Page MenuHomeVyOS Platform

IPSec w/ IKEv2 Invalid local-address "any"
Closed, ResolvedPublicBUG


[email protected]# set vpn ipsec site-to-site peer local-address
Possible completions:
   <x.x.x.x>    IPv4 address of a local interface for VPN
                IPv6 address of a local interface for VPN
   any          Allow any IPv4 address present on the system to be used for VPN
[email protected]# show vpn
ipsec {
    esp-group ESP_DEFAULT {
        compression disable
        lifetime 3600
        mode tunnel
        pfs dh-group19
        proposal 10 {
            encryption aes256gcm128
            hash sha256
    ike-group IKEv2_DEFAULT {
        dead-peer-detection {
            action hold
            interval 30
            timeout 120
        ikev2-reauth no
        key-exchange ikev2
        lifetime 10800
        mobike disable
        proposal 10 {
            dh-group 19
            encryption aes256gcm128
            hash sha256
    ipsec-interfaces {
        interface eth2
    site-to-site {
        peer {
            authentication {
                mode pre-shared-secret
                pre-shared-secret secretkey
            connection-type initiate
            ike-group IKEv2_DEFAULT
            ikev2-reauth inherit
            local-address any
            vti {
                bind vti10
                esp-group ESP_DEFAULT
[email protected]# commit
[ vpn ]
VPN VTI configuration error: Invalid local-address "any", an ip address must be specified for VTIs.


Difficulty level
Unknown (require assessment)
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)

Related Objects