Page MenuHomeVyOS Platform
Create Task
Maniphest T6618

ipsec: remote access VPN: "generate ipsec profile windows-remote-access" broken
Closed, ResolvedPublic
Actions

Description

See the following error:

lucas@lcn-router:~$ generate ipsec profile windows-remote-access ClientVPN remote x.x.x.x
Traceback (most recent call last):
  File "/usr/libexec/vyos/op_mode/ikev2_profile_generator.py", line 234, in <module>
    data['ike_encryption'] = ike['1']
                             ~~~^^^^^
KeyError: '1'

Note that the windows profile generator probably also needs to be examined along similar lines to T6617, to make sure x509 mode is properly accounted for and PFS dh-groups work.

Details

Version
1.5-rolling-202407280023
Is it a breaking change?
Perfectly compatible
Issue type
Bug (incorrect behavior)

Related Objects

Event Timeline

lucasec created this task.Jul 29 2024, 8:31 AM
lucasec created this object in space S1 VyOS Public.
pasik subscribed.Jul 29 2024, 2:44 PM
lucasec changed the task status from Open to In progress.Jul 30 2024, 7:29 AM

PR https://github.com/vyos/vyos-1x/pull/3903

Restricted Repository Identity mentioned this in rVYOSONEXb12cd41000bf: Merge pull request #3903 from lucasec/ipsec-remote-access-profile.Aug 1 2024, 5:50 AM
lucasec mentioned this in rVYOSONEXe97d86e619e1: T6617: T6618: vpn ipsec remote-access: fix profile generators.Aug 1 2024, 5:50 AM
c-po added projects: VyOS Rolling, VyOS 1.4 Sagitta (1.4.1).Aug 1 2024, 5:51 AM
c-po moved this task from Open to Finished on the VyOS 1.5 Circinus board.
Restricted Repository Identity mentioned this in rVYOSONEXca12e0bc07ea: T6617: T6618: vpn ipsec remote-access: fix profile generators.Aug 1 2024, 5:52 AM
Restricted Repository Identity mentioned this in rVYOSONEX1171e3d359cc: T6617: T6618: vpn ipsec remote-access: fix profile generators.
Restricted Repository Identity mentioned this in rVYOSONEXc6e611b7a47c: Merge pull request #3922 from vyos/mergify/bp/circinus/pr-3903.Aug 1 2024, 11:09 AM
Restricted Repository Identity mentioned this in rVYOSONEXede841f31425: Merge pull request #3921 from vyos/mergify/bp/sagitta/pr-3903.Aug 2 2024, 12:43 PM
Viacheslav changed the task status from In progress to Needs testing.Aug 2 2024, 1:52 PM
dmbaturin added a project: Bugs.Sep 15 2024, 5:03 PM
syncer added a subscriber: Global Notifications.Nov 1 2024, 9:19 PM
dmbaturin moved this task from Backlog to Finished on the VyOS 1.4 Sagitta (1.4.1) board.Dec 3 2024, 3:48 PM
c-po mentioned this in rVYOSONEX117e9edef844: ipsec: T7225: iOS18+ always requires ExtendedAuthEnabled to be set.Mar 7 2025, 9:31 AM
c-po mentioned this in rVYOSONEXc31df5a5b5c1: ipsec: T7225: fix dynamic generation of IKE DiffieHellmanGroup in iOS profile.
Viacheslav closed this task as Resolved.Sep 25 2025, 1:48 AM
Viacheslav moved this task from Need Triage to Completed on the VyOS Rolling board.