In configuration was declared 2 tunnels - "tunnel 0" and "tunnel 1"
In operational mode, we see all names with "tunnel 0"
Config
set vpn ipsec esp-group grp-ESP compression 'disable' set vpn ipsec esp-group grp-ESP lifetime '28800' set vpn ipsec esp-group grp-ESP mode 'tunnel' set vpn ipsec esp-group grp-ESP pfs 'dh-group19' set vpn ipsec esp-group grp-ESP proposal 10 encryption 'aes256gcm128' set vpn ipsec esp-group grp-ESP proposal 10 hash 'sha256' set vpn ipsec ike-group grp-IKE dead-peer-detection action 'hold' set vpn ipsec ike-group grp-IKE dead-peer-detection interval '30' set vpn ipsec ike-group grp-IKE dead-peer-detection timeout '120' set vpn ipsec ike-group grp-IKE ikev2-reauth 'no' set vpn ipsec ike-group grp-IKE key-exchange 'ikev2' set vpn ipsec ike-group grp-IKE lifetime '86400' set vpn ipsec ike-group grp-IKE mobike 'disable' set vpn ipsec ike-group grp-IKE proposal 10 dh-group '19' set vpn ipsec ike-group grp-IKE proposal 10 encryption 'aes256gcm128' set vpn ipsec ike-group grp-IKE proposal 10 hash 'sha256' set vpn ipsec ipsec-interfaces interface 'eth1' set vpn ipsec site-to-site peer 100.64.0.2 authentication id '100.64.0.1' set vpn ipsec site-to-site peer 100.64.0.2 authentication mode 'pre-shared-secret' set vpn ipsec site-to-site peer 100.64.0.2 authentication pre-shared-secret 'SSSeeccRetT' set vpn ipsec site-to-site peer 100.64.0.2 authentication remote-id '100.64.0.2' set vpn ipsec site-to-site peer 100.64.0.2 connection-type 'initiate' set vpn ipsec site-to-site peer 100.64.0.2 ike-group 'grp-IKE' set vpn ipsec site-to-site peer 100.64.0.2 ikev2-reauth 'inherit' set vpn ipsec site-to-site peer 100.64.0.2 local-address '100.64.0.1' set vpn ipsec site-to-site peer 100.64.0.2 tunnel 0 allow-nat-networks 'disable' set vpn ipsec site-to-site peer 100.64.0.2 tunnel 0 allow-public-networks 'disable' set vpn ipsec site-to-site peer 100.64.0.2 tunnel 0 esp-group 'grp-ESP' set vpn ipsec site-to-site peer 100.64.0.2 tunnel 0 local prefix '10.11.10.0/24' set vpn ipsec site-to-site peer 100.64.0.2 tunnel 0 remote prefix '10.21.20.0/24' set vpn ipsec site-to-site peer 100.64.0.2 tunnel 1 allow-nat-networks 'disable' set vpn ipsec site-to-site peer 100.64.0.2 tunnel 1 allow-public-networks 'disable' set vpn ipsec site-to-site peer 100.64.0.2 tunnel 1 esp-group 'grp-ESP' set vpn ipsec site-to-site peer 100.64.0.2 tunnel 1 local prefix '10.10.10.0/24' set vpn ipsec site-to-site peer 100.64.0.2 tunnel 1 remote prefix '10.20.20.0/24'
Op mode
vyos@r4-roll:~$ show vpn ipsec sa Connection State Uptime Bytes In/Out Packets In/Out Remote address Remote ID Proposal ------------------------ ------- -------- -------------- ---------------- ---------------- ----------- ---------------------- peer-100.64.0.2-tunnel-0 up 9m4s 0B/0B 0/0 100.64.0.2 N/A AES_GCM_16_256 peer-100.64.0.2-tunnel-0 up 9m4s 0B/0B 0/0 100.64.0.2 N/A AES_GCM_16_256/ECP_256 vyos@r4-roll:~$
Vici shows correct tunnel names
OrderedDict([('uniqueid', b'1'),
('version', b'2'),
('state', b'ESTABLISHED'),
('local-host', b'100.64.0.1'),
('local-port', b'500'),
('local-id', b'100.64.0.1'),
('remote-host', b'100.64.0.2'),
('remote-port', b'500'),
('remote-id', b'100.64.0.2'),
('initiator', b'yes'),
('initiator-spi', b'b84053a6c941bbca'),
('responder-spi', b'a458ce49ad061a1d'),
('encr-alg', b'AES_GCM_16'),
('encr-keysize', b'256'),
('prf-alg', b'PRF_HMAC_SHA2_256'),
('dh-group', b'ECP_256'),
('established', b'1110'),
('rekey-time', b'84631'),
('child-sas',
OrderedDict([('peer-100.64.0.2-tunnel-0-1',
OrderedDict([('name', b'peer-100.64.0.2-tunnel-0'),
('uniqueid', b'1'),
('reqid', b'1'),
('state', b'INSTALLED'),
('mode', b'TUNNEL'),
('protocol', b'ESP'),
('spi-in', b'ce364934'),
('spi-out', b'c226de16'),
('encr-alg', b'AES_GCM_16'),
('encr-keysize', b'256'),
('bytes-in', b'0'),
('packets-in', b'0'),
('bytes-out', b'0'),
('packets-out', b'0'),
('rekey-time', b'26631'),
('life-time', b'27690'),
('install-time', b'1110'),
('local-ts', [b'10.11.10.0/24']),
('remote-ts', [b'10.21.20.0/24'])])),
('peer-100.64.0.2-tunnel-1-2',
OrderedDict([('name', b'peer-100.64.0.2-tunnel-1'),
('uniqueid', b'2'),
('reqid', b'2'),
('state', b'INSTALLED'),
('mode', b'TUNNEL'),
('protocol', b'ESP'),
('spi-in', b'c1a60ea8'),
('spi-out', b'c86a7a4a'),
('encr-alg', b'AES_GCM_16'),
('encr-keysize', b'256'),
('dh-group', b'ECP_256'),
('bytes-in', b'0'),
('packets-in', b'0'),
('bytes-out', b'0'),
('packets-out', b'0'),
('rekey-time', b'26733'),
('life-time', b'27690'),
('install-time', b'1110'),
('local-ts', [b'10.10.10.0/24']),
('remote-ts',
[b'10.20.20.0/24'])]))]))])https://github.com/vyos/vyos-1x/blob/current/src/op_mode/show_ipsec_sa.py