show interfaces status problem


#1

Hi,

I finally start updating vyos from 1.0.4 version to 1.1.7 ! and have one problem with interfaces. Generally i’m using a lot of vti interfaces + ipsec and own script to reseting “dead” connection. So i list all vti interfaces witch A/D status and reset it.

In 1.1.7 when show interfaces i’v got status up so i can’t reset this connection.

[code]show interfaces | grep nxxx-xx.dyndns.org

vti8052000 172.16.52.5/30 u/u nxxx-xx.dyndns.org
[/code]

[code]show interfaces vti vti8052000
vti8052000@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default
link/ipip xx.xx.xx.xx peer xx.xx.xx.xx
inet 172.16.52.5/30 scope global vti8052000
valid_lft forever preferred_lft forever
Description: nxxx-xx.dyndns.org

RX:  bytes    packets     errors    dropped    overrun      mcast
         0          0          0          0          0          0
TX:  bytes    packets     errors    dropped    carrier collisions
         0          0        807          0        807          0[/code]

[code]vyos@HUB1nod1:/$ show vpn ipsec sa peer xx.xx.xx.xx
Peer ID / IP Local ID / IP


xx.xx.xx.xx xx.xx.xx.xx

Description: nxxx-xx.dyndns.org

Tunnel  State  Bytes Out/In   Encrypt  Hash    NAT-T  A-Time  L-Time  Proto
------  -----  -------------  -------  ----    -----  ------  ------  -----
vti     down   n/a            n/a      n/a     no     0       3600    all

[/code]

From other router:

vyos@HUB1b:~$ show interfaces | nxxx-xx.dyndns.org vti9052000 172.16.52.1/30 A/D nxxx-xx.dyndns.org

My ipsec configuration:

[code]vyos@HUB1nod1# show vpn ipsec esp-group
esp-group ESP {
compression disable
lifetime 3600
mode tunnel
pfs disable
proposal 1 {
encryption aes256
hash sha1
}
proposal 2 {
encryption aes128
hash sha1
}
}

[edit]
vyos@HUB1nod1# show vpn ipsec ike-group
ike-group IKE {
dead-peer-detection {
action clear
interval 30
timeout 120
}
lifetime 86400
proposal 1 {
dh-group 5
encryption aes256
hash sha1
}
proposal 2 {
dh-group 5
encryption aes128
hash sha1
}
}

[edit]
vyos@HUB1nod1#

vyos@HUB1nod1# show vpn ipsec site-to-site peer xx.xx.xx.xx
authentication {
mode pre-shared-secret
pre-shared-secret “xxxxxxxxx”
}
connection-type initiate
description nxxx-xx.dyndns.org
ike-group IKE
local-address xx.xx.xx.xx
vti {
bind vti8052000
esp-group ESP
}

[edit]

[/code]

Remote site is Cisco router.
of course this site dosen’t work, so generally status of connection must be A/D ?
Any advice ?

Another strange behavior, when:

[code]vyos@HUB1nod1:/scheduler/resetvpn$ show interfaces detail
eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:2e:e2:f2 brd ff:ff:ff:ff:ff:ff
inet xx.xx.xx.xx/xx brd xx.xx.xx.xx scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe2e:e2f2/64 scope link
valid_lft forever preferred_lft forever
Description: WAN_MC

RX:  bytes    packets     errors    dropped    overrun      mcast
   4731447      30627          0          0          0          0
TX:  bytes    packets     errors    dropped    carrier collisions
   7254279      26401          0          0          0          0

Can’t call method “path” on an undefined value at /opt/vyatta/share/perl5//Vyatta/Misc.pm line 540.
eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:2e:e2:fc brd ff:ff:ff:ff:ff:ff
inet 192.168.0.2/24 brd 192.168.0.255 scope global eth1
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe2e:e2fc/64 scope link
valid_lft forever preferred_lft forever
Description: LAN_10

RX:  bytes    packets     errors    dropped    overrun      mcast
   4068943       9818          0          0          0          0
TX:  bytes    packets     errors    dropped    carrier collisions
    818961       5396          0          0          0          0[/code]

I’ve got error:

Can’t call method “path” on an undefined value at /opt/vyatta/share/perl5//Vyatta/Misc.pm line 540.

and rest of interfaces dosen’t show. In 1.0.4 evrything is ok.