Page MenuHomeVyOS Platform
Create Task
Maniphest T3678

VyOS 1.4: Invalid error message while deleting ipsec vpn configuration
Closed, ResolvedPublicBUG
Actions

Description

There is no configuration related to the L2TP protocol but while deleting the existing configuration, I am getting the following error message "ERROR: failed to reapply L2TP IPSec settings!":

[edit interfaces]
-vti vti0 {
-    address 10.0.0.2/30
-}
[edit vpn]
-ipsec {
-    esp-group espA {
-        proposal 1 {
-            encryption aes256
-            hash sha256
-        }
-    }
-    ike-group ikeA {
-        proposal 1 {
-            dh-group 16
-            encryption aes256
-            hash sha256
-        }
-    }
-    ipsec-interfaces {
-        interface eth0
-    }
-    site-to-site {
-        peer 203.0.113.46 {
-            authentication {
-                mode pre-shared-secret
-                pre-shared-secret vyos
-            }
-            ike-group ikeA
-            local-address 203.0.113.45
-            vti {
-                bind vti0
-                esp-group espA
-            }
-        }
-    }
-}
[edit]
vyos@vyos# commit
[ vpn ipsec ]
ERROR: failed to reapply L2TP IPSec settings!


[edit]
vyos@vyos# compare
No changes between working and active configurations.
[edit]

The commit is successful and no issues are seen after the commit.

Version:          VyOS 1.4-rolling-202107122017
Release Train:    sagitta

Built by:         autobuild@vyos.net
Built on:         Tue 13 Jul 2021 07:17 UTC
Build UUID:       0b7a0c5f-8e68-4e69-83ef-afa9696aa8a1
Build Commit ID:  1a0da9f0bc8774

Details

Version
1.4-rolling-202107122017
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Bug (incorrect behavior)

Related Objects
Search...

Event Timeline

SrividyaA created this task.Jul 13 2021, 3:26 PM
SrividyaA renamed this task from VyoOS 1.4: Invalid error message while deleting ipsec vpn configuration to VyOS 1.4: Invalid error message while deleting ipsec vpn configuration.
SrividyaA added a comment.Jul 13 2021, 3:29 PM

Parent task: https://phabricator.vyos.net/T2816

Viacheslav added a parent task: T2816: Rewrite IPsec scripts with the new XML/Python approach.Jul 13 2021, 3:54 PM
sarthurdev subscribed.Jul 13 2021, 4:01 PM

This error occurs because the ipsec module blindly updates the l2tp module after a commit change to ensure any l2tp via ipsec config is then refreshed also.

This'll be fixed soon in my PR that brings L2TP over IPSec under the main ipsec module.

Viacheslav subscribed.Dec 21 2021, 10:41 PM

@SrividyaA Could you re-check it?

SrividyaA closed this task as Resolved.Dec 22 2021, 1:40 PM
SrividyaA claimed this task.

Working in latest release:

[edit vpn]
-ipsec {
-    esp-group esp1 {
-        compression disable
-        lifetime 27000
-        mode tunnel
-        pfs dh-group2
-        proposal 1 {
-            encryption aes128
-            hash sha1
-        }
-    }
-    ike-group ike1 {
-        close-action none
-        dead-peer-detection {
-            action restart
-            interval 2
-            timeout 15
-        }
-        ikev2-reauth no
-        key-exchange ikev2
-        lifetime 27000
-        mobike disable
-        proposal 1 {
-            dh-group 2
-            encryption aes128
-            hash sha1
-        }
-    }
-    site-to-site {
-        peer 192.168.255.237 {
-            authentication {
-                mode pre-shared-secret
-                pre-shared-secret vyos
-            }
-            default-esp-group esp1
-            ike-group ike1
-            local-address 192.168.255.101
-            tunnel 0 {
-                local {
-                    prefix 10.20.0.0/24
-                }
-                remote {
-                    prefix 10.1.0.0/24
-                }
-            }
-        }
-    }
-}

Version:

vyos@vyos# run sh ver

Version:          VyOS 1.4-rolling-202112200318
Release train:    sagitta

Built by:         autobuild@vyos.net
Built on:         Mon 20 Dec 2021 03:18 UTC
Build UUID:       d278e119-02af-469c-acaf-459a1e23e927
Build commit ID:  f84a69729ad517
SrividyaA set Issue type to Bug (incorrect behavior).Dec 22 2021, 1:40 PM