Hi there,
For a few weeks now, I have been using Vyos (1.4-rolling-202207100637).
Since a few days I have however disconnections when I am connected to a Fortinet VPN on my laptop (Cisco IPSEC as called in macOS).
The first thing that came to my mind was to update Vyos to its latest version as the problem only appears in this network, but after this update, nothing works anymore on the network called LAN. The clients in DHCP don’t get any IP anymore, and the ones in fixed IP can’t ping the gateway either.
I redid a clean installation with the last nightly version available, nothing changes.
The problem seems to be present since version 1.4-rolling-202207111030.
Here is my configuration :
firewall {
name GUEST-LAN {
default-action drop
}
name GUEST-LOCAL {
default-action drop
}
name GUEST-WAN {
default-action accept
}
name LAN-GUEST {
default-action drop
}
name LAN-LOCAL {
default-action accept
}
name LAN-WAN {
default-action accept
}
name LOCAL-GUEST {
default-action drop
}
name LOCAL-LAN {
default-action accept
}
name LOCAL-WAN {
default-action accept
}
name WAN-GUEST {
default-action drop
rule 5 {
action accept
state {
established enable
related enable
}
}
}
name WAN-LAN {
default-action drop
rule 5 {
action accept
state {
established enable
related enable
}
}
rule 10 {
action accept
destination {
address xxx.xxx.64.0/24
}
ipsec {
match-ipsec
}
source {
address xxx.xxx.128.128/25
}
}
}
name WAN-LOCAL {
default-action drop
rule 5 {
action accept
state {
established enable
related enable
}
}
rule 20 {
action accept
protocol icmp
state {
new enable
}
}
rule 30 {
action drop
destination {
port 22
}
protocol tcp
recent {
count 4
time minute
}
state {
new enable
}
}
rule 31 {
action accept
destination {
port 22
}
protocol tcp
state {
new enable
}
}
rule 40 {
action accept
protocol esp
}
rule 41 {
action accept
destination {
port 500
}
protocol udp
}
rule 42 {
action accept
destination {
port 4500
}
protocol udp
}
}
}
interfaces {
bridge br0 {
address xxx.xxx.64.1/24
description LAN
enable-vlan
ip {
}
member {
interface eth1 {
native-vlan 1
}
interface eth2 {
allowed-vlan 13
native-vlan 1
}
}
vif 13 {
address xxx.xxx.13.1/24
description "Guest VLAN"
}
}
ethernet eth0 {
address dhcp
description WAN
hw-id xx:xx:xx:xx:xx:ec
}
ethernet eth1 {
description ACCESS
hw-id xx:xx:xx:xx:xx:f6
}
ethernet eth2 {
description "Trunk to APs"
hw-id xx:xx:xx:xx:xx:00
}
loopback lo {
}
}
nat {
source {
rule 13 {
outbound-interface eth0
source {
address xxx.xxx.13.0/24
}
translation {
address masquerade
}
}
rule 100 {
outbound-interface eth0
source {
address xxx.xxx.64.0/24
}
translation {
address masquerade
}
}
rule 200 {
outbound-interface eth0
source {
address xxx.xxx.128.128/25
}
translation {
address masquerade
}
}
}
}
protocols {
static {
route xxx.xxx.0.0/0 {
next-hop xxx.xxx.255.5 {
}
}
}
}
service {
dhcp-server {
shared-network-name xxxxxx {
subnet xxx.xxx.13.0/24 {
default-router xxx.xxx.13.1
lease 86400
name-server xxx.xxx.9.9
name-server xxx.xxx.112.112
range 0 {
start xxx.xxx.13.50
stop xxx.xxx.13.100
}
}
}
shared-network-name xxxxxx {
ntp-server xxx.xxx.64.1
subnet xxx.xxx.64.0/24 {
default-router xxx.xxx.64.1
domain-name xxxxxx
lease 86400
name-server xxx.xxx.64.251
name-server xxx.xxx.64.252
range 0 {
start xxx.xxx.64.50
stop xxx.xxx.64.100
}
}
}
}
ssh {
disable-password-authentication
port 22
}
}
system {
config-management {
commit-revisions 100
}
conntrack {
modules {
ftp
h323
nfs
pptp
sip
sqlnet
tftp
}
}
console {
device ttyS0 {
speed 115200
}
}
domain-name xxxxxx
host-name xxxxxx
login {
user xxxxxx {
authentication {
public-keys [email protected] {
key xxxxxx
type ssh-ed25519
}
}
}
user xxxxxx {
authentication {
public-keys [email protected] {
key xxxxxx
type ssh-ed25519
}
}
}
user xxxxxx {
authentication {
public-keys [email protected] {
key xxxxxx
type ssh-rsa
}
}
}
user xxxxxx {
authentication {
encrypted-password xxxxxx
plaintext-password xxxxxx
}
}
}
name-server xxx.xxx.9.9
name-server xxx.xxx.112.112
ntp {
listen-address xxx.xxx.64.1
server xxxxx.tld {
}
server xxxxx.tld {
}
server xxxxx.tld {
}
server xxxxx.tld {
}
server xxxxx.tld {
}
server xxxxx.tld {
}
}
option {
root-partition-auto-resize
}
syslog {
global {
facility all {
level info
}
facility protocols {
level debug
}
}
}
}
zone-policy {
zone GUEST {
default-action drop
from LAN {
firewall {
name LAN-GUEST
}
}
from LOCAL {
firewall {
name LOCAL-GUEST
}
}
from WAN {
firewall {
name WAN-GUEST
}
}
interface br0.13
}
zone LAN {
default-action drop
from GUEST {
firewall {
name GUEST-LAN
}
}
from LOCAL {
firewall {
name LOCAL-LAN
}
}
from WAN {
firewall {
name WAN-LAN
}
}
interface br0
}
zone LOCAL {
default-action drop
from GUEST {
firewall {
name GUEST-LOCAL
}
}
from LAN {
firewall {
name LAN-LOCAL
}
}
from WAN {
firewall {
name WAN-LOCAL
}
}
local-zone
}
zone WAN {
default-action drop
from GUEST {
firewall {
name GUEST-WAN
}
}
from LAN {
firewall {
name LAN-WAN
}
}
from LOCAL {
firewall {
name LOCAL-WAN
}
}
interface eth0
}
}
Is there an error somewhere? I have looked at the changelog, but unfortunately I did not find anything that could help me.
Thanks in advance 