Page MenuHomeVyOS Platform
Create Task
Maniphest T4168

IPsec VPN is impossible to restart when DMVPN is configured
Closed, ResolvedPublicBUG
Actions

Description

When DMVPN is configured, sometime strongswan can not apply configuration for daemon is down reasons

vyos@VyOS-Spoke1:~$ restart vpn 
Restarting IPsec process...
connecting to 'unix:///var/run/charon.vici' failed: Connection refused
Error: connecting to 'default' URI failed: Connection refused
strongSwan 5.7.2 swanctl
usage:
  swanctl --load-all [--raw|--pretty] [--clear] [--noprompt]
           --help            (-h)  show usage information
           --clear           (-c)  clear previously loaded credentials
           --noprompt        (-n)  do not prompt for passwords
           --raw             (-r)  dump raw response message
           --pretty          (-P)  dump raw response message in pretty print
           --file            (-f)  custom path to swanctl.conf
           --debug           (-v)  set debug level, default: 1
           --options         (-+)  read command line options from file
           --uri             (-u)  service URI to connect to

We need to check that daemon is ready to listen to commands before applying it https://github.com/vyos/vyatta-op-vpn/commit/49ebd98d580c8cea83da510ded19d7bc163218c4

Details

Version
1.3.0
Is it a breaking change?
Perfectly compatible
Issue type
Bug (incorrect behavior)

Related Objects

Mentioned In
1.3.3
1.3.1

Event Timeline

Unknown Object (User) created this task.Jan 11 2022, 8:27 AM
Unknown Object (User) assigned this task to Viacheslav.
Viacheslav added a comment.Jan 12 2022, 4:04 PM

PR https://github.com/vyos/vyatta-op-vpn/pull/32

Viacheslav changed the task status from Open to In progress.Jan 12 2022, 4:04 PM
Viacheslav closed this task as Resolved.Jan 12 2022, 4:48 PM
Viacheslav edited projects, added VyOS 1.3 Equuleus ( 1.3.1); removed VyOS 1.3 Equuleus.
Viacheslav moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus ( 1.3.1) board.
pasik subscribed.Jan 12 2022, 4:57 PM
dmbaturin renamed this task from Does not possible to reset VPN properly when DMVPN configured to IPsec VPN is impossible to restart when DMVPN is configured.Mar 21 2022, 11:56 AM
dmbaturin edited a custom field.
dmbaturin changed Is it a breaking change? from Unspecified (possibly destroys the router) to Perfectly compatible.
dmbaturin changed Issue type from Unspecified (please specify) to Bug (incorrect behavior).
dmbaturin mentioned this in 1.3.1.Jun 11 2022, 8:40 AM
dmbaturin mentioned this in 1.3.3.Sep 22 2022, 10:56 AM