Page MenuHomeVyOS Platform

IPSec cosmetic bug for Warning vti inrerface
Closed, ResolvedPublicBUG

Description

VyOS configuration:

set interfaces vti vti1 address '10.2.2.1/30'
set vpn ipsec authentication psk PSK id '192.168.100.184'
set vpn ipsec authentication psk PSK id '192.168.100.254'
set vpn ipsec authentication psk PSK secret 'SSSeeccRetT'
set vpn ipsec esp-group ESP-group lifetime '1800'
set vpn ipsec esp-group ESP-group mode 'tunnel'
set vpn ipsec esp-group ESP-group pfs 'enable'
set vpn ipsec esp-group ESP-group proposal 1 encryption 'aes256'
set vpn ipsec esp-group ESP-group proposal 1 hash 'sha256'
set vpn ipsec ike-group IKE-group key-exchange 'ikev1'
set vpn ipsec ike-group IKE-group lifetime '3600'
set vpn ipsec ike-group IKE-group proposal 1 encryption 'aes256'
set vpn ipsec ike-group IKE-group proposal 1 hash 'sha256'
set vpn ipsec interface 'eth1'
set vpn ipsec site-to-site peer OFFICE-B authentication local-id '192.168.100.254'
set vpn ipsec site-to-site peer OFFICE-B authentication mode 'pre-shared-secret'
set vpn ipsec site-to-site peer OFFICE-B authentication remote-id '192.168.100.184'
set vpn ipsec site-to-site peer OFFICE-B connection-type 'initiate'
set vpn ipsec site-to-site peer OFFICE-B dhcp-interface 'eth1'
set vpn ipsec site-to-site peer OFFICE-B ike-group 'IKE-group'
set vpn ipsec site-to-site peer OFFICE-B remote-address '192.168.100.184'
set vpn ipsec site-to-site peer OFFICE-B vti bind 'vti1'
set vpn ipsec site-to-site peer OFFICE-B vti esp-group 'ESP-group'

Warning vty instead of vti

vyos@r14# commit
[ vpn ipsec ]

WARNING: It's recommended to use ipsec vty with the next command
[set vpn ipsec option disable-route-autoinstall]

[edit]
vyos@r14#

Details

Difficulty level
Easy (less than an hour)
Version
VyOS 1.4-rolling-202305080742
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Cosmetic issue (typos etc.)