Tested using:
set vpn ipsec remote-access connection rw authentication client-mode 'eap-mschapv2' set vpn ipsec remote-access connection rw authentication local-id 'vyos-test' set vpn ipsec remote-access connection rw authentication local-users username vyos password 'vyos' set vpn ipsec remote-access connection rw authentication server-mode 'x509' set vpn ipsec remote-access connection rw authentication x509 ca-certificate 'CAcert_Class_3_Root' set vpn ipsec remote-access connection rw authentication x509 certificate 'vyos-test' set vpn ipsec remote-access connection rw esp-group 'ESP-RW' set vpn ipsec remote-access connection rw ike-group 'IKE-RW' set vpn ipsec remote-access connection rw local-address 'x.x.x.x.' set vpn ipsec remote-access connection rw pool 'ra-rw-ipv4' set vpn ipsec remote-access connection rw unique 'never' set vpn ipsec remote-access pool ra-rw-ipv4 name-server '172.16.254.200' set vpn ipsec remote-access pool ra-rw-ipv4 prefix '172.16.222.16/28'
vyos@vyos:~$ sudo ip xfrm state src x.x.x.x dst y.y.y.y proto esp spi 0x02d95772 reqid 1 mode tunnel replay-window 0 flag af-unspec aead rfc4106(gcm(aes)) 0x69c477db09d2e1a7cac5d3de3fb64acd29c48c74 128 encap type espinudp sport 4500 dport 1666 addr 0.0.0.0 anti-replay context: seq 0x0, oseq 0x5f, bitmap 0x00000000 src y.y.y.y dst x.x.x.x proto esp spi 0xc724f613 reqid 1 mode tunnel replay-window 32 flag af-unspec aead rfc4106(gcm(aes)) 0x29616531a8431bf158074c9039fe59c9132c0c1f 128 encap type espinudp sport 1666 dport 4500 addr 0.0.0.0 anti-replay context: seq 0x45, oseq 0x0, bitmap 0xffffffff
vyos@vyos:~$ sudo ipsec statusall vyos@vyos:~$