Page MenuHomeVyOS Platform

l2tp remote-access stops working after vpn settings modified and graceful reboot, workaround included
Open, LowPublicBUG

Description

  1. Create an l2tp remote access configuration of this form:
$ show configuration commands | grep remote-access | strip-private
set vpn l2tp remote-access authentication local-users username xxxxxx password xxxxxx
set vpn l2tp remote-access authentication local-users username xxxxxx password xxxxxx
set vpn l2tp remote-access authentication local-users username xxxxxx password xxxxxx
set vpn l2tp remote-access authentication mode 'local'
set vpn l2tp remote-access authentication protocols 'mschap-v2'
set vpn l2tp remote-access client-ip-pool default-range-pool range 'xxx.xxx.1.2-xxx.xxx.1.254'
set vpn l2tp remote-access default-pool 'default-range-pool'
set vpn l2tp remote-access gateway-address 'xxx.xxx.255.0'
set vpn l2tp remote-access ipsec-settings authentication mode 'pre-shared-secret'
set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret xxxxxx
set vpn l2tp remote-access name-server 'xxx.xxx.0.1'
set vpn l2tp remote-access outside-address 'xxx.xxx.168.185'
  1. halt the vyos machine / instance
  2. try to connect with one of the credentials after reboot. observe that this fails
  3. create a new user account with the configuration:
set vpn l2tp remote-access authentication local-users username xxxxxx password xxxxxx
  1. try to connect with this or other user information. observe that the connection now works.

mitigations which didn't work: restarting the vpn-related services, reseting l2tp or ipsec state.

Version:          VyOS 1.5-rolling-202409250007
Release train:    current
Release flavor:   generic

Built by:         [email protected]
Built on:         Wed 25 Sep 2024 00:07 UTC
Build UUID:       9b8b01ce-f96f-4af7-8116-68c8cd296cb7
Build commit ID:  fa50a5073b6d3f

Architecture:     x86_64
Boot via:         installed image
System type:      bare metal
Secure Boot:      disabled

Hardware vendor:  HP
Hardware model:   HP EliteDesk 800 G5 Desktop Mini
Hardware S/N:     MXL95025NY
Hardware UUID:    800b5dc3-e6c8-ba65-0bcb-dc6bfdfbccb2

Copyright:        VyOS maintainers and contributors

Details

Version
VyOS 1.5-rolling-202409250007, VyOS 1.5-rolling-202412031443
Is it a breaking change?
Behavior change
Issue type
Bug (incorrect behavior)

Event Timeline

syncer changed the subtype of this task from "Task" to "Bug".
syncer moved this task from Need Triage to Backlog - Bug on the VyOS Rolling board.
doctorpangloss renamed this task from l2tp remote-access doesn't work after power loss, workaround included to l2tp remote-access doesn't work after graceful reboot, workaround included.Wed, Dec 4, 9:39 PM
doctorpangloss changed Version from VyOS 1.5-rolling-202409250007 to VyOS 1.5-rolling-202409250007, VyOS 1.5-rolling-202412031443.

still an issue in latest

$ show version
Version:          VyOS 1.5-rolling-202412031443
Release train:    current
Release flavor:   generic

Built by:         [email protected]
Built on:         Tue 03 Dec 2024 14:43 UTC
Build UUID:       b520e57b-a8e3-4cfe-a147-fa565eee8cc4
Build commit ID:  1efcc4c5e123a0

Architecture:     x86_64
Boot via:         installed image
System type:      bare metal
Secure Boot:      disabled

Hardware vendor:  HP
Hardware model:   HP EliteDesk 800 G5 Desktop Mini
Hardware S/N:     MXL95025NY
Hardware UUID:    800b5dc3-e6c8-ba65-0bcb-dc6bfdfbccb2

Copyright:        VyOS maintainers and contributors

all remote access credentials stop working after a reboot. deleting, committing then recreating a credential resolves the issue.

doctorpangloss renamed this task from l2tp remote-access doesn't work after graceful reboot, workaround included to l2tp remote-access stops working after vpn settings modified and graceful reboot, workaround included.Wed, Dec 4, 9:59 PM

modifying any settings in the vpn block seems to break remote access until the vpn l2tp remote-access authentication local-users block is modified