vyos@vyos# set vpn ipsec site-to-site peer 160.20.145.16 local-address Possible completions: <x.x.x.x> IPv4 address of a local interface for VPN <h:h:h:h:h:h:h:h> IPv6 address of a local interface for VPN any Allow any IPv4 address present on the system to be used for VPN
vyos@vyos# show vpn ipsec { esp-group ESP_DEFAULT { compression disable lifetime 3600 mode tunnel pfs dh-group19 proposal 10 { encryption aes256gcm128 hash sha256 } } ike-group IKEv2_DEFAULT { dead-peer-detection { action hold interval 30 timeout 120 } ikev2-reauth no key-exchange ikev2 lifetime 10800 mobike disable proposal 10 { dh-group 19 encryption aes256gcm128 hash sha256 } } ipsec-interfaces { interface eth2 } site-to-site { peer 1.2.4.6 { authentication { id 193.168.189.149 mode pre-shared-secret pre-shared-secret secretkey remote-id 1.2.4.6 } connection-type initiate ike-group IKEv2_DEFAULT ikev2-reauth inherit local-address any vti { bind vti10 esp-group ESP_DEFAULT } } } }
vyos@vyos# commit [ vpn ] VPN VTI configuration error: Invalid local-address "any", an ip address must be specified for VTIs.