Hello.
I’m trying to set up a ikev2 remote-access VPN, but after setting it up I can’t create profiles with the built-in generator.
vyos@vyos:~$ generate ipsec profile windows-remote-access support remote vpn.somedomain.com Traceback (most recent call last): File "/usr/libexec/vyos/op_mode/ikev2_profile_generator.py", line 150, in <module> ca_cert = load_certificate(pki['ca'][ca_name]['certificate']) ~~~~~~~~~^^^^^^^^^ TypeError: unhashable type: 'list' vyos@vyos:~$
vyos@vyos:~$ show ver | match Version Version: VyOS 1.5-rolling-202405260021 vyos@vyos:~$
set pki ca isrgrootx1 certificate 'certdata' set pki ca lets-encrypt-r3 certificate 'certdata' set pki certificate vpn6 certificate 'certdata from letsencrypt' set pki certificate vpn6 private key 'privkey from letsencrypt' set vpn ipsec esp-group vpn lifetime '3600' set vpn ipsec esp-group vpn pfs 'enable' set vpn ipsec esp-group vpn proposal 10 encryption 'aes128gcm128' set vpn ipsec esp-group vpn proposal 10 hash 'sha256' set vpn ipsec ike-group vpn key-exchange 'ikev2' set vpn ipsec ike-group vpn lifetime '7200' set vpn ipsec ike-group vpn proposal 10 dh-group '14' set vpn ipsec ike-group vpn proposal 10 encryption 'aes128gcm128' set vpn ipsec ike-group vpn proposal 10 hash 'sha256' set vpn ipsec interface 'eth0' set vpn ipsec remote-access connection support authentication client-mode 'eap-mschapv2' set vpn ipsec remote-access connection support authentication local-id 'vpn.somedomain.com' set vpn ipsec remote-access connection support authentication local-users username stels password 'secret' set vpn ipsec remote-access connection support authentication server-mode 'x509' set vpn ipsec remote-access connection support authentication x509 ca-certificate 'isrgrootx1' set vpn ipsec remote-access connection support authentication x509 ca-certificate 'lets-encrypt-r3' set vpn ipsec remote-access connection support authentication x509 certificate 'vpn6' set vpn ipsec remote-access connection support esp-group 'vpn' set vpn ipsec remote-access connection support ike-group 'vpn' set vpn ipsec remote-access connection support local-address 'ip on eth0' set vpn ipsec remote-access connection support pool 'support' set vpn ipsec remote-access pool support name-server '1.1.1.1' set vpn ipsec remote-access pool support name-server '9.9.9.9' set vpn ipsec remote-access pool support prefix '192.168.120.64/27'
What information should I provide?