Op-mode command show vpn ipsec sa shows established time from parent SA
Expected time - from child SA
vyos@r4-epa2:~$ show vpn ipsec sa Connection State Uptime Bytes In/Out Packets In/Out Remote address Remote ID Proposal ----------------------- ------- -------- -------------- ---------------- ---------------- ----------- ---------------------------------- peer-192.0.2.2-tunnel-0 up 3m11s 0B/0B 0/0 192.0.2.2 N/A AES_CBC_256/HMAC_SHA1_96/MODP_1024 peer-192.0.2.2-tunnel-1 up 3m11s 0B/0B 0/0 192.0.2.2 N/A AES_CBC_256/HMAC_SHA1_96/MODP_1024 peer-192.0.2.2-tunnel-2 up 3m11s 0B/0B 0/0 192.0.2.2 N/A AES_CBC_256/HMAC_SHA1_96/MODP_1024 vyos@r4-epa2:~$ vyos@r4-epa2:~$ vyos@r4-epa2:~$ reset vpn ipsec-peer 192.0.2.2 tunnel 2 Resetting tunnel 2 with peer 192.0.2.2... vyos@r4-epa2:~$ vyos@r4-epa2:~$ show vpn ipsec sa Connection State Uptime Bytes In/Out Packets In/Out Remote address Remote ID Proposal ----------------------- ------- -------- -------------- ---------------- ---------------- ----------- ---------------------------------- peer-192.0.2.2-tunnel-0 up 3m27s 0B/0B 0/0 192.0.2.2 N/A AES_CBC_256/HMAC_SHA1_96/MODP_1024 peer-192.0.2.2-tunnel-1 up 3m27s 0B/0B 0/0 192.0.2.2 N/A AES_CBC_256/HMAC_SHA1_96/MODP_1024 peer-192.0.2.2-tunnel-2 up 3m27s 0B/0B 0/0 192.0.2.2 N/A AES_CBC_256/HMAC_SHA1_96/MODP_1024
Check swanctl:
vyos@r4-epa2:~$ sudo swanctl -l peer-192.0.2.2-tunnel-0: #1, ESTABLISHED, IKEv1, fa77b2204b9f7ea4_i* b1e373702370e3fc_r local '192.0.2.1' @ 192.0.2.1[500] remote '192.0.2.2' @ 192.0.2.2[500] AES_CBC-256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 established 212s ago, reauth in 2348s ... ... peer-192.0.2.2-tunnel-2: #5, reqid 3, INSTALLED, TUNNEL, ESP:AES_CBC-256/HMAC_SHA1_96/MODP_1024 installed 8s ago, rekeying in 860s, expires in 1792s in c60e0588, 0 bytes, 0 packets out cc251e07, 0 bytes, 0 packets local 10.1.3.0/24 remote 10.2.3.0/24