Page MenuHomeVyOS Platform

Command 'show vpn ipsec remote-access' does not work
Closed, ResolvedPublicBUG

Description

Command 'show vpn ipsec remote-access' does not work

Configuration:

set vpn ipsec esp-group ESP-RW lifetime '3600'
set vpn ipsec esp-group ESP-RW pfs 'dh-group14'
set vpn ipsec esp-group ESP-RW proposal 10 encryption 'aes128gcm128'
set vpn ipsec esp-group ESP-RW proposal 10 hash 'sha256'
set vpn ipsec ike-group IKE-RW key-exchange 'ikev2'
set vpn ipsec ike-group IKE-RW lifetime '7200'
set vpn ipsec ike-group IKE-RW proposal 10 dh-group '14'
set vpn ipsec ike-group IKE-RW proposal 10 encryption 'aes128gcm128'
set vpn ipsec ike-group IKE-RW proposal 10 hash 'sha256'
set vpn ipsec remote-access connection rw authentication client-mode 'eap-mschapv2'
set vpn ipsec remote-access connection rw authentication local-id '192.168.139.52'
set vpn ipsec remote-access connection rw authentication local-users username test password 'test'
set vpn ipsec remote-access connection rw authentication local-users username vyos password 'vyos'
set vpn ipsec remote-access connection rw authentication server-mode 'x509'
set vpn ipsec remote-access connection rw authentication x509 ca-certificate 'CATEST2'
set vpn ipsec remote-access connection rw authentication x509 certificate 'Servercert'
set vpn ipsec remote-access connection rw esp-group 'ESP-RW'
set vpn ipsec remote-access connection rw ike-group 'IKE-RW'
set vpn ipsec remote-access connection rw local-address '192.168.139.52'
set vpn ipsec remote-access connection rw pool 'ra-rw-ipv4'
set vpn ipsec remote-access pool ra-rw-ipv4 name-server '192.168.111.1'
set vpn ipsec remote-access pool ra-rw-ipv4 prefix '192.0.2.128/25'

User test is connected

vyos@vyos:~$ sudo swanctl -l
ra-rw: #4, ESTABLISHED, IKEv2, a7867697cec07b6f_i 6360756cc2e70b82_r*
  local  '192.168.139.52' @ 192.168.139.52[4500]
  remote '192.168.1.2' @ 192.168.139.51[4500] EAP: 'test' [192.0.2.130]
  AES_GCM_16-128/PRF_HMAC_SHA2_256/MODP_2048
  established 598s ago, rekeying in 6183s
  ikev2-vpn: #8, reqid 1, INSTALLED, TUNNEL-in-UDP, ESP:AES_GCM_16-128/MODP_2048
    installed 236s ago, rekeying in 3198s, expires in 3724s
    in  cf78f8aa,   1624 bytes,     8 packets,   113s ago
    out 0f55a1ae,      0 bytes,     0 packets
    local  0.0.0.0/0 ::/0
    remote 192.0.2.130/32

But

vyos@vyos:~$ show vpn ipsec remote-access
No active remote access VPN sessions

Details

Version
VyOS 1.4-rolling-202303010317
Is it a breaking change?
Perfectly compatible
Issue type
Bug (incorrect behavior)