Page MenuHomeVyOS Platform

IPSEC does not apply after l2tp configuration was changed
In progress, NormalPublicBUG

Description

If you first configure and commit

set vpn ipsec interface 'eth0'
commit

and then configure l2tp server

set vpn l2tp remote-access authentication local-users username alice password 'notsecure'
set vpn l2tp remote-access authentication mode 'local'
set vpn l2tp remote-access client-ip-pool test range '10.1.1.0/24'
set vpn l2tp remote-access gateway-address '10.1.1.1'
set vpn l2tp remote-access ipsec-settings authentication mode 'pre-shared-secret'
set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret 'not-so-secret'
set vpn l2tp remote-access outside-address '192.168.1.1'

IPSEC does not UP

vyos@vyos:~$   sudo swanctl -L
vyos@vyos:~$

The same problem after deleting the l2tp configuration.
IPSEC configuration of L2tp stays in storngswan.

delete vpn l2tp
commit
vyos@vyos:~$ sudo swanctl -L
l2tp_remote_access: IKEv1/2, no reauthentication, rekeying every 3600s, dpd delay 15s
  local:  10.17.1.223
  remote: %any
  local pre-shared key authentication:
  remote pre-shared key authentication:
  l2tp_remote_access_esp: TRANSPORT, rekeying every 3272s, dpd action is none
    local:  dynamic[0/l2f]
    remote: dynamic

Details

Difficulty level
Unknown (require assessment)
Version
VyOS 1.5-rolling-202401090834; VyOS 1.3.5
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Bug (incorrect behavior)

Event Timeline

Deleting was described there T3843 and seems steel relevant

Viacheslav triaged this task as Normal priority.Jan 20 2024, 2:16 AM
Viacheslav changed the task status from Open to In progress.Tue, Feb 6, 1:54 PM
Viacheslav assigned this task to HollyGurza.
Viacheslav added a project: VyOS 1.4 Sagitta.