Hello!
I've found bug in the latest stream version.
Version: VyOS 2025.11
This config works well at 1.4 branch.
Conf:
interfaces {
tunnel tun10 {
address "AAA.AAA.AAA.AAA/30"
encapsulation "gre"
remote "YYY.YYY.YYY.YYY"
source-address "XXX.XXX.XXX.XXX"
}}
vpn {
ipsec {
authentication {
psk some-peer{
id "XXX.XXX.XXX.XXX"
id "YYY.YYY.YYY.YYY"
secret "some-secret"
}
esp-group ESP_POLICY3 {
lifetime "3600"
mode "transport"
pfs "dh-group14"
proposal 10 {
encryption "aes256"
hash "sha1"
}
}
ike-group IKE_POLICY2 {
close-action "none"
dead-peer-detection {
action "restart"
interval "10"
}
key-exchange "ikev2"
lifetime "28800"
proposal 10 {
dh-group "5"
encryption "aes256"
hash "sha1"
}
}
interface "eth0"
site-to-site {
peer some-peer {
authentication {
local-id "XXX.XXX.XXX.XXX"
mode "pre-shared-secret"
remote-id "YYY.YYY.YYY.YYY"
}
connection-type "initiate"
default-esp-group "ESP_POLICY3"
ike-group "IKE_POLICY2"
local-address "XXX.XXX.XXX.XXX"
remote-address "YYY.YYY.YYY.YYY"
tunnel 10 {
protocol "gre"
}
}}
Error:
commit
[ vpn ipsec ]
Local/remote prefix cannot be used with ESP transport mode on tunnel 10
for site-to-site peer some-peer
vpn ipsec failed
Commit failed
[edit]