Step to reproduce:
Configure vpn with multiple tunnels but with incorrect (not matching) local/remote subnets.
Show sa
Config LeftSite 1.4, config RighSite 1.2.7
{F1465502}
{F1465503}
1.4
```
vyos@r1-roll:~$ show vpn ipsec sa
Connection State Uptime Bytes In/Out Packets In/Out Remote address Remote ID Proposal
-------------- ------- -------- -------------- ---------------- ---------------- ----------- ----------
peer_192-0-2-2 down N/A N/A N/A N/A N/A N/A
vyos@r1-roll:~$
vyos@r1-roll:~$ sudo ipsec restart
Stopping strongSwan IPsec...
Starting strongSwan 5.9.1 IPsec [starter]...
vyos@r1-roll:~$
vyos@r1-roll:~$
vyos@r1-roll:~$ show vpn ipsec sa
Connection State Uptime Bytes In/Out Packets In/Out Remote address Remote ID Proposal
------------ ------- -------- -------------- ---------------- ---------------- ----------- ----------
vyos@r1-roll:~$
```
Expected output, as in 1.2.7
```
vyos@r2-lts:~$ show vpn ipsec sa
Connection State Up Bytes In/Out Remote address Remote ID Proposal
------------------------ ------- ---- -------------- ---------------- ----------- ----------
peer-192.0.2.1-tunnel-20 down N/A N/A N/A N/A N/A
peer-192.0.2.1-tunnel-4 down N/A N/A N/A N/A N/A
peer-192.0.2.1-tunnel-5 down N/A N/A N/A N/A N/A
peer-192.0.2.1-tunnel-16 down N/A N/A N/A N/A N/A
peer-192.0.2.1-tunnel-7 down N/A N/A N/A N/A N/A
peer-192.0.2.1-tunnel-6 down N/A N/A N/A N/A N/A
peer-192.0.2.1-tunnel-9 down N/A N/A N/A N/A N/A
peer-192.0.2.1-tunnel-3 down N/A N/A N/A N/A N/A
peer-192.0.2.1-tunnel-10 down N/A N/A N/A N/A N/A
peer-192.0.2.1-tunnel-11 down N/A N/A N/A N/A N/A
peer-192.0.2.1-tunnel-2 down N/A N/A N/A N/A N/A
peer-192.0.2.1-tunnel-13 down N/A N/A N/A N/A N/A
peer-192.0.2.1-tunnel-12 down N/A N/A N/A N/A N/A
peer-192.0.2.1-tunnel-1 down N/A N/A N/A N/A N/A
peer-192.0.2.1-tunnel-14 down N/A N/A N/A N/A N/A
peer-192.0.2.1-tunnel-15 down N/A N/A N/A N/A N/A
peer-192.0.2.1-tunnel-19 down N/A N/A N/A N/A N/A
peer-192.0.2.1-tunnel-8 down N/A N/A N/A N/A N/A
peer-192.0.2.1-tunnel-18 down N/A N/A N/A N/A N/A
peer-192.0.2.1-tunnel-17 down N/A N/A N/A N/A N/A
```
Maybe another bug, needs to clarify.
Before ipsec restart 1.4, show sa's
```
vyos@r1-roll:~$ sudo swanctl -l -P
list-sa event {
peer_192-0-2-2 {
uniqueid = 1
version = 1
state = ESTABLISHED
local-host = 192.0.2.1
local-port = 500
local-id = 192.0.2.1
remote-host = 192.0.2.2
remote-port = 500
remote-id = 192.0.2.2
initiator = yes
initiator-spi = 45f77d7342584e6b
responder-spi = afdc10256fef76b5
encr-alg = AES_CBC
encr-keysize = 256
integ-alg = HMAC_SHA1_96
prf-alg = PRF_HMAC_SHA1
dh-group = MODP_1024
established = 48
rekey-time = 13179
child-sas {
}
}
}
list-sas reply {
}
vyos@r1-roll:~$
```
SA's after restart
```
vyos@r1-roll:~$ sudo ipsec restart
Stopping strongSwan IPsec...
Starting strongSwan 5.9.1 IPsec [starter]...
vyos@r1-roll:~$
vyos@r1-roll:~$ sudo swanctl -l -P
list-sas reply {
}
vyos@r1-roll:~$
```