OpenNHRP DMVPN configuration fuile clean after reboot if we have any IPSec configuration
To reproduce:
set interfaces ethernet eth1 address '192.0.2.14/24' set interfaces ethernet eth1 description 'WAN' set vpn ipsec esp-group group-ESP lifetime '3600' set vpn ipsec esp-group group-ESP mode 'tunnel' set vpn ipsec esp-group group-ESP pfs 'dh-group14' set vpn ipsec esp-group group-ESP proposal 10 encryption 'aes128' set vpn ipsec esp-group group-ESP proposal 10 hash 'sha1' set vpn ipsec ike-group group-IKE close-action 'none' set vpn ipsec ike-group group-IKE disable-mobike set vpn ipsec ike-group group-IKE key-exchange 'ikev2' set vpn ipsec ike-group group-IKE lifetime '28000' set vpn ipsec ike-group group-IKE proposal 10 dh-group '14' set vpn ipsec ike-group group-IKE proposal 10 encryption 'aes256gcm128' set vpn ipsec ike-group group-IKE proposal 10 hash 'sha1' set vpn ipsec interface 'eth1' set interfaces tunnel tun100 address '192.168.250.4/24' set interfaces tunnel tun100 encapsulation 'gre' set interfaces tunnel tun100 parameters ip key '1' set interfaces tunnel tun100 source-address '192.0.2.14' set protocols nhrp tunnel tun100 cisco-authentication 'secret' set protocols nhrp tunnel tun100 holding-time '30' set protocols nhrp tunnel tun100 multicast 'dynamic' set protocols nhrp tunnel tun100 redirect set protocols nhrp tunnel tun100 shortcut
Check config before the reboot:
vyos@r1-right# cat /run/opennhrp/opennhrp.conf
# Created by VyOS - manual changes will be overwritten
interface tun100 #hub
cisco-authentication secret
holding-time 30
multicast dynamic
redirect
shortcut
[edit]
vyos@r1-right#
[edit]
vyos@r1-right# save
[edit]
vyos@r1-right# run reboot now
Broadcast message from root@r1-right on pts/1 (Fri 2024-03-01 15:46:09 EET):
The system will reboot now!After reboot the file is clean:
vyos@r1-right:~$ cat /run/opennhrp/opennhrp.conf # Created by VyOS - manual changes will be overwritten vyos@r1-right:~$
Wihout vpn ipsec configuration, the file looks good.