interfaces { ethernet eth0 { address dhcp duplex auto smp-affinity auto speed auto } ethernet eth1 { vif 1000 { address 172.30.1.1/30 } } loopback lo { } vti vti0 { address 172.30.1.5/30 description "S2S Link" } } service { ssh { port 22 } } system { config-management { commit-revisions 20 } host-name vyos login { user vyos { authentication { encrypted-password **************** plaintext-password **************** public-keys tnt@whatever.lain { key **************** type ssh-rsa } } level admin } } ntp { server 0.pool.ntp.org { } server 1.pool.ntp.org { } server 2.pool.ntp.org { } } syslog { global { facility all { level notice } facility protocols { level debug } } } time-zone UTC } vpn { ipsec { esp-group esp-s2s { compression disable lifetime 3600 mode tunnel pfs dh-group20 proposal 1 { encryption aes128gcm128 hash sha256 } } ike-group ike-s2s { dead-peer-detection { action clear interval 15 timeout 30 } ikev2-reauth no key-exchange ikev2 lifetime 28800 proposal 1 { dh-group 20 encryption aes128gcm128 hash sha256 } } ipsec-interfaces { interface eth1.1000 } site-to-site { peer 172.30.1.2 { authentication { id 172.30.1.1 mode pre-shared-secret pre-shared-secret **************** } connection-type initiate default-esp-group esp-s2s ike-group ike-s2s ikev2-reauth inherit local-address 172.30.1.1 vti { bind vti0 esp-group esp-s2s } } } } }