[1.2.0 RC5] Some ipsec related commands do not work

ipsec
bug

#1

Hi all,

Not sure if this is a bug but it seems to be.
VPN are running just fine, but these commands does not seem to work fine:

vyos@vyos:~$ show vpn ipsec state
RTNETLINK answers: Operation not permitted
Dump terminated

And:

vyos@vyos:~$ show vpn ipsec sa
Peer ID / IP Local ID / IP
------------ -------------
aa.bb.cc.dd 172.16.16.77

Tunnel State Bytes Out/In Encrypt Hash NAT-T A-Time L-Time Proto
------ ----- ------------- ------- ---- ----- ------ ------ -----
vti down 2.3K/2.6K 3des md5_96 no -1080 all

Peer ID / IP Local ID / IP
------------ -------------
172.16.16.101 172.16.16.92

Tunnel State Bytes Out/In Encrypt Hash NAT-T A-Time L-Time Proto
------ ----- ------------- ------- ---- ----- ------ ------ -----
vti down 0.0/0.0 3des md5_96 no -1200 all

state is reported as down but traffic is flowing and A-TIme is reporting negative numbers

This command seems to work fine:

vyos@vyos:~$ show vpn ipsec status
IPSec Process Running PID: 2930

2 Active IPsec Tunnels

IPsec Interfaces :
eth0 (172.16.16.77)
eth1 (172.16.16.92)


#3

This command also does not work:

vyos@vyos:~$ monitor vpn ipsec
tail: unrecognized file system type 0x794c7630 for ‘/var/log/messages’. please report this to bug-coreutils@gnu.org. reverting to polling

To add some useful info we upgraded from 1.1.7 to 1.1.8 and then straight to 1.2.0-rc5


#4

The first one is related to this Phabricator entry: https://phabricator.vyos.net/T930

The second command (monitor vpn ipsec) seems to be another bug


#5

Second one ist related to this one https://phabricator.vyos.net/T188.


#6

You are right.
I was not able to find the relevant phabricator ticket because the search function did timeout.


#7

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.