site to site configuration. Local prefix is sourced from **loopback** interface.
```
set vpn ipsec site-to-site peer @remote_cpe authentication mode 'pre-shared-secret'
set vpn ipsec site-to-site peer @remote_cpe authentication pre-shared-secret 'xxx'
set vpn ipsec site-to-site peer @remote_cpe authentication remote-id 'remote_cpe'
set vpn ipsec site-to-site peer @remote_cpe connection-type 'respond'
set vpn ipsec site-to-site peer @remote_cpe default-esp-group 'remote_esp'
set vpn ipsec site-to-site peer @remote_cpe ike-group 'home_IKE'
set vpn ipsec site-to-site peer @remote_cpe ikev2-reauth 'inherit'
set vpn ipsec site-to-site peer @remote_cpe local-address '188.94.220.47'
set vpn ipsec site-to-site peer @remote_cpe tunnel 1 local prefix '172.18.255.26/32'
set vpn ipsec site-to-site peer @remote_cpe tunnel 1 remote prefix '172.24.32.54/32'
```
```vyos@vyos# run show int
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface IP Address S/L Description
--------- ---------- --- -----------
eth0 - u/u
eth0.42 111.11.111.47/27 u/u
eth1 172.16.179.1/24 u/u
eth2 192.168.122.69/24 u/u
lo 127.0.0.1/8 u/u
172.18.255.26/32
::1/128
...
vyos@vyos# set vpn ipsec site-to-site peer @remote_cpe tunnel 1 remote prefix '172.24.32.54/32'
vyos@vyos# commit
[ vpn ]
Warning: local prefix 172.18.255.26/32 specified for peer "@remote_cpe"
is not configured on any interfaces
```
If I source prefix from **eth1** `172.16.179.0/24` I do not get any warnings.
---
**It seems like this line is the problem:**
https://github.com/vyos/vyatta-cfg-vpn/blob/ce56258f8dd52c5a14482a1055e4f23b89e462f6/scripts/vpn-config.pl#L673
It checks for routes in `ip route show table 254` which doesn't show //loopback routes//.
To see loopback routes, one must check in `ip route show table local`