Page MenuHomeVyOS Platform

Restart vpn shows some missed files
Closed, ResolvedPublicBUG

Description

Possible a cosmetic bug.

vyos@r1-roll:~$ restart vpn 
Possible completions:
  <Enter>       Execute the current command

      
vyos@r1-roll:~$ restart vpn 
Stopping strongSwan IPsec...
Starting strongSwan 5.9.1 IPsec [starter]...
opening directory '/etc/swanctl/x509ocsp' failed: No such file or directory
opening directory '/etc/swanctl/x509aa' failed: No such file or directory
opening directory '/etc/swanctl/x509ac' failed: No such file or directory
opening directory '/etc/swanctl/rsa' failed: No such file or directory
opening directory '/etc/swanctl/ecdsa' failed: No such file or directory
opening directory '/etc/swanctl/bliss' failed: No such file or directory
opening directory '/etc/swanctl/pkcs8' failed: No such file or directory
opening directory '/etc/swanctl/pkcs12' failed: No such file or directory
loaded ike secret 'ike_192-0-2-1'
no authorities found, 0 unloaded
no pools found, 0 unloaded
loaded connection 'peer_192-0-2-1'
successfully loaded 1 connections, 0 unloaded
vyos@r1-roll:~$ show vpn ipsec sa
Connection          State    Uptime    Bytes In/Out    Packets In/Out    Remote address    Remote ID    Proposal
------------------  -------  --------  --------------  ----------------  ----------------  -----------  ----------------------------------
peer_192-0-2-1_vti  up       37s       0B/0B           0/0               192.0.2.1         N/A          AES_CBC_256/HMAC_SHA1_96/MODP_1024

Configuration:

set interfaces ethernet eth1 address '192.0.2.2/30'
set interfaces vti vti2 address '10.0.0.2/30'
set vpn ipsec esp-group ESP-GRP-VTI compression 'disable'
set vpn ipsec esp-group ESP-GRP-VTI lifetime '1800'
set vpn ipsec esp-group ESP-GRP-VTI mode 'tunnel'
set vpn ipsec esp-group ESP-GRP-VTI pfs 'enable'
set vpn ipsec esp-group ESP-GRP-VTI proposal 1 encryption 'aes256'
set vpn ipsec esp-group ESP-GRP-VTI proposal 1 hash 'sha1'
set vpn ipsec ike-group IKE-GRP-VTI ikev2-reauth 'no'
set vpn ipsec ike-group IKE-GRP-VTI key-exchange 'ikev1'
set vpn ipsec ike-group IKE-GRP-VTI lifetime '3600'
set vpn ipsec ike-group IKE-GRP-VTI proposal 1 dh-group '2'
set vpn ipsec ike-group IKE-GRP-VTI proposal 1 encryption 'aes256'
set vpn ipsec ike-group IKE-GRP-VTI proposal 1 hash 'sha1'
set vpn ipsec interface 'eth1'
set vpn ipsec site-to-site peer 192.0.2.1 authentication mode 'pre-shared-secret'
set vpn ipsec site-to-site peer 192.0.2.1 authentication pre-shared-secret 'SeCrEt'
set vpn ipsec site-to-site peer 192.0.2.1 ike-group 'IKE-GRP-VTI'
set vpn ipsec site-to-site peer 192.0.2.1 local-address '192.0.2.2'
set vpn ipsec site-to-site peer 192.0.2.1 vti bind 'vti2'
set vpn ipsec site-to-site peer 192.0.2.1 vti esp-group 'ESP-GRP-VTI'

Details

Difficulty level
Easy (less than an hour)
Version
VyOS 1.4-rolling-202107280117
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)