To reproduce add l2tp configuration and delete it:
set interfaces dummy dum0 address 203.0.113.1/32 set vpn ipsec ipsec-interfaces interface dum0 set vpn ipsec nat-networks allowed-network 0.0.0.0/0 set vpn ipsec nat-traversal 'enable' set vpn l2tp remote-access authentication local-users username foo password bar set vpn l2tp remote-access authentication mode 'local' set vpn l2tp remote-access authentication require 'chap' set vpn l2tp remote-access client-ip-pool start 10.200.100.100 set vpn l2tp remote-access client-ip-pool stop 10.200.100.110 set vpn l2tp remote-access description 'VPN-REMOTE' set vpn l2tp remote-access dns-servers server-1 '1.1.1.1' set vpn l2tp remote-access idle '1800' set vpn l2tp remote-access ipsec-settings authentication mode 'pre-shared-secret' set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret SeCret set vpn l2tp remote-access ipsec-settings ike-lifetime '8600' set vpn l2tp remote-access ipsec-settings lifetime '3600' set vpn l2tp remote-access outside-address 203.0.113.1
Delete l2tp:
[email protected]# delete vpn l2tp [edit] [email protected]# commit [ vpn ] Note: the IPsec process will not start until you configure some tunnels, profiles, or L2TP/IPsec settings [edit] [email protected]#
File still present:
[email protected]# sudo cat /etc/ipsec.d/tunnels/remote-access ### VyOS L2TP VPN Begin ### conn remote-access type=transport left=203.0.113.1 leftsubnet=%dynamic[/1701] rightsubnet=%dynamic mark_in=%unique auto=add ike=aes256-sha1-modp1024,3des-sha1-modp1024,3des-sha1-modp1024! dpddelay=15 dpdtimeout=45 dpdaction=clear esp=aes256-sha1,3des-sha1! rekey=no authby=secret leftauth=psk rightauth=psk ikelifetime=8600 keylife=3600 ### VyOS L2TP VPN End ###[edit] [email protected]#
Secrets also still present:
[email protected]# sudo cat /etc/ipsec.secrets # generated by /opt/vyatta/sbin/vpn-config.pl ### VyOS L2TP VPN Begin ### 203.0.113.1 %any : PSK "SeCret" ### VyOS L2TP VPN End ### [edit] [email protected]#
Swanctl:
[email protected]# sudo swanctl -L remote-access: IKEv1, no reauthentication, dpd delay 15s local: 203.0.113.1 remote: %any local pre-shared key authentication: id: 203.0.113.1 remote pre-shared key authentication: remote-access: TRANSPORT, no rekeying, dpd action is clear local: dynamic[0/l2f] remote: dynamic [edit] [email protected]#