Page MenuHomeVyOS Platform

IPSec VPN: restart vpn is not working
Closed, ResolvedPublicBUG

Description

IPsec VPN op command "restart vpn" is not working even though the ipsec process is running.

vyos@vyos:~$ restart vpn
IPsec VPN not configured


vyos@vyos:~$ show vpn ike sa
Peer ID / IP                            Local ID / IP
------------                            -------------
10.217.80.110                           10.217.80.94

    State  IKEVer  Encrypt  Hash    D-H Group      NAT-T  A-Time  L-Time
    -----  ------  -------  ----    ---------      -----  ------  ------
    up     IKEv2   aes256   sha1_96 2(MODP_1024)   no     3600    86400



vyos@vyos:~$ show vpn ipsec status
IPSec Process Running PID: 1878

1 Active IPsec Tunnels

IPsec Interfaces :
        eth0    (10.217.80.94)

vyos@vyos:~$ show vpn ipsec sa
Connection                   State    Uptime    Bytes In/Out    Packets In/Out    Remote address    Remote ID    Proposal
---------------------------  -------  --------  --------------  ----------------  ----------------  -----------  ----------------------------------
peer-10.217.80.110-tunnel-0  up       8m58s     0B/0B           0/0               10.217.80.110     N/A          AES_CBC_256/HMAC_SHA1_96/MODP_1024

Details

Version
VyOS 1.3.4
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Unspecified (please specify)

Related Objects

Mentioned In
1.3.6

Event Timeline

I’m also seeing this error after the update to 1.3.4

It looks like maybe there’s just some op mode command changes.

I found that “reset vpn ipsec-peer <ip/id>” did flap a peer. This won’t reset all peers at once, however.

Viacheslav changed the task status from Open to In progress.Nov 8 2023, 4:34 PM
Viacheslav assigned this task to SrividyaA.

Tested in 1.3.5, the issue still exist as stated by @fernando

vyos@vyos# run restart vpn
IPsec VPN not configured
[edit]
vyos@vyos# run sh vpn ike sa
Peer ID / IP                            Local ID / IP
------------                            -------------
10.xx.xx.110                           10.xx.xx.94

    State  IKEVer  Encrypt  Hash    D-H Group      NAT-T  A-Time  L-Time
    -----  ------  -------  ----    ---------      -----  ------  ------
    up   IKEv1   n/a      n/a     n/a(n/a)       no     0       n/a


vyos@vyos# run sh ver

Version:          VyOS 1.3.5
Release train:    equuleus

Built by:         Sentrium S.L.
Built on:         Mon 04 Dec 2023 21:36 UTC
Build UUID:       c459bdc8-b253-4e7d-af80-d21e91402e20
Build commit ID:  d5f3d5002ffbe9

Architecture:     x86_64
Boot via:         installed image
System type:      KVM guest

Hardware vendor:  QEMU
Hardware model:   Standard PC (i440FX + PIIX, 1996)
Hardware S/N:
Hardware UUID:    eb8135f4-4c76-4203-be4e-c2dd51112195

Copyright:        VyOS maintainers and contributors
[edit]
Viacheslav triaged this task as Urgent! priority.Jan 12 2024, 5:47 PM