VPN IPsec "leftsubnet" declared 2 times
set vpn ipsec esp-group grp-ESP compression 'disable' set vpn ipsec esp-group grp-ESP lifetime '28800' set vpn ipsec esp-group grp-ESP mode 'tunnel' set vpn ipsec esp-group grp-ESP pfs 'dh-group19' set vpn ipsec esp-group grp-ESP proposal 10 encryption 'aes256gcm128' set vpn ipsec esp-group grp-ESP proposal 10 hash 'sha256' set vpn ipsec ike-group grp-IKE dead-peer-detection action 'hold' set vpn ipsec ike-group grp-IKE dead-peer-detection interval '30' set vpn ipsec ike-group grp-IKE dead-peer-detection timeout '120' set vpn ipsec ike-group grp-IKE ikev2-reauth 'no' set vpn ipsec ike-group grp-IKE key-exchange 'ikev2' set vpn ipsec ike-group grp-IKE lifetime '86400' set vpn ipsec ike-group grp-IKE mobike 'disable' set vpn ipsec ike-group grp-IKE proposal 10 dh-group '19' set vpn ipsec ike-group grp-IKE proposal 10 encryption 'aes256gcm128' set vpn ipsec ike-group grp-IKE proposal 10 hash 'sha256' set vpn ipsec ipsec-interfaces interface eth1 set vpn ipsec site-to-site peer 100.64.0.2 authentication id '100.64.0.1' set vpn ipsec site-to-site peer 100.64.0.2 authentication mode 'pre-shared-secret' set vpn ipsec site-to-site peer 100.64.0.2 authentication pre-shared-secret SSSeeccRetT set vpn ipsec site-to-site peer 100.64.0.2 authentication remote-id '100.64.0.2' set vpn ipsec site-to-site peer 100.64.0.2 connection-type 'initiate' set vpn ipsec site-to-site peer 100.64.0.2 ike-group 'grp-IKE' set vpn ipsec site-to-site peer 100.64.0.2 ikev2-reauth 'inherit' set vpn ipsec site-to-site peer 100.64.0.2 local-address '100.64.0.1' set vpn ipsec site-to-site peer 100.64.0.2 tunnel 0 allow-nat-networks 'disable' set vpn ipsec site-to-site peer 100.64.0.2 tunnel 0 allow-public-networks 'disable' set vpn ipsec site-to-site peer 100.64.0.2 tunnel 0 esp-group 'grp-ESP' set vpn ipsec site-to-site peer 100.64.0.2 tunnel 0 local prefix 10.10.1.0/24 set vpn ipsec site-to-site peer 100.64.0.2 tunnel 0 remote prefix 10.23.222.0/24
ipsec.conf
vyos@r2-roll# cat /etc/ipsec.conf | head -17 # generated by /opt/vyatta/sbin/vpn-config.pl config setup conn %default keyexchange=ikev1 conn peer-100.64.0.2-tunnel-0 left=100.64.0.1 leftid="100.64.0.1" right=100.64.0.2 rightid="100.64.0.2" leftsubnet=10.10.1.0/24 rightsubnet=10.23.222.0/24 leftsubnet=10.10.1.0/24
VyOS 1.3-rolling-202009170118 + 1.2.6-epa1