Op-mode command show vpn ipsec sa shows established time from parent SA
Expected time - from child SA
vyos@r4-epa2:~$ show vpn ipsec sa Connection State Uptime Bytes In/Out Packets In/Out Remote address Remote ID Proposal ----------------------- ------- -------- -------------- ---------------- ---------------- ----------- ---------------------------------- peer-192.0.2.2-tunnel-0 up 3m11s 0B/0B 0/0 192.0.2.2 N/A AES_CBC_256/HMAC_SHA1_96/MODP_1024 peer-192.0.2.2-tunnel-1 up 3m11s 0B/0B 0/0 192.0.2.2 N/A AES_CBC_256/HMAC_SHA1_96/MODP_1024 peer-192.0.2.2-tunnel-2 up 3m11s 0B/0B 0/0 192.0.2.2 N/A AES_CBC_256/HMAC_SHA1_96/MODP_1024 vyos@r4-epa2:~$ vyos@r4-epa2:~$ vyos@r4-epa2:~$ reset vpn ipsec-peer 192.0.2.2 tunnel 2 Resetting tunnel 2 with peer 192.0.2.2... vyos@r4-epa2:~$ vyos@r4-epa2:~$ show vpn ipsec sa Connection State Uptime Bytes In/Out Packets In/Out Remote address Remote ID Proposal ----------------------- ------- -------- -------------- ---------------- ---------------- ----------- ---------------------------------- peer-192.0.2.2-tunnel-0 up 3m27s 0B/0B 0/0 192.0.2.2 N/A AES_CBC_256/HMAC_SHA1_96/MODP_1024 peer-192.0.2.2-tunnel-1 up 3m27s 0B/0B 0/0 192.0.2.2 N/A AES_CBC_256/HMAC_SHA1_96/MODP_1024 peer-192.0.2.2-tunnel-2 up 3m27s 0B/0B 0/0 192.0.2.2 N/A AES_CBC_256/HMAC_SHA1_96/MODP_1024
Check swanctl:
vyos@r4-epa2:~$ sudo swanctl -l
peer-192.0.2.2-tunnel-0: #1, ESTABLISHED, IKEv1, fa77b2204b9f7ea4_i* b1e373702370e3fc_r
local '192.0.2.1' @ 192.0.2.1[500]
remote '192.0.2.2' @ 192.0.2.2[500]
AES_CBC-256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
established 212s ago, reauth in 2348s
...
...
peer-192.0.2.2-tunnel-2: #5, reqid 3, INSTALLED, TUNNEL, ESP:AES_CBC-256/HMAC_SHA1_96/MODP_1024
installed 8s ago, rekeying in 860s, expires in 1792s
in c60e0588, 0 bytes, 0 packets
out cc251e07, 0 bytes, 0 packets
local 10.1.3.0/24
remote 10.2.3.0/24