Ikv2 not working

we are unable to configure ikv2 version

Hi @yuvraj, I think in your case you need to describe which config and VyOS version you have and what in routers logs from both sides. Also, it will be better to describe/draw your topology.

vyos@vyos:~$ show vpn ipsec sa
Connection State Uptime Bytes In/Out Packets In/Out Remote address Remote ID Proposal


peer-221.134.101.162-tunnel-1 down N/A N/A N/A N/A N/A N/A

vyos@vyos# show vpn ipsec site-to-site peer x.x.x.x
authentication {
mode pre-shared-secret
pre-shared-secret “secret”
}
connection-type initiate
default-esp-group ESP-FSS
description fss
ike-group IKE-FSS
ikev2-reauth inherit
local-address x.x.x.x
tunnel 1 {
allow-nat-networks disable
allow-public-networks disable
local {
prefix 10.1.254.102/32
}
remote {
prefix 192.168.190.8/29
}
}

@yuvraj What device/configuration on the other side?
Can you ping your peer?

I found below error for ipsec

root@vyos:~# /etc/init.d/ipsec status
● strongswan.service - strongSwan IPsec IKEv1/IKEv2 daemon using ipsec.conf
Loaded: loaded (/lib/systemd/system/strongswan.service; disabled; vendor preset: enabled)
Active: inactive (dead)

Aug 04 12:24:48 vyos ipsec_starter[5905]: starter is already running (/var/run/starter.charon.pid exists) – no fork done
Aug 04 12:24:48 vyos systemd[1]: strongswan.service: Succeeded.
Aug 04 12:25:33 vyos systemd[1]: Started strongSwan IPsec IKEv1/IKEv2 daemon using ipsec.conf.
Aug 04 12:25:34 vyos ipsec[6103]: Starting strongSwan 5.7.2 IPsec [starter]…
Aug 04 12:25:34 vyos ipsec_starter[6103]: Starting strongSwan 5.7.2 IPsec [starter]…
Aug 04 12:25:34 vyos ipsec[6103]: charon is already running (/var/run/charon.pid exists) – skipping daemon start
Aug 04 12:25:34 vyos ipsec_starter[6103]: charon is already running (/var/run/charon.pid exists) – skipping daemon start
Aug 04 12:25:34 vyos ipsec[6103]: starter is already running (/var/run/starter.charon.pid exists) – no fork done
Aug 04 12:25:34 vyos ipsec_starter[6103]: starter is already running (/var/run/starter.charon.pid exists) – no fork done
Aug 04 12:25:34 vyos systemd[1]: strongswan.service: Succeeded.

Hello @yuvraj, for the security reason you need to mask all your public IP and private data. You can use stripe-private as an example show configuration commands | strip-private

Which VyOS version using? Provide please output of the command

show configuration commands | match vpn | strip-private