In configuration was declared 2 tunnels - "tunnel 0" and "tunnel 1"
In operational mode, we see all names with "tunnel 0"
Config
set vpn ipsec esp-group grp-ESP compression 'disable' set vpn ipsec esp-group grp-ESP lifetime '28800' set vpn ipsec esp-group grp-ESP mode 'tunnel' set vpn ipsec esp-group grp-ESP pfs 'dh-group19' set vpn ipsec esp-group grp-ESP proposal 10 encryption 'aes256gcm128' set vpn ipsec esp-group grp-ESP proposal 10 hash 'sha256' set vpn ipsec ike-group grp-IKE dead-peer-detection action 'hold' set vpn ipsec ike-group grp-IKE dead-peer-detection interval '30' set vpn ipsec ike-group grp-IKE dead-peer-detection timeout '120' set vpn ipsec ike-group grp-IKE ikev2-reauth 'no' set vpn ipsec ike-group grp-IKE key-exchange 'ikev2' set vpn ipsec ike-group grp-IKE lifetime '86400' set vpn ipsec ike-group grp-IKE mobike 'disable' set vpn ipsec ike-group grp-IKE proposal 10 dh-group '19' set vpn ipsec ike-group grp-IKE proposal 10 encryption 'aes256gcm128' set vpn ipsec ike-group grp-IKE proposal 10 hash 'sha256' set vpn ipsec ipsec-interfaces interface 'eth1' set vpn ipsec site-to-site peer 100.64.0.2 authentication id '100.64.0.1' set vpn ipsec site-to-site peer 100.64.0.2 authentication mode 'pre-shared-secret' set vpn ipsec site-to-site peer 100.64.0.2 authentication pre-shared-secret 'SSSeeccRetT' set vpn ipsec site-to-site peer 100.64.0.2 authentication remote-id '100.64.0.2' set vpn ipsec site-to-site peer 100.64.0.2 connection-type 'initiate' set vpn ipsec site-to-site peer 100.64.0.2 ike-group 'grp-IKE' set vpn ipsec site-to-site peer 100.64.0.2 ikev2-reauth 'inherit' set vpn ipsec site-to-site peer 100.64.0.2 local-address '100.64.0.1' set vpn ipsec site-to-site peer 100.64.0.2 tunnel 0 allow-nat-networks 'disable' set vpn ipsec site-to-site peer 100.64.0.2 tunnel 0 allow-public-networks 'disable' set vpn ipsec site-to-site peer 100.64.0.2 tunnel 0 esp-group 'grp-ESP' set vpn ipsec site-to-site peer 100.64.0.2 tunnel 0 local prefix '10.11.10.0/24' set vpn ipsec site-to-site peer 100.64.0.2 tunnel 0 remote prefix '10.21.20.0/24' set vpn ipsec site-to-site peer 100.64.0.2 tunnel 1 allow-nat-networks 'disable' set vpn ipsec site-to-site peer 100.64.0.2 tunnel 1 allow-public-networks 'disable' set vpn ipsec site-to-site peer 100.64.0.2 tunnel 1 esp-group 'grp-ESP' set vpn ipsec site-to-site peer 100.64.0.2 tunnel 1 local prefix '10.10.10.0/24' set vpn ipsec site-to-site peer 100.64.0.2 tunnel 1 remote prefix '10.20.20.0/24'
Op mode
[email protected]:~$ show vpn ipsec sa Connection State Uptime Bytes In/Out Packets In/Out Remote address Remote ID Proposal ------------------------ ------- -------- -------------- ---------------- ---------------- ----------- ---------------------- peer-100.64.0.2-tunnel-0 up 9m4s 0B/0B 0/0 100.64.0.2 N/A AES_GCM_16_256 peer-100.64.0.2-tunnel-0 up 9m4s 0B/0B 0/0 100.64.0.2 N/A AES_GCM_16_256/ECP_256 [email protected]:~$
Vici shows correct tunnel names
OrderedDict([('uniqueid', b'1'), ('version', b'2'), ('state', b'ESTABLISHED'), ('local-host', b'100.64.0.1'), ('local-port', b'500'), ('local-id', b'100.64.0.1'), ('remote-host', b'100.64.0.2'), ('remote-port', b'500'), ('remote-id', b'100.64.0.2'), ('initiator', b'yes'), ('initiator-spi', b'b84053a6c941bbca'), ('responder-spi', b'a458ce49ad061a1d'), ('encr-alg', b'AES_GCM_16'), ('encr-keysize', b'256'), ('prf-alg', b'PRF_HMAC_SHA2_256'), ('dh-group', b'ECP_256'), ('established', b'1110'), ('rekey-time', b'84631'), ('child-sas', OrderedDict([('peer-100.64.0.2-tunnel-0-1', OrderedDict([('name', b'peer-100.64.0.2-tunnel-0'), ('uniqueid', b'1'), ('reqid', b'1'), ('state', b'INSTALLED'), ('mode', b'TUNNEL'), ('protocol', b'ESP'), ('spi-in', b'ce364934'), ('spi-out', b'c226de16'), ('encr-alg', b'AES_GCM_16'), ('encr-keysize', b'256'), ('bytes-in', b'0'), ('packets-in', b'0'), ('bytes-out', b'0'), ('packets-out', b'0'), ('rekey-time', b'26631'), ('life-time', b'27690'), ('install-time', b'1110'), ('local-ts', [b'10.11.10.0/24']), ('remote-ts', [b'10.21.20.0/24'])])), ('peer-100.64.0.2-tunnel-1-2', OrderedDict([('name', b'peer-100.64.0.2-tunnel-1'), ('uniqueid', b'2'), ('reqid', b'2'), ('state', b'INSTALLED'), ('mode', b'TUNNEL'), ('protocol', b'ESP'), ('spi-in', b'c1a60ea8'), ('spi-out', b'c86a7a4a'), ('encr-alg', b'AES_GCM_16'), ('encr-keysize', b'256'), ('dh-group', b'ECP_256'), ('bytes-in', b'0'), ('packets-in', b'0'), ('bytes-out', b'0'), ('packets-out', b'0'), ('rekey-time', b'26733'), ('life-time', b'27690'), ('install-time', b'1110'), ('local-ts', [b'10.10.10.0/24']), ('remote-ts', [b'10.20.20.0/24'])]))]))])
https://github.com/vyos/vyos-1x/blob/current/src/op_mode/show_ipsec_sa.py