To reproduce:
set interfaces dummy dum0 address '203.0.113.1/32' set interfaces dummy dum0 address '198.51.100.111/32' set interfaces ethernet eth0 address 'dhcp' set interfaces tunnel tun0 address '10.0.0.1/24' set interfaces tunnel tun0 encapsulation 'gre' set interfaces tunnel tun0 multicast 'enable' set interfaces tunnel tun0 parameters ip key '1' set interfaces tunnel tun0 source-address '0.0.0.0' set nat destination rule 20 inbound-interface 'eth0' set nat destination rule 20 translation address '198.51.100.111' set protocols nhrp tunnel tun0 cisco-authentication '12345' set protocols nhrp tunnel tun0 holding-time '300' set protocols nhrp tunnel tun0 multicast 'dynamic' set protocols nhrp tunnel tun0 redirect set vpn ipsec esp-group ESP-HUB compression 'disable' set vpn ipsec esp-group ESP-HUB lifetime '1800' set vpn ipsec esp-group ESP-HUB mode 'transport' set vpn ipsec esp-group ESP-HUB pfs 'dh-group2' set vpn ipsec esp-group ESP-HUB proposal 1 encryption 'aes256' set vpn ipsec esp-group ESP-HUB proposal 1 hash 'sha1' set vpn ipsec esp-group ESP-HUB proposal 2 encryption '3des' set vpn ipsec esp-group ESP-HUB proposal 2 hash 'md5' set vpn ipsec ike-group IKE-HUB close-action 'none' set vpn ipsec ike-group IKE-HUB ikev2-reauth 'no' set vpn ipsec ike-group IKE-HUB key-exchange 'ikev1' set vpn ipsec ike-group IKE-HUB lifetime '3600' set vpn ipsec ike-group IKE-HUB proposal 1 dh-group '2' set vpn ipsec ike-group IKE-HUB proposal 1 encryption 'aes256' set vpn ipsec ike-group IKE-HUB proposal 1 hash 'sha1' set vpn ipsec ike-group IKE-HUB proposal 2 dh-group '2' set vpn ipsec ike-group IKE-HUB proposal 2 encryption 'aes128' set vpn ipsec ike-group IKE-HUB proposal 2 hash 'sha1' set vpn ipsec ipsec-interfaces interface 'dum0' set vpn ipsec nat-networks allowed-network 0.0.0.0/0 set vpn ipsec nat-traversal 'enable' set vpn ipsec profile NHRPVPN authentication mode 'pre-shared-secret' set vpn ipsec profile NHRPVPN authentication pre-shared-secret 'SeCret' set vpn ipsec profile NHRPVPN bind tunnel 'tun0' set vpn ipsec profile NHRPVPN esp-group 'ESP-HUB' set vpn ipsec profile NHRPVPN ike-group 'IKE-HUB'
Check swanctl:
vyos@r4-1.3:~$ sudo swanctl -L dmvpn-NHRPVPN-tun0: IKEv1, reauthentication every 3600s local: %any remote: %any local pre-shared key authentication: remote pre-shared key authentication: dmvpn: TRANSPORT, rekeying every 1800s local: dynamic[gre] remote: dynamic[gre] vyos@r4-1.3:~$
Restart vpn an check swanctl:
vyos@r4-1.3:~$ restart vpn Restarting IPsec process... vyos@r4-1.3:~$ vyos@r4-1.3:~$ sudo swanctl -L vyos@r4-1.3:~$
To fix it we need to execute swanctl -q
vyos@r4-1.3:~$ sudo swanctl -L vyos@r4-1.3:~$ sudo swanctl -q loaded ike secret 'ike-dmvpn-tun0' no authorities found, 0 unloaded no pools found, 0 unloaded loaded connection 'dmvpn-NHRPVPN-tun0' successfully loaded 1 connections, 0 unloaded vyos@r4-1.3:~$ vyos@r4-1.3:~$ sudo swanctl -L dmvpn-NHRPVPN-tun0: IKEv1, reauthentication every 3600s local: %any remote: %any local pre-shared key authentication: remote pre-shared key authentication: dmvpn: TRANSPORT, rekeying every 1800s local: dynamic[gre] remote: dynamic[gre] vyos@r4-1.3:~$