AnsweredHot!CLI Script vpn ipsec phase1-interface

Author
FloBEAUG
New Member
  • Total Posts : 4
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/09/20 06:42:24
  • Status: offline
2019/09/20 06:57:56 (permalink)
0

CLI Script vpn ipsec phase1-interface

Hello,
I'm trying to upload a script via the web interface but the script keeps on failing and i don't know why.
 
Here is the script :
 

config vdom
edit Hub

config vpn ipsec phase1-interface
edit "0630000X-tun1"
set interface "wan2"
set nattraversal disable
set authmethod psk
set remote-gw <hidden-IP>
set psksecret <somelongpassword>
next
end
end

 
When I type the same commands line by line under CLI through SSH everything goes well...

I have enabled "diagnose debug" and set it to "cli 7", here is the output of the script :

0: config vdom
0: edit Hub
0:
0: config vpn ipsec phase1-interface
0: edit "0630000X-tun1"
0: set interface "wan2"
0: set nattraversal disable
0: set authmethod psk
0: set remote-gw <hidden-IP>
0: set psksecret <somelongpassword>
1: next
0: end
0:
0: end

 
Do you have any idea please ?
Sincerely,
 
Hardware: FG200E v5.6.9 build1673
#1
neonbit
Expert Member
  • Total Posts : 530
  • Scores: 69
  • Reward points: 0
  • Joined: 2013/07/02 21:39:52
  • Location: Dark side of the moon
  • Status: offline
Re: CLI Script vpn ipsec phase1-interface 2019/09/20 07:14:07 (permalink) ☼ Best Answerby FloBEAUG 2019/09/24 00:20:21
0
When the script fails on the FMG there is a little icon that looks like a magnifying glass. If you click on it it will show you the commands as they're sent through and where it failed.
#2
FloBEAUG
New Member
  • Total Posts : 4
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/09/20 06:42:24
  • Status: offline
Re: CLI Script vpn ipsec phase1-interface 2019/09/20 07:22:35 (permalink)
0
I'm not using FMG, I'm connecting directly to the FG Web UI.
But I can try with FMG and see what you told me.
 
Thanks
#3
emnoc
Expert Member
  • Total Posts : 5301
  • Scores: 347
  • Reward points: 0
  • Joined: 2008/03/20 13:30:33
  • Location: AUSTIN TX AREA
  • Status: offline
Re: CLI Script vpn ipsec phase1-interface 2019/09/20 18:12:15 (permalink)
0
That last end is not required for this script. 
Ken Felix

PCNSE,  NSE , Forcepoint ,  StrongSwan Specialist
#4
ede_pfau
Expert Member
  • Total Posts : 6068
  • Scores: 488
  • Reward points: 0
  • Joined: 2004/03/09 01:20:18
  • Location: Heidelberg, Germany
  • Status: offline
Re: CLI Script vpn ipsec phase1-interface 2019/09/21 12:29:18 (permalink)
0
Your script runs without any error on my FG-60E, FOS v6.0.6.
I thought maybe the name is too long, or some obligatory variable was missing, but no.
Is there something special with "wan2"?
 
@emnoc: the last "end" closes VDOM edit mode, not strictly required here but won't harm. The error occurs with the preceeding "next".

Ede

" Kernel panic: Aiee, killing interrupt handler!"
#5
FloBEAUG
New Member
  • Total Posts : 4
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/09/20 06:42:24
  • Status: offline
Re: CLI Script vpn ipsec phase1-interface 2019/09/23 23:39:14 (permalink)
0
@ede_pfau : the "wan2" interface already have 159 phase1-interfaces linked to it (my colleague set those manually over time). We will have to add more distant sites in a short period of time so we are searching for a simple way to add those sites.
 
We want to delegate the work to another team with some simple workflow such as uploading a script to the device...
#6
FloBEAUG
New Member
  • Total Posts : 4
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/09/20 06:42:24
  • Status: offline
Re: CLI Script vpn ipsec phase1-interface 2019/09/24 00:18:53 (permalink)
0
I uploaded the script via FMG : 1 line missing "set peertype"
It's working now !
#7
emnoc
Expert Member
  • Total Posts : 5301
  • Scores: 347
  • Reward points: 0
  • Joined: 2008/03/20 13:30:33
  • Location: AUSTIN TX AREA
  • Status: offline
Re: CLI Script vpn ipsec phase1-interface 2019/09/24 00:27:42 (permalink)
0
interesting , peertype is not a required item in a new setup and should inherit the defaults. Btw script ran with zero issues in my fgts.
 
Ken Felix

PCNSE,  NSE , Forcepoint ,  StrongSwan Specialist
#8
Jump to:
© 2019 APG vNext Commercial Version 5.5