Hello.
I’m trying to set up a ikev2 remote-access VPN, but after setting it up I can’t create profiles with the built-in generator.
vyos@vyos:~$ generate ipsec profile windows-remote-access support remote vpn.somedomain.com
Traceback (most recent call last):
File "/usr/libexec/vyos/op_mode/ikev2_profile_generator.py", line 150, in <module>
ca_cert = load_certificate(pki['ca'][ca_name]['certificate'])
~~~~~~~~~^^^^^^^^^
TypeError: unhashable type: 'list'
vyos@vyos:~$
vyos@vyos:~$ show ver | match Version
Version: VyOS 1.5-rolling-202405260021
vyos@vyos:~$
set pki ca isrgrootx1 certificate 'certdata'
set pki ca lets-encrypt-r3 certificate 'certdata'
set pki certificate vpn6 certificate 'certdata from letsencrypt'
set pki certificate vpn6 private key 'privkey from letsencrypt'
set vpn ipsec esp-group vpn lifetime '3600'
set vpn ipsec esp-group vpn pfs 'enable'
set vpn ipsec esp-group vpn proposal 10 encryption 'aes128gcm128'
set vpn ipsec esp-group vpn proposal 10 hash 'sha256'
set vpn ipsec ike-group vpn key-exchange 'ikev2'
set vpn ipsec ike-group vpn lifetime '7200'
set vpn ipsec ike-group vpn proposal 10 dh-group '14'
set vpn ipsec ike-group vpn proposal 10 encryption 'aes128gcm128'
set vpn ipsec ike-group vpn proposal 10 hash 'sha256'
set vpn ipsec interface 'eth0'
set vpn ipsec remote-access connection support authentication client-mode 'eap-mschapv2'
set vpn ipsec remote-access connection support authentication local-id 'vpn.somedomain.com'
set vpn ipsec remote-access connection support authentication local-users username stels password 'secret'
set vpn ipsec remote-access connection support authentication server-mode 'x509'
set vpn ipsec remote-access connection support authentication x509 ca-certificate 'isrgrootx1'
set vpn ipsec remote-access connection support authentication x509 ca-certificate 'lets-encrypt-r3'
set vpn ipsec remote-access connection support authentication x509 certificate 'vpn6'
set vpn ipsec remote-access connection support esp-group 'vpn'
set vpn ipsec remote-access connection support ike-group 'vpn'
set vpn ipsec remote-access connection support local-address 'ip on eth0'
set vpn ipsec remote-access connection support pool 'support'
set vpn ipsec remote-access pool support name-server '1.1.1.1'
set vpn ipsec remote-access pool support name-server '9.9.9.9'
set vpn ipsec remote-access pool support prefix '192.168.120.64/27'
What information should I provide?