vyos@vyos# set vpn ipsec site-to-site peer 160.20.145.16 local-address
Possible completions:
<x.x.x.x> IPv4 address of a local interface for VPN
<h:h:h:h:h:h:h:h>
IPv6 address of a local interface for VPN
any Allow any IPv4 address present on the system to be used for VPNvyos@vyos# show vpn
ipsec {
esp-group ESP_DEFAULT {
compression disable
lifetime 3600
mode tunnel
pfs dh-group19
proposal 10 {
encryption aes256gcm128
hash sha256
}
}
ike-group IKEv2_DEFAULT {
dead-peer-detection {
action hold
interval 30
timeout 120
}
ikev2-reauth no
key-exchange ikev2
lifetime 10800
mobike disable
proposal 10 {
dh-group 19
encryption aes256gcm128
hash sha256
}
}
ipsec-interfaces {
interface eth2
}
site-to-site {
peer 1.2.4.6 {
authentication {
id 193.168.189.149
mode pre-shared-secret
pre-shared-secret secretkey
remote-id 1.2.4.6
}
connection-type initiate
ike-group IKEv2_DEFAULT
ikev2-reauth inherit
local-address any
vti {
bind vti10
esp-group ESP_DEFAULT
}
}
}
}vyos@vyos# commit [ vpn ] VPN VTI configuration error: Invalid local-address "any", an ip address must be specified for VTIs.