set interfaces ethernet eth0 address '192.168.122.14/24'
set interfaces ethernet eth0 description 'Wan'
set interfaces ethernet eth1 address '100.64.0.2/30'
set interfaces ethernet eth1 address '192.0.2.1/30'
set interfaces ethernet eth1 description 'Lan'
set interfaces vti vti1 address '10.0.102.2/30'
set interfaces vti vti1 description 'Tunnel to 100.64.0.1'
set protocols static route 0.0.0.0/0 next-hop 192.168.122.1
set vpn ipsec esp-group ESP-GRP compression 'disable'
set vpn ipsec esp-group ESP-GRP lifetime '1800'
set vpn ipsec esp-group ESP-GRP mode 'tunnel'
set vpn ipsec esp-group ESP-GRP pfs 'enable'
set vpn ipsec esp-group ESP-GRP proposal 1 encryption 'aes256'
set vpn ipsec esp-group ESP-GRP proposal 1 hash 'sha1'
set vpn ipsec esp-group group-ESP compression 'disable'
set vpn ipsec esp-group group-ESP lifetime '3600'
set vpn ipsec esp-group group-ESP mode 'tunnel'
set vpn ipsec esp-group group-ESP pfs 'dh-group19'
set vpn ipsec esp-group group-ESP proposal 10 encryption 'aes256gcm128'
set vpn ipsec esp-group group-ESP proposal 10 hash 'sha256'
set vpn ipsec ike-group IKE-GRP close-action 'none'
set vpn ipsec ike-group IKE-GRP ikev2-reauth 'no'
set vpn ipsec ike-group IKE-GRP key-exchange 'ikev1'
set vpn ipsec ike-group IKE-GRP lifetime '3600'
set vpn ipsec ike-group IKE-GRP proposal 1 dh-group '2'
set vpn ipsec ike-group IKE-GRP proposal 1 encryption 'aes256'
set vpn ipsec ike-group IKE-GRP proposal 1 hash 'sha1'
set vpn ipsec ike-group group-IKE close-action 'none'
set vpn ipsec ike-group group-IKE dead-peer-detection action 'hold'
set vpn ipsec ike-group group-IKE dead-peer-detection interval '30'
set vpn ipsec ike-group group-IKE dead-peer-detection timeout '120'
set vpn ipsec ike-group group-IKE ikev2-reauth 'no'
set vpn ipsec ike-group group-IKE key-exchange 'ikev2'
set vpn ipsec ike-group group-IKE lifetime '28000'
set vpn ipsec ike-group group-IKE mobike 'disable'
set vpn ipsec ike-group group-IKE proposal 10 dh-group '19'
set vpn ipsec ike-group group-IKE proposal 10 encryption 'aes256gcm128'
set vpn ipsec ike-group group-IKE proposal 10 hash 'sha256'
set vpn ipsec ipsec-interfaces interface 'eth1'
set vpn ipsec site-to-site peer 100.64.0.1 authentication id '100.64.0.2'
set vpn ipsec site-to-site peer 100.64.0.1 authentication mode 'pre-shared-secret'
set vpn ipsec site-to-site peer 100.64.0.1 authentication pre-shared-secret 'SSSecccRetT'
set vpn ipsec site-to-site peer 100.64.0.1 authentication remote-id '100.64.0.1'
set vpn ipsec site-to-site peer 100.64.0.1 connection-type 'respond'
set vpn ipsec site-to-site peer 100.64.0.1 ike-group 'group-IKE'
set vpn ipsec site-to-site peer 100.64.0.1 ikev2-reauth 'inherit'
set vpn ipsec site-to-site peer 100.64.0.1 local-address '100.64.0.2'
set vpn ipsec site-to-site peer 100.64.0.1 vti bind 'vti1'
set vpn ipsec site-to-site peer 100.64.0.1 vti esp-group 'group-ESP'
set vpn ipsec site-to-site peer 192.0.2.2 authentication mode 'pre-shared-secret'
set vpn ipsec site-to-site peer 192.0.2.2 authentication pre-shared-secret 'SeCrEt'
set vpn ipsec site-to-site peer 192.0.2.2 connection-type 'initiate'
set vpn ipsec site-to-site peer 192.0.2.2 ike-group 'IKE-GRP'
set vpn ipsec site-to-site peer 192.0.2.2 ikev2-reauth 'inherit'
set vpn ipsec site-to-site peer 192.0.2.2 local-address '192.0.2.1'
set vpn ipsec site-to-site peer 192.0.2.2 tunnel 1 allow-nat-networks 'disable'
set vpn ipsec site-to-site peer 192.0.2.2 tunnel 1 allow-public-networks 'disable'
set vpn ipsec site-to-site peer 192.0.2.2 tunnel 1 esp-group 'ESP-GRP'
set vpn ipsec site-to-site peer 192.0.2.2 tunnel 1 local prefix '10.1.1.0/24'
set vpn ipsec site-to-site peer 192.0.2.2 tunnel 1 remote prefix '10.2.1.0/24'
set vpn ipsec site-to-site peer 192.0.2.2 tunnel 2 allow-nat-networks 'disable'
set vpn ipsec site-to-site peer 192.0.2.2 tunnel 2 allow-public-networks 'disable'
set vpn ipsec site-to-site peer 192.0.2.2 tunnel 2 esp-group 'ESP-GRP'
set vpn ipsec site-to-site peer 192.0.2.2 tunnel 2 local prefix '10.1.2.0/24'
set vpn ipsec site-to-site peer 192.0.2.2 tunnel 2 remote prefix '10.2.2.0/24'
set vpn ipsec site-to-site peer 192.0.2.2 tunnel 3 allow-nat-networks 'disable'
set vpn ipsec site-to-site peer 192.0.2.2 tunnel 3 allow-public-networks 'disable'
set vpn ipsec site-to-site peer 192.0.2.2 tunnel 3 esp-group 'ESP-GRP'
set vpn ipsec site-to-site peer 192.0.2.2 tunnel 3 local prefix '10.1.3.0/24'
set vpn ipsec site-to-site peer 192.0.2.2 tunnel 3 remote prefix '10.2.3.0/24'