How to reproduce the issue:
Version: 1.4-rolling-202106271939
Basic Configuration:
Left:
```
set vpn ipsec esp-group espA proposal 1 encryption 'aes256'
set vpn ipsec esp-group espA proposal 1 hash 'sha1'
set vpn ipsec ike-group ikeA proposal 1 encryption 'aes256'
set vpn ipsec ike-group ikeA proposal 1 hash 'sha1'
set vpn ipsec ipsec-interfaces interface 'eth1'
set vpn ipsec site-to-site peer 22.22.22.2 authentication mode 'pre-shared-secret'
set vpn ipsec site-to-site peer 22.22.22.2 authentication pre-shared-secret 'vyos'
set vpn ipsec site-to-site peer 22.22.22.2 ike-group 'ikeA'
set vpn ipsec site-to-site peer 22.22.22.2 local-address '22.22.22.1'
set vpn ipsec site-to-site peer 22.22.22.2 vti bind 'vti0'
set vpn ipsec site-to-site peer 22.22.22.2 vti esp-group 'espA'
```
Right:
```
set vpn ipsec esp-group espA proposal 1 encryption 'aes256'
set vpn ipsec esp-group espA proposal 1 hash 'sha1'
set vpn ipsec ike-group ikeA proposal 1 encryption 'aes256'
set vpn ipsec ike-group ikeA proposal 1 hash 'sha1'
set vpn ipsec ipsec-interfaces interface 'eth1'
set vpn ipsec site-to-site peer 22.22.22.1 authentication mode 'pre-shared-secret'
set vpn ipsec site-to-site peer 22.22.22.1 authentication pre-shared-secret 'vyos'
set vpn ipsec site-to-site peer 22.22.22.1 connection-type 'respond'
set vpn ipsec site-to-site peer 22.22.22.1 ike-group 'ikeA'
set vpn ipsec site-to-site peer 22.22.22.1 local-address '22.22.22.2'
set vpn ipsec site-to-site peer 22.22.22.1 vti bind 'vti0'
set vpn ipsec site-to-site peer 22.22.22.1 vti esp-group 'espA'
```
{F1499924}
After I add the key-exchange parameter explicitly, then it shows the ikev1 version.
```
vyos@vyos# set vpn ipsec ike-group ikeA key-exchange
Possible completions:
ikev1 Use IKEv1 for Key Exchange [DEFAULT]
ikev2 Use IKEv2 for Key Exchange
[edit]
vyos@vyos# set vpn ipsec ike-group ikeA key-exchange ikev1
[edit]
vyos@vyos# compare
[edit vpn ipsec ike-group ikeA]
+key-exchange ikev1
[edit]
vyos@vyos# commit
[ vpn ipsec ]
loaded ike secret 'ike_22-22-22-2'
loaded connection 'peer_22-22-22-2'
successfully loaded 1 connections, 0 unloaded
[edit]
vyos@vyos# run sh vpn ike sa
Peer ID / IP Local ID / IP
------------ -------------
22.22.22.2 22.22.22.2 22.22.22.1 22.22.22.1
State IKEVer Encrypt Hash D-H Group NAT-T A-Time L-Te
----- ------ ------- ---- --------- ----- ------ ----
up IKEv1 AES_CBC_256 HMAC_SHA1_96 MODP_1024 no 33 0
```
But after the commit, "show vpn ipsec sa" is showing down.
```
vyos@vyos# run sh vpn ipsec sa
Connection State Uptime Bytes In/Out Packets In/Out Remote address Remote ID Proposal
------------------- ------- -------- -------------- ---------------- ---------------- ----------- ----------
peer_22-22-22-2_vti down N/A N/A N/A N/A N/A N/A
[edit]
vyos@vyos# run sh vpn ipsec status
IPSec Process Running: 1450
Security Associations (1 up, 0 connecting):
peer_22-22-22-2[2]: ESTABLISHED 27 minutes ago, 22.22.22.1[22.22.22.1]...22.22.22.2[22.22.22.2]
vyos@vyos# sudo ipsec statusall
Status of IKE charon daemon (strongSwan 5.9.1, Linux 5.10.46-amd64-vyos, x86_64):
uptime: 32 minutes, since Jun 28 10:49:03 2021
malloc: sbrk 1994752, mmap 0, used 1105824, free 888928
worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 4
loaded plugins: charon test-vectors ldap pkcs11 tpm aes rc2 sha2 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl gcrypt af-alg fips-prf gmp curve25519 agent chapoly xcbc cmac hmac ctr ccm gcm drbg curl attr kernel-netlink resolve socket-default connmark stroke vici updown eap-identity eap-aka eap-md5 eap-gtc eap-radius eap-tls eap-ttls eap-tnc xauth-eap xauth-pam tnc-tnccs dhcp lookip error-notify certexpire led addrblock counters
Listening IP addresses:
22.22.22.1
Connections:
peer_22-22-22-2: 22.22.22.1...22.22.22.2 IKEv1
peer_22-22-22-2: local: uses pre-shared key authentication
peer_22-22-22-2: remote: uses pre-shared key authentication
peer_22-22-22-2_vti: child: 0.0.0.0/0 ::/0 === 0.0.0.0/0 ::/0 TUNNEL
Security Associations (1 up, 0 connecting):
peer_22-22-22-2[2]: ESTABLISHED 27 minutes ago, 22.22.22.1[22.22.22.1]...22.22.22.2[22.22.22.2]
peer_22-22-22-2[2]: IKEv1 SPIs: e248d94d25bb952f_i* 07cfcc3cbff29312_r, rekeying in 3 hours
peer_22-22-22-2[2]: IKE proposal: AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
```
There is no config in this location, I am not sure if the file has been changed:
```
vyos@vyos# sudo cat /etc/ipsec.conf
# Created by VyOS - manual changes will be overwritten
config setup
charondebug = ""
uniqueids = yes
```
NOTE: In previous versions, the default values are shown in the running configuration after the vpn settings are applied.