VyOS configuration:
set interfaces vti vti1 address '10.2.2.1/30' set vpn ipsec authentication psk PSK id '192.168.100.184' set vpn ipsec authentication psk PSK id '192.168.100.254' set vpn ipsec authentication psk PSK secret 'SSSeeccRetT' set vpn ipsec esp-group ESP-group lifetime '1800' set vpn ipsec esp-group ESP-group mode 'tunnel' set vpn ipsec esp-group ESP-group pfs 'enable' set vpn ipsec esp-group ESP-group proposal 1 encryption 'aes256' set vpn ipsec esp-group ESP-group proposal 1 hash 'sha256' set vpn ipsec ike-group IKE-group key-exchange 'ikev1' set vpn ipsec ike-group IKE-group lifetime '3600' set vpn ipsec ike-group IKE-group proposal 1 encryption 'aes256' set vpn ipsec ike-group IKE-group proposal 1 hash 'sha256' set vpn ipsec interface 'eth1' set vpn ipsec site-to-site peer OFFICE-B authentication local-id '192.168.100.254' set vpn ipsec site-to-site peer OFFICE-B authentication mode 'pre-shared-secret' set vpn ipsec site-to-site peer OFFICE-B authentication remote-id '192.168.100.184' set vpn ipsec site-to-site peer OFFICE-B connection-type 'initiate' set vpn ipsec site-to-site peer OFFICE-B dhcp-interface 'eth1' set vpn ipsec site-to-site peer OFFICE-B ike-group 'IKE-group' set vpn ipsec site-to-site peer OFFICE-B remote-address '192.168.100.184' set vpn ipsec site-to-site peer OFFICE-B vti bind 'vti1' set vpn ipsec site-to-site peer OFFICE-B vti esp-group 'ESP-group'
Warning vty instead of vti
vyos@r14# commit [ vpn ipsec ] WARNING: It's recommended to use ipsec vty with the next command [set vpn ipsec option disable-route-autoinstall] [edit] vyos@r14#