Configure IPv6 IPsec peer and try to reset
VyOS config:
set vpn ipsec esp-group grp-ESP compression 'disable' set vpn ipsec esp-group grp-ESP lifetime '28800' set vpn ipsec esp-group grp-ESP mode 'tunnel' set vpn ipsec esp-group grp-ESP pfs 'enable' set vpn ipsec esp-group grp-ESP proposal 10 encryption 'aes256gcm128' set vpn ipsec esp-group grp-ESP proposal 10 hash 'sha256' set vpn ipsec ike-group grp-IKE dead-peer-detection action 'hold' set vpn ipsec ike-group grp-IKE dead-peer-detection interval '30' set vpn ipsec ike-group grp-IKE dead-peer-detection timeout '120' set vpn ipsec ike-group grp-IKE ikev2-reauth 'no' set vpn ipsec ike-group grp-IKE key-exchange 'ikev2' set vpn ipsec ike-group grp-IKE lifetime '86400' set vpn ipsec ike-group grp-IKE mobike 'disable' set vpn ipsec ike-group grp-IKE proposal 10 dh-group '14' set vpn ipsec ike-group grp-IKE proposal 10 encryption 'aes256gcm128' set vpn ipsec ike-group grp-IKE proposal 10 hash 'sha256' set vpn ipsec interface 'eth1' set vpn ipsec site-to-site peer 2001:db8::2 authentication id '2001:db8::1' set vpn ipsec site-to-site peer 2001:db8::2 authentication mode 'pre-shared-secret' set vpn ipsec site-to-site peer 2001:db8::2 authentication pre-shared-secret 'SSSeeccRetT' set vpn ipsec site-to-site peer 2001:db8::2 authentication remote-id '2001:db8::2' set vpn ipsec site-to-site peer 2001:db8::2 connection-type 'initiate' set vpn ipsec site-to-site peer 2001:db8::2 ike-group 'grp-IKE' set vpn ipsec site-to-site peer 2001:db8::2 ikev2-reauth 'inherit' set vpn ipsec site-to-site peer 2001:db8::2 local-address '2001:db8::1' set vpn ipsec site-to-site peer 2001:db8::2 tunnel 0 esp-group 'grp-ESP' set vpn ipsec site-to-site peer 2001:db8::2 tunnel 0 local prefix '2001:db8:1111::/64' set vpn ipsec site-to-site peer 2001:db8::2 tunnel 0 remote prefix '2001:db8:2222::/64'
Reset
vyos@r14:~$ reset vpn ipsec-peer Possible completions: 2001:db8::2 Reset all tunnels for given peer vyos@r14:~$ reset vpn ipsec-peer 2001:db8::2 Tunnel(s) not found, aborting vyos@r14:~$
Connection:
vyos@r14:~$ sudo swanctl -L peer_2001-db8--2: IKEv2, no reauthentication, rekeying every 86400s, dpd delay 30s local: 2001:db8::1 remote: 2001:db8::2 local pre-shared key authentication: id: 2001:db8::1 remote pre-shared key authentication: id: 2001:db8::2 peer_2001-db8--2_tunnel_0: TUNNEL, rekeying every 3600s, dpd action is hold local: 2001:db8:1111::/64 remote: 2001:db8:2222::/64