Page MenuHomeVyOS Platform
Create Task
Maniphest T6765

IPSEC op-commands do not work
Closed, ResolvedPublicBUG
Actions

Description

IPSEC op-commands do not work
Any IPSEC configuration:
In my case IPSEC in DMVPN

set vpn ipsec esp-group ESP-HUB lifetime '1800'
set vpn ipsec esp-group ESP-HUB mode 'transport'
set vpn ipsec esp-group ESP-HUB pfs 'disable'
set vpn ipsec esp-group ESP-HUB proposal 1 encryption 'aes256'
set vpn ipsec esp-group ESP-HUB proposal 1 hash 'sha1'
set vpn ipsec ike-group IKE-HUB close-action 'trap'
set vpn ipsec ike-group IKE-HUB key-exchange 'ikev1'
set vpn ipsec ike-group IKE-HUB lifetime '3600'
set vpn ipsec ike-group IKE-HUB proposal 1 dh-group '2'
set vpn ipsec ike-group IKE-HUB proposal 1 encryption 'aes256'
set vpn ipsec ike-group IKE-HUB proposal 1 hash 'sha1'
set vpn ipsec interface 'eth0'
set vpn ipsec profile NHRPVPN authentication mode 'pre-shared-secret'
set vpn ipsec profile NHRPVPN authentication pre-shared-secret 'secret'
set vpn ipsec profile NHRPVPN bind tunnel 'tun100'
set vpn ipsec profile NHRPVPN esp-group 'ESP-HUB'
set vpn ipsec profile NHRPVPN ike-group 'IKE-HUB'
vyos@vyos:~$ show vpn ipsec sa
Traceback (most recent call last):
  File "/usr/libexec/vyos/op_mode/ipsec.py", line 1027, in <module>
    res = vyos.opmode.run(sys.modules[__name__])
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/vyos/opmode.py", line 271, in run
    res = func(**args)
          ^^^^^^^^^^^^
  File "/usr/libexec/vyos/op_mode/ipsec.py", line 734, in show_sa
    sa_data = _get_raw_data_sas()
              ^^^^^^^^^^^^^^^^^^^
  File "/usr/libexec/vyos/op_mode/ipsec.py", line 44, in _get_raw_data_sas
    get_sas = vyos.ipsec.get_vici_sas()
              ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/vyos/ipsec.py", line 36, in get_vici_sas
    from vici import Session as vici_session
ModuleNotFoundError: No module named 'vici'

Details

Difficulty level
Unknown (require assessment)
Version
VyOS 1.5-rolling-202410060007
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Bug (incorrect behavior)

Event Timeline

a.apostoliuk created this task.Mon, Oct 7, 1:36 PM
a.apostoliuk triaged this task as High priority.Mon, Oct 7, 1:39 PM
a.apostoliuk added a comment.Mon, Oct 7, 1:56 PM

In VyOS 1.5-rolling-202410010007 everything was ok.

pasik subscribed.Mon, Oct 7, 2:37 PM
Viacheslav subscribed.EditedTue, Oct 8, 7:04 AM

The deb package for vici is broken and does not include CONTENTS/usr/lib
I.e., the script to build vici works incorrectly https://github.com/vyos/vyos-build/blob/current/scripts/package-build/strongswan/build-vici.sh

vyos@r14:~$ show version all | match vici
ii  python3-vici                         5.9.11-2+vyos0                              all          Native Python interface for strongSwan's VICI protocol
vyos@r14:~$ 


vyos_bld@b8190803dc1d:/vyos/work/tmp/vyos-build/scripts/package-build/strongswan$ dpkg-deb -c python3-vici_5.9.11-2+vyos0_all.deb 
drwxr-xr-x root/root         0 2024-10-08 07:48 ./
drwxr-xr-x root/root         0 2024-10-08 07:48 ./usr/
drwxr-xr-x root/root         0 2024-10-08 07:48 ./usr/share/
drwxr-xr-x root/root         0 2024-10-08 07:48 ./usr/share/doc/
drwxr-xr-x root/root         0 2024-10-08 07:48 ./usr/share/doc/python3-vici/
-rw-r--r-- root/root      2657 2024-10-08 07:48 ./usr/share/doc/python3-vici/changelog.Debian.gz
Viacheslav added a comment.Tue, Oct 8, 8:34 AM

PR https://github.com/vyos/vyos-build/pull/802

Viacheslav closed this task as Resolved.Fri, Oct 11, 2:04 PM
Viacheslav claimed this task.
Viacheslav moved this task from Open to Finished on the VyOS 1.5 Circinus board.