Hi,
I finally start updating vyos from 1.0.4 version to 1.1.7 ! and have one problem with interfaces. Generally i’m using a lot of vti interfaces + ipsec and own script to reseting “dead” connection. So i list all vti interfaces witch A/D status and reset it.
In 1.1.7 when show interfaces i’v got status up so i can’t reset this connection.
[code]show interfaces | grep nxxx-xx.dyndns.org
vti8052000 172.16.52.5/30 u/u nxxx-xx.dyndns.org
[/code]
[code]show interfaces vti vti8052000
vti8052000@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default
link/ipip xx.xx.xx.xx peer xx.xx.xx.xx
inet 172.16.52.5/30 scope global vti8052000
valid_lft forever preferred_lft forever
Description: nxxx-xx.dyndns.org
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collisions
0 0 807 0 807 0[/code]
[code]vyos@HUB1nod1:/$ show vpn ipsec sa peer xx.xx.xx.xx
Peer ID / IP Local ID / IP
xx.xx.xx.xx xx.xx.xx.xx
Description: nxxx-xx.dyndns.org
Tunnel State Bytes Out/In Encrypt Hash NAT-T A-Time L-Time Proto
------ ----- ------------- ------- ---- ----- ------ ------ -----
vti down n/a n/a n/a no 0 3600 all
[/code]
From other router:
vyos@HUB1b:~$ show interfaces | nxxx-xx.dyndns.org
vti9052000 172.16.52.1/30 A/D nxxx-xx.dyndns.org
My ipsec configuration:
[code]vyos@HUB1nod1# show vpn ipsec esp-group
esp-group ESP {
compression disable
lifetime 3600
mode tunnel
pfs disable
proposal 1 {
encryption aes256
hash sha1
}
proposal 2 {
encryption aes128
hash sha1
}
}
[edit]
vyos@HUB1nod1# show vpn ipsec ike-group
ike-group IKE {
dead-peer-detection {
action clear
interval 30
timeout 120
}
lifetime 86400
proposal 1 {
dh-group 5
encryption aes256
hash sha1
}
proposal 2 {
dh-group 5
encryption aes128
hash sha1
}
}
[edit]
vyos@HUB1nod1#
vyos@HUB1nod1# show vpn ipsec site-to-site peer xx.xx.xx.xx
authentication {
mode pre-shared-secret
pre-shared-secret “xxxxxxxxx”
}
connection-type initiate
description nxxx-xx.dyndns.org
ike-group IKE
local-address xx.xx.xx.xx
vti {
bind vti8052000
esp-group ESP
}
[edit]
[/code]
Remote site is Cisco router.
of course this site dosen’t work, so generally status of connection must be A/D ?
Any advice ?
Another strange behavior, when:
[code]vyos@HUB1nod1:/scheduler/resetvpn$ show interfaces detail
eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:2e:e2:f2 brd ff:ff:ff:ff:ff:ff
inet xx.xx.xx.xx/xx brd xx.xx.xx.xx scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe2e:e2f2/64 scope link
valid_lft forever preferred_lft forever
Description: WAN_MC
RX: bytes packets errors dropped overrun mcast
4731447 30627 0 0 0 0
TX: bytes packets errors dropped carrier collisions
7254279 26401 0 0 0 0
Can’t call method “path” on an undefined value at /opt/vyatta/share/perl5//Vyatta/Misc.pm line 540.
eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:2e:e2:fc brd ff:ff:ff:ff:ff:ff
inet 192.168.0.2/24 brd 192.168.0.255 scope global eth1
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe2e:e2fc/64 scope link
valid_lft forever preferred_lft forever
Description: LAN_10
RX: bytes packets errors dropped overrun mcast
4068943 9818 0 0 0 0
TX: bytes packets errors dropped carrier collisions
818961 5396 0 0 0 0[/code]
I’ve got error:
Can’t call method “path” on an undefined value at /opt/vyatta/share/perl5//Vyatta/Misc.pm line 540.
and rest of interfaces dosen’t show. In 1.0.4 evrything is ok.