ipsec: remote access VPN: "generate ipsec profile windows-remote-access" broken
Needs testing, LowPublic
Actions

Assigned To

Authored By

	lucasec
	Jul 29 2024, 8:31 AM

Description

See the following error:

lucas@lcn-router:~$ generate ipsec profile windows-remote-access ClientVPN remote x.x.x.x
Traceback (most recent call last):
  File "/usr/libexec/vyos/op_mode/ikev2_profile_generator.py", line 234, in <module>
    data['ike_encryption'] = ike['1']
                             ~~~^^^^^
KeyError: '1'

Note that the windows profile generator probably also needs to be examined along similar lines to T6617, to make sure x509 mode is properly accounted for and PFS dh-groups work.

Details

Difficulty level: Unknown (require assessment)
Version: 1.5-rolling-202407280023
Why the issue appeared?: Will be filled on close
Is it a breaking change?: Perfectly compatible
Issue type: Bug (incorrect behavior)

Related Objects

Mentioned Here: T6617: ipsec: remote access VPN: "generate ipsec profile ios-remote-access" wrong profile for x509 auth

Event Timeline

lucasec created this task.Jul 29 2024, 8:31 AM

lucasec created this object in space S1 VyOS Public.

pasik subscribed.Jul 29 2024, 2:44 PM

PR https://github.com/vyos/vyos-1x/pull/3903

c-po added projects: Restricted Project, VyOS 1.4 Sagitta (1.4.1).Aug 1 2024, 5:51 AM

c-po moved this task from Need Triage to Finished on the VyOS 1.5 Circinus board.

Viacheslav changed the task status from In progress to Needs testing.Aug 2 2024, 1:52 PM

dmbaturin added a project: Restricted Project.Sun, Sep 15, 5:03 PM

ipsec: remote access VPN: "generate ipsec profile windows-remote-access" brokenNeeds testing, LowPublicActions

Description

Details

Related Objects

Event Timeline

ipsec: remote access VPN: "generate ipsec profile windows-remote-access" broken
Needs testing, LowPublic
Actions