd-prefix '2607:FA48:6ED8::/45'
set interfaces tunnel tun1 6rd-relay-prefix '24.225.128.0/17'
set interfaces tunnel tun1 address '2607:FA48:6ED8:8A50::1/60'
set interfaces tunnel tun1 description 'Videotron 6rd Tunnel'
set interfaces tunnel tun1 encapsulation 'sit'
set interfaces tunnel tun1 firewall in ipv6-name 'WAN6_IN6'
set interfaces tunnel tun1 firewall local ipv6-name 'WAN6_LOCAL6'
set interfaces tunnel tun1 mtu '1480'
set interfaces tunnel tun1 multicast 'disable'
set interfaces tunnel tun1 parameters ip ttl '255'
set interfaces tunnel tun1 remote-ip '24.225.128.1'
set interfaces tunnel tun1 local-ip '24.225.136.165'
commit

leads to the error:

Can not set "local" for tunnel sit tun1 at tunnel creation

and the same but without the local-ip option leads to the Python traceback.

So, it is necessary to:

  1. check if a local-ip option really cannot be used in this case and an error message is used in an appropriate place.
  2. check if this type of configuration can be used without a local-ip, and fix tunnel creating if this is true.
SrividyaA added a comment.Aug 6 2020, 10:03 PM

The commit fails when the local-ip option is included only with the 6RD prefix options (without 6RD option, 6in4 tunnel is created). In the tunnel.py script, local value is not defined as result stack trace is received

class Sit6RDIf(SitIf):
    """
    Sit6RDIf: Simple Internet Transition with 6RD
    https://en.wikipedia.org/wiki/IPv6_rapid_deployment
    """
    ip = [IP6,]
    required = ['remote', '6rd-prefix']
.
.
create = 'ip tunnel add {ifname} mode {type} remote {remote}'

Also, when the 6rd-prefix is configured greater than /32, following error is received:

vyos@vyos-lab1:~$ sudo ip tunnel 6rd dev tun3 6rd-prefix 2607:FA48:6ED9::/45
tun3: ioctl 89f9 failed: Invalid argument

These options are needed for 6rd tunnel:

IPv4MaskLen         The number of high-order bits that are identical
                    across all CE IPv4 addresses within a given 6rd
                    domain.  This may be any value between 0 and 32.
                    Any value greater than 32 is invalid.
6rdPrefixLen        The IPv6 prefix length of the SP's 6rd IPv6
                    prefix in number of bits.  For the purpose of
                    bounds checking by DHCP option processing, the
                    sum of (32 - IPv4MaskLen) + 6rdPrefixLen MUST be
                    less than or equal to 128.
6rdBRIPv4Address    One or more IPv4 addresses of the 6rd Border
                    Relay(s) for a given 6rd domain.

RFC5969 has provided the entire details needed for configuration

zsdc reassigned this task from SrividyaA to c-po.Aug 7 2020, 12:58 PM
zsdc added a subscriber: SrividyaA.
thomas-mangin added a subscriber: thomas-mangin.Aug 7 2020, 1:01 PM

I will have a look as this was not supported by vyatta and therefore not added to the code when converted to python

c-po reassigned this task from c-po to thomas-mangin.Aug 10 2020, 3:20 PM
c-po added a subscriber: c-po.
shaferstockton added a subscriber: shaferstockton.Dec 21 2020, 4:36 AM
starcraft66 added a comment.Feb 27 2021, 10:49 PM

Just chiming back in to let you guys know I installed the latest vyos rolling release after all this time and the issue seems to have been fixed!

dmbaturin added a project: test.Jul 29 2021, 12:47 PM
Viacheslav closed this task as Resolved.Aug 2 2021, 4:09 PM
Viacheslav added a subscriber: Viacheslav.

Fixed, tested in 1.3.0-rc5

set firewall ipv6-name WAN6_IN6
set firewall ipv6-name WAN6_LOCAL6
set interfaces ethernet eth1 address '192.0.2.1/24'
set interfaces ethernet eth1 description 'FOO'
set interfaces tunnel tun1 6rd-prefix '2607:FA48:6ED8::/45'
set interfaces tunnel tun1 6rd-relay-prefix '24.225.128.0/17'
set interfaces tunnel tun1 address '2607:FA48:6ED8:8A50::1/60'
set interfaces tunnel tun1 description 'Videotron 6rd Tunnel'
set interfaces tunnel tun1 encapsulation 'sit'
set interfaces tunnel tun1 firewall in ipv6-name 'WAN6_IN6'
set interfaces tunnel tun1 firewall local ipv6-name 'WAN6_LOCAL6'
set interfaces tunnel tun1 mtu '1480'
set interfaces tunnel tun1 multicast 'disable'
set interfaces tunnel tun1 parameters ip ttl '255'
set interfaces tunnel tun1 remote '192.0.2.2'
set interfaces tunnel tun1 source-address '192.0.2.1'

Commit:

[email protected]# commit
[edit]
[email protected]# sudo ip tunnel show
sit0: ipv6/ip remote any local any ttl 64 nopmtudisc 6rd-prefix 2002::/16
tun1: ipv6/ip remote 192.0.2.2 local 192.0.2.1 ttl 255 tos inherit 6rd-prefix 2002::/16
[edit]
[email protected]#
erkin set Issue type to Bug (incorrect behavior).Aug 29 2021, 2:14 PM
erkin removed a subscriber: Active contributors.
syncer edited projects, added VyOS 1.3 Equuleus (1.3.0-epa1); removed test, VyOS 1.3 Equuleus.Sep 5 2021, 7:06 AM
c-po moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0-epa1) board.Sep 5 2021, 4:08 PM