New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
T5715: op-cmd: Fix for "restart vpn" command #37
Conversation
@dmbaturin @sever-sever can someone check it ? |
As for me, we should revert it, @dmbaturin is the author of the previous change #36 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since the ipsec-interfaces
option is not mandatory, reverting the old PR doesn't actually fix the real issue — that there are valid configs that make charon non-restartable from op mode. I'll look into the vyatta-cfg causes of the false negative in returnValues
.
Hi, I have 1.3.4 with set vpn ipsec ipsec-interfaces interface 'eth0', but restart vpn fails... set vpn ipsec ike-group IKEv2_DMVPN proposal 3 hash 'sha256' user@.hub01:~$ show vpn ipsec status 8 Active IPsec Tunnels IPsec Interfaces : dmvpn up 24m25s 2K/2K 26/30 xxx.xxx.xxx.xxx N/A CHACHA20_POLY1305/ECP_521 |
@jvilafe You can make suggested changes in this PR in your router
But the proper fix will be later |
mmm show vpn ipsec status 12 Active IPsec Tunnels IPsec Interfaces : |
Propose a new fix #38 |
Change Summary
"Restart vpn" command is failing even though ipsec is configured post this fix https://vyos.dev/R30:6e3334dec6143b7c18c6cec15344d84eb900ebb5 applied
Types of changes
Related Task(s)
Related PR(s)
Component(s) name
ipsec
Proposed changes
Before change:
After change:
How to test
Add this configuration:
Then run this command:
$restart vpn
Smoketest result
Checklist: