IPsec configuration in /etc/ipsec.conf is stored persistent with commit (no save)
To reproduce
- configure ipsec server site like example below
- configure ipsec remote site like example below
- commit and reboot server side without saving configuration
- configuration is still available in: /etc/ipsec.conf and remote site can connect to server
- vpn configuration in the cli is empty:
#show vpn
configuration under specified path is empty
Example configuration for reproduction:
server side config
set vpn ipsec esp-group office-srv-esp compression 'disable' set vpn ipsec esp-group office-srv-esp lifetime '1800' set vpn ipsec esp-group office-srv-esp mode 'tunnel' set vpn ipsec esp-group office-srv-esp pfs 'enable' set vpn ipsec esp-group office-srv-esp proposal 1 encryption 'aes256' set vpn ipsec esp-group office-srv-esp proposal 1 hash 'sha1' set vpn ipsec ike-group office-srv-ike ikev2-reauth 'no' set vpn ipsec ike-group office-srv-ike key-exchange 'ikev1' set vpn ipsec ike-group office-srv-ike lifetime '3600' set vpn ipsec ike-group office-srv-ike proposal 1 encryption 'aes256' set vpn ipsec ike-group office-srv-ike proposal 1 hash 'sha1' set vpn ipsec ipsec-interfaces interface 'eth1' set vpn ipsec site-to-site peer 2.2.2.2 authentication mode 'pre-shared-secret' set vpn ipsec site-to-site peer 2.2.2.2 authentication pre-shared-secret 'SomePreSharedKey' set vpn ipsec site-to-site peer 2.2.2.2 ike-group 'office-srv-ike' set vpn ipsec site-to-site peer 2.2.2.2 local-address '1.1.1.1' set vpn ipsec site-to-site peer 2.2.2.2 tunnel 0 allow-nat-networks 'disable' set vpn ipsec site-to-site peer 2.2.2.2 tunnel 0 allow-public-networks 'disable' set vpn ipsec site-to-site peer 2.2.2.2 tunnel 0 esp-group 'office-srv-esp' set vpn ipsec site-to-site peer 2.2.2.2 tunnel 0 local prefix '192.168.0.0/24' set vpn ipsec site-to-site peer 2.2.2.2 tunnel 0 remote prefix '10.0.0.0/21'
remote office side config
set vpn ipsec esp-group office-srv-esp compression 'disable' set vpn ipsec esp-group office-srv-esp lifetime '1800' set vpn ipsec esp-group office-srv-esp mode 'tunnel' set vpn ipsec esp-group office-srv-esp pfs 'enable' set vpn ipsec esp-group office-srv-esp proposal 1 encryption 'aes256' set vpn ipsec esp-group office-srv-esp proposal 1 hash 'sha1' set vpn ipsec ike-group office-srv-ike ikev2-reauth 'no' set vpn ipsec ike-group office-srv-ike key-exchange 'ikev1' set vpn ipsec ike-group office-srv-ike lifetime '3600' set vpn ipsec ike-group office-srv-ike proposal 1 encryption 'aes256' set vpn ipsec ike-group office-srv-ike proposal 1 hash 'sha1' set vpn ipsec ipsec-interfaces interface 'eth1' set vpn ipsec site-to-site peer 1.1.1.1 authentication mode 'pre-shared-secret' set vpn ipsec site-to-site peer 1.1.1.1 authentication pre-shared-secret 'SomePreSharedKey' set vpn ipsec site-to-site peer 1.1.1.1 ike-group 'office-srv-ike' set vpn ipsec site-to-site peer 1.1.1.1 local-address '2.2.2.2' set vpn ipsec site-to-site peer 1.1.1.1 tunnel 0 allow-nat-networks 'disable' set vpn ipsec site-to-site peer 1.1.1.1 tunnel 0 allow-public-networks 'disable' set vpn ipsec site-to-site peer 1.1.1.1 tunnel 0 esp-group 'office-srv-esp' set vpn ipsec site-to-site peer 1.1.1.1 tunnel 0 local prefix '10.0.0.0/21' set vpn ipsec site-to-site peer 1.1.1.1 tunnel 0 remote prefix '192.168.0.0/24'