Unable to reset vpn ipsec peer
An example of configuration:
set vpn ipsec esp-group office-srv-esp lifetime '1800' set vpn ipsec esp-group office-srv-esp mode 'tunnel' set vpn ipsec esp-group office-srv-esp pfs 'enable' set vpn ipsec esp-group office-srv-esp proposal 1 encryption 'aes256' set vpn ipsec esp-group office-srv-esp proposal 1 hash 'sha1' set vpn ipsec ike-group office-srv-ike key-exchange 'ikev1' set vpn ipsec ike-group office-srv-ike lifetime '3600' set vpn ipsec ike-group office-srv-ike proposal 1 encryption 'aes256' set vpn ipsec ike-group office-srv-ike proposal 1 hash 'sha1' set vpn ipsec interface 'eth1' set vpn ipsec site-to-site peer OFFICE-B authentication mode 'pre-shared-secret' set vpn ipsec site-to-site peer OFFICE-B authentication pre-shared-secret 'SomePreSharedKey' set vpn ipsec site-to-site peer OFFICE-B authentication remote-id '203.0.113.2' set vpn ipsec site-to-site peer OFFICE-B ike-group 'office-srv-ike' set vpn ipsec site-to-site peer OFFICE-B local-address '198.51.100.3' set vpn ipsec site-to-site peer OFFICE-B remote-address '203.0.113.2' set vpn ipsec site-to-site peer OFFICE-B tunnel 0 esp-group 'office-srv-esp' set vpn ipsec site-to-site peer OFFICE-B tunnel 0 local prefix '192.168.0.0/24' set vpn ipsec site-to-site peer OFFICE-B tunnel 0 remote prefix '10.0.0.0/21'
Show SA and try to reset peer:
vyos@r14:~$ show vpn ipsec sa Connection State Uptime Bytes In/Out Packets In/Out Remote address Remote ID Proposal ----------------- ------- -------- -------------- ---------------- ---------------- ----------- ---------------------------------- OFFICE-B-tunnel-0 up 17m38s 0B/0B 0/0 203.0.113.2 203.0.113.2 AES_CBC_256/HMAC_SHA1_96/MODP_1024 vyos@r14:~$ vyos@r14:~$ vyos@r14:~$ reset vpn ipsec-peer OFFICE-B Tunnel(s) not found, aborting vyos@r14:~$ vyos@r14:~$ vyos@r14:~$ reset vpn ipsec-peer OFFICE-B tunnel 0 Tunnel(s) not found, aborting vyos@r14:~$ vyos@r14:~$