Page MenuHomeVyOS Platform
Create Task
Maniphest T4168

IPsec VPN is impossible to restart when DMVPN is configured
Closed, ResolvedPublicBUG
Actions

Description

When DMVPN is configured, sometime strongswan can not apply configuration for daemon is down reasons

vyos@VyOS-Spoke1:~$ restart vpn 
Restarting IPsec process...
connecting to 'unix:///var/run/charon.vici' failed: Connection refused
Error: connecting to 'default' URI failed: Connection refused
strongSwan 5.7.2 swanctl
usage:
  swanctl --load-all [--raw|--pretty] [--clear] [--noprompt]
           --help            (-h)  show usage information
           --clear           (-c)  clear previously loaded credentials
           --noprompt        (-n)  do not prompt for passwords
           --raw             (-r)  dump raw response message
           --pretty          (-P)  dump raw response message in pretty print
           --file            (-f)  custom path to swanctl.conf
           --debug           (-v)  set debug level, default: 1
           --options         (-+)  read command line options from file
           --uri             (-u)  service URI to connect to

We need to check that daemon is ready to listen to commands before applying it https://github.com/vyos/vyatta-op-vpn/commit/49ebd98d580c8cea83da510ded19d7bc163218c4

Details

Difficulty level
Easy (less than an hour)
Version
1.3.0
Why the issue appeared?
Implementation mistake
Is it a breaking change?
Perfectly compatible
Issue type
Bug (incorrect behavior)

Related Objects

Mentioned In
1.3.3
1.3.1

Event Timeline

Unknown Object (User) assigned this task to Viacheslav.Jan 11 2022, 8:27 AM
Unknown Object (User) created this task.
Viacheslav added a comment.Jan 12 2022, 4:04 PM

PR https://github.com/vyos/vyatta-op-vpn/pull/32

Viacheslav changed the task status from Open to In progress.Jan 12 2022, 4:04 PM
Viacheslav closed this task as Resolved.Jan 12 2022, 4:48 PM
Viacheslav edited projects, added VyOS 1.3 Equuleus ( 1.3.1); removed VyOS 1.3 Equuleus.
Viacheslav moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus ( 1.3.1) board.
pasik added a subscriber: pasik.Jan 12 2022, 4:57 PM
dmbaturin renamed this task from Does not possible to reset VPN properly when DMVPN configured to IPsec VPN is impossible to restart when DMVPN is configured.Mar 21 2022, 11:56 AM
dmbaturin changed Why the issue appeared? from Will be filled on close to Implementation mistake.
dmbaturin changed Is it a breaking change? from Unspecified (possibly destroys the router) to Perfectly compatible.
dmbaturin changed Issue type from Unspecified (please specify) to Bug (incorrect behavior).
dmbaturin mentioned this in 1.3.1.Jun 11 2022, 8:40 AM
dmbaturin mentioned this in 1.3.3.Sep 22 2022, 10:56 AM