Page MenuHomeVyOS Platform

l2tp configuration not cleared after delete
Open, NormalPublicBUG

Description

To reproduce add l2tp configuration and delete it:

set interfaces dummy dum0 address 203.0.113.1/32
set vpn ipsec ipsec-interfaces interface dum0
set vpn ipsec nat-networks allowed-network 0.0.0.0/0
set vpn ipsec nat-traversal 'enable'
set vpn l2tp remote-access authentication local-users username foo password bar
set vpn l2tp remote-access authentication mode 'local'
set vpn l2tp remote-access authentication require 'chap'
set vpn l2tp remote-access client-ip-pool start 10.200.100.100
set vpn l2tp remote-access client-ip-pool stop 10.200.100.110
set vpn l2tp remote-access description 'VPN-REMOTE'
set vpn l2tp remote-access dns-servers server-1 '1.1.1.1'
set vpn l2tp remote-access idle '1800'
set vpn l2tp remote-access ipsec-settings authentication mode 'pre-shared-secret'
set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret SeCret
set vpn l2tp remote-access ipsec-settings ike-lifetime '8600'
set vpn l2tp remote-access ipsec-settings lifetime '3600'
set vpn l2tp remote-access outside-address 203.0.113.1

Delete l2tp:

[email protected]# delete vpn l2tp 
[edit]
[email protected]# commit
[ vpn ]
Note: the IPsec process will not start until you configure some tunnels, profiles, or L2TP/IPsec settings

[edit]
[email protected]#

File still present:

[email protected]# sudo cat /etc/ipsec.d/tunnels/remote-access 
### VyOS L2TP VPN Begin ###
conn remote-access
  type=transport
  left=203.0.113.1
  leftsubnet=%dynamic[/1701]
  rightsubnet=%dynamic
  mark_in=%unique
  auto=add
  ike=aes256-sha1-modp1024,3des-sha1-modp1024,3des-sha1-modp1024!
  dpddelay=15
  dpdtimeout=45
  dpdaction=clear
  esp=aes256-sha1,3des-sha1!
  rekey=no
  authby=secret
  leftauth=psk
  rightauth=psk
  ikelifetime=8600
  keylife=3600
### VyOS L2TP VPN End ###[edit]
[email protected]#

Secrets also still present:

[email protected]# sudo cat  /etc/ipsec.secrets 
# generated by /opt/vyatta/sbin/vpn-config.pl

### VyOS L2TP VPN Begin ###
203.0.113.1 %any : PSK "SeCret"
### VyOS L2TP VPN End ###
[edit]
[email protected]#

Swanctl:

[email protected]# sudo swanctl -L
remote-access: IKEv1, no reauthentication, dpd delay 15s
  local:  203.0.113.1
  remote: %any
  local pre-shared key authentication:
    id: 203.0.113.1
  remote pre-shared key authentication:
  remote-access: TRANSPORT, no rekeying, dpd action is clear
    local:  dynamic[0/l2f]
    remote: dynamic
[edit]
[email protected]#

Details

Difficulty level
Unknown (require assessment)
Version
VyOS 1.2.8, VyOS 1.3.0-rc6
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Bug (incorrect behavior)

Event Timeline

Viacheslav changed the task status from Open to Confirmed.Sep 21 2021, 8:55 AM
Viacheslav created this task.
dmbaturin added a subscriber: dmbaturin.

No one complained about this issue in a while, but feel free to reopen, if anything.

Viacheslav triaged this task as Normal priority.Jan 20 2024, 2:00 AM

It cannot be backported to 1.3 as there are no config-mode-dependencies