ajg@vyos:~$ show vpn ike sa Peer ID / IP Local ID / IP ------------ ------------- 1.1.1.1 2.2.2.2 State IKEVer Encrypt Hash D-H Group NAT-T A-Time L-Time ----- ------ ------- ---- --------- ----- ------ ------ down IKEv2 aes16_128 n/a 14(MODP_2048) no -900
ajg@vyos:~$ show vpn ipsec sa Connection State Uptime Bytes In/Out Packets In/Out Remote address Remote ID Proposal ------------------------------------- ------- -------- -------------- ---------------- ---------------- ----------------------- ------------------------ peer-host.example.org-tunnel-0 up 14m31s 372B/132B 7/3 1.1.1.1 remote-host.example.net AES_GCM_16_128/MODP_2048
peer remote-host.example.net { authentication { id host.example.org-tunnel mode pre-shared-secret pre-shared-secret **************** remote-id remote-host.example.net } connection-type initiate dhcp-interface eth2 ike-group local-vpn-ike ikev2-reauth inherit tunnel 0 { allow-nat-networks disable allow-public-networks disable esp-group local-vpn-esp local { prefix 10.0.0.0/16 } remote { prefix 10.10.0.0/24 } } }
ipsec { auto-update 30 esp-group local-vpn-esp { compression disable lifetime 1800 mode tunnel pfs dh-group14 proposal 1 { encryption aes128gcm128 hash sha1 } proposal 2 { encryption aes256gcm128 hash sha1 } } ike-group local-vpn-ike { close-action none dead-peer-detection { action restart interval 30 timeout 120 } ikev2-reauth no key-exchange ikev2 lifetime 3600 proposal 1 { dh-group 14 encryption aes128gcm128 hash aesxcbc } proposal 2 { dh-group 14 encryption aes256gcm128 hash aesxcbc } } ipsec-interfaces { interface eth0 interface eth1 interface eth2 }