Maniphest T4856

DHCP-client exit hook for IPsec is incorrect
Open, Requires assessmentPublicBUG
Actions

Assigned To

None

Authored By

	Viacheslav
	Dec 1 2022, 4:34 PM

Tags

Referenced Files

None

Subscribers

Description

To reproduce configure ipsec site-to-site tunnel with DHCP client
logs:

Nov 28 14:07:35 r1 root[9642]: /etc/dhcp/dhclient-exit-hooks.d/ipsec-dhclient-hook returned non-zero exit status 1
Nov 28 14:07:35 r1 dhclient[1465]: bound to 10.x.x.x -- renewal in 132 seconds.

Execute script:

[email protected]# /etc/dhcp/dhclient-exit-hooks.d/ipsec-dhclient-hook
Traceback (most recent call last):
  File "<stdin>", line 39, in <module>
NameError: name 'secrets_lines' is not defined
[edit]
[email protected]#

So secrets_lines is not defined

It could be affected to secrets if DHCP address was changed

Details

Difficulty level: Normal (likely a few hours)
Version: VyOS 1.4-rolling-202211260318
Why the issue appeared?: Will be filled on close
Is it a breaking change?: Unspecified (possibly destroys the router)
Issue type: Bug (incorrect behavior)

Related Objects

Mentioned In: T4362: Wan Load Balancing - Can't create routing tables

Event Timeline

Viacheslav created this task.Dec 1 2022, 4:34 PM

Viacheslav updated the task description. (Show Details)Dec 1 2022, 4:46 PM

Viacheslav updated the task description. (Show Details)

Viacheslav updated the task description. (Show Details)

pasik added a subscriber: pasik.Dec 1 2022, 8:51 PM

Viacheslav added a subscriber: zsdc.Dec 15 2022, 8:28 AM

Viacheslav mentioned this in T4362: Wan Load Balancing - Can't create routing tables.Wed, Mar 15, 6:59 AM

marc_s added a subscriber: marc_s.Wed, Mar 15, 7:20 AM