DMVPN Not Even Attempting to Bring Up IPSec Tunnel

I’ve been trying to get this working correctly since last September but have been so far unsuccessful. I am trying to setup a DMVPN (eventually dual hub, but single hub for now). In my latest lab, I am using a 1.4 ISO that I just built this week and trying to setup DMVPN between two routers to test why my production VyOS routers weren’t working. Long story short, I configured them based off of the guide here and IPSec isn’t even attempting to connect. I’ve attached my hub and spoke configurations, and the terminal output of traffic between the two starting from when they both boot. I have tried setting start_action = trap in /usr/share/vyos/templates/ipsec/swanctl/profile.j2. This helped last year, but doesn’t seem to have any affect at all now. I have also tried setting the IPSec bind interface to both eth0 and tun100. Neither made any difference. Any assistance would be greatly appreciated.
tcpdump.txt (7.4 KB)
spoke.txt (3.4 KB)
hub.txt (3.3 KB)

Figured it out -

I was exhausted and put start_mode = trap, not start_action = trap.

1 Like

Hi @jmarmorato!

Great job on figuring it out! We’ve all been there–sometimes it’s the small details that can trip us up. Kudo to you for perseverance and problem-solving skills! Thank you for sharing your troubleshooting experience with us. It’s incredibly valuable for the community to learn from real-life example like yours. This will help others who might encounter a similar issue in the future.

Have a nice day!


In which section did you put "start_action = trap in profile.j2? I am having the same issue. and after ipsec reload it doesn’t come up.

It should be in the dmvpn {} block, which it itself in the children {} block.
profile.j2.txt (1.7 KB)