There seems to be a big problem with configuration parsing in latest versions of VyOS. If you have both site-to-site vpn’s and an L2TP configuration the site-to-site VPN definitions in /etc/ipsec.conf and the secrets in /etc/ipsec.secrets will only contain the L2TP secret and definitions. I am assuming that this is from how the configuration is parsed and that the L2TP part is not appended to the file, but instead overwrites the config. The problem was not present in 1.2.1. In 1.2.4 the problem started with /etc/ipsec.secrets not containing the shared secrets for the site to site VPN’s. Starting from the currently available crux git-repos of 1.2.5 and the rolling 1.3 releases both the ipsec.conf and ipsec.secrets only contains the L2TP part.
There is also a small other cosmetic bug (or more specifically a fly?) in the file:
/usr/libexec/vyos/conf_mode/ipsec-settings.py
A few variables are misspelled with _flie instead of _file. This is consistent and should not really cause any problems more than being a cosmetic flaw.
In 1.2.4 and 1.2.5 site-to-site and l2tp+ipsec works together without any issue. I was checked this in our LAB.
As for 1.3-rolling, I can confirm the issue. It seems happened after implementation of new templates methods.
I don’t have access to the “officiall” 1.2.5 release, but the one I compiled from the git-source for “crux” yesterday did have the same problem. I have read that the git-source is not the same as a reproducable offical LTS release. Could something have been backported in the GIT repo that introduces the same problem for that release?
I will create a task on phabricator as soon as I have my account approved.
I stand corrected. Copied my docker command from bash-history and I had used the vyos/vyos-build branch accidentally. I will check the next rolling release when the bug is closed in phabricator.