Member
Posts: 124
Registered: ‎02-09-2013
Kudos: 31
Solutions: 1

CLI configured ESP/IKE-group configs erased when GUI VPN configured & replaced with FOOx

I've had multiple CLI configured VPN peers/tunnels configured, and just added a peer to the VPN via the GUI - and dropped all of my previously configured ESP/IKE-group configs, replaced with FOOx - 

 

     esp-group FOO0 {
         proposal 1 {
             encryption aes128
             hash sha1
         }
     }
     ike-group FOO0 {
         proposal 1 {
             dh-group 14
             encryption 3des
             hash sha1
         }
     }

 

     site-to-site {
         peer xx.xx.xx.xx {
             authentication {
                 mode pre-shared-secret
                 pre-shared-secret "blah"
             }
             connection-type initiate
             ike-group FOO0
             local-ip xxx.xxx.xxx.xxx
             tunnel 1 {
                 esp-group FOO0
                 local {
                     subnet 10.3.0.0/24
                 }
                 remote {
                     subnet 192.168.33.0/24
                 }
             }
             tunnel 2 {
                 esp-group FOO0
                 local {
                     subnet 10.4.0.0/24
                 }
                 remote {
                     subnet 192.168.33.0/24
                 }
             }
         }

 

Is this by design?

Regular Member
Posts: 367
Registered: ‎05-09-2014
Kudos: 128
Solutions: 7

Re: CLI configured ESP/IKE-group configs erased when GUI VPN configured & replaced with FOOx

wow weird, you never had any groups named anything like "FOO"?


i will say, that i recently updated from a beta release to official 1.5.0, and after updating i lost all my l2tp and ipsec VPN configs.... luckily it didn't delete my certs/keys.

Member
Posts: 124
Registered: ‎02-09-2013
Kudos: 31
Solutions: 1

Re: CLI configured ESP/IKE-group configs erased when GUI VPN configured & replaced with FOOx

Correct - prior ESP/IKE groups had descriptive names for the peers they associated to.

I had no issue with upgrades from 1.4 to 1.5B/RC to 1.5.0 - kept all of my settings. I don't use any certs/keys though.

 

Highlighted
Previous Employee
Posts: 13,551
Registered: ‎06-10-2011
Kudos: 5474
Solutions: 1656
Contributions: 2

Re: CLI configured ESP/IKE-group configs erased when GUI VPN configured & replaced with FOOx

Yeah, currently the IPsec VPN UI is "optimized" for the usage scenario where only the UI is used. We could look into improving it for mixed CLI/UI usage.