Possible a cosmetic bug.
vyos@r1-roll:~$ restart vpn Possible completions: <Enter> Execute the current command vyos@r1-roll:~$ restart vpn Stopping strongSwan IPsec... Starting strongSwan 5.9.1 IPsec [starter]... opening directory '/etc/swanctl/x509ocsp' failed: No such file or directory opening directory '/etc/swanctl/x509aa' failed: No such file or directory opening directory '/etc/swanctl/x509ac' failed: No such file or directory opening directory '/etc/swanctl/rsa' failed: No such file or directory opening directory '/etc/swanctl/ecdsa' failed: No such file or directory opening directory '/etc/swanctl/bliss' failed: No such file or directory opening directory '/etc/swanctl/pkcs8' failed: No such file or directory opening directory '/etc/swanctl/pkcs12' failed: No such file or directory loaded ike secret 'ike_192-0-2-1' no authorities found, 0 unloaded no pools found, 0 unloaded loaded connection 'peer_192-0-2-1' successfully loaded 1 connections, 0 unloaded vyos@r1-roll:~$ show vpn ipsec sa Connection State Uptime Bytes In/Out Packets In/Out Remote address Remote ID Proposal ------------------ ------- -------- -------------- ---------------- ---------------- ----------- ---------------------------------- peer_192-0-2-1_vti up 37s 0B/0B 0/0 192.0.2.1 N/A AES_CBC_256/HMAC_SHA1_96/MODP_1024
Configuration:
set interfaces ethernet eth1 address '192.0.2.2/30' set interfaces vti vti2 address '10.0.0.2/30' set vpn ipsec esp-group ESP-GRP-VTI compression 'disable' set vpn ipsec esp-group ESP-GRP-VTI lifetime '1800' set vpn ipsec esp-group ESP-GRP-VTI mode 'tunnel' set vpn ipsec esp-group ESP-GRP-VTI pfs 'enable' set vpn ipsec esp-group ESP-GRP-VTI proposal 1 encryption 'aes256' set vpn ipsec esp-group ESP-GRP-VTI proposal 1 hash 'sha1' set vpn ipsec ike-group IKE-GRP-VTI ikev2-reauth 'no' set vpn ipsec ike-group IKE-GRP-VTI key-exchange 'ikev1' set vpn ipsec ike-group IKE-GRP-VTI lifetime '3600' set vpn ipsec ike-group IKE-GRP-VTI proposal 1 dh-group '2' set vpn ipsec ike-group IKE-GRP-VTI proposal 1 encryption 'aes256' set vpn ipsec ike-group IKE-GRP-VTI proposal 1 hash 'sha1' set vpn ipsec interface 'eth1' set vpn ipsec site-to-site peer 192.0.2.1 authentication mode 'pre-shared-secret' set vpn ipsec site-to-site peer 192.0.2.1 authentication pre-shared-secret 'SeCrEt' set vpn ipsec site-to-site peer 192.0.2.1 ike-group 'IKE-GRP-VTI' set vpn ipsec site-to-site peer 192.0.2.1 local-address '192.0.2.2' set vpn ipsec site-to-site peer 192.0.2.1 vti bind 'vti2' set vpn ipsec site-to-site peer 192.0.2.1 vti esp-group 'ESP-GRP-VTI'