User Details
- User Since
- Aug 21 2020, 1:05 PM (251 w, 4 d)
May 15 2025
Jan 26 2025
Nov 7 2024
Sep 5 2024
This time it seems like the remote side initiate a new IKE_SA without properly closing the old one. This tricked strongswan to keep both, but when the old one timed out. the vti-up-down script killed the VTI.
Just to add some context. This keeps on happening regularly, but for some reason more often on our trans-atlantic VPNs. Maybe once a week( it varies).
Jul 13 2024
Jun 25 2024
No plan on fixing on 1.4?
May 24 2024
FYI: The configuration is valid and works. It just fails during boot.
May 1 2024
Apr 12 2024
Here is an example of a perferctly valid vyos vpn config that will never recover a child SA when resetting it.
In 1.4 and 1.5 command reset vpn ipsec has a termination meaning.
No, it says reset, both the command, and auto complete output. It does not say terminate or clear. If you run a reset you do expect it to restart or re-populate in one way or another, not just stop working completley.
Mar 29 2024
Not sure if it is meaningful to create a new operational vyos command "initiate" or re-write the reset to be consistent with older VyOS.
Mar 20 2024
Nov 3 2021
Feb 19 2021
I can confirm it is broken for
reset vpn ipsec-peer XXX
too when you run policy-based VPNs.
Peer reset log: