Is this a bug? ipsec processes hang around after removing config with rollback in 1.2 rolling

I’m a newb to VyOS and have installed it on a my home internet gateway.
So far it’s been pretty good. I’ve installed the current rolling version vyos-1.2.0-rolling-201806081250-amd64.iso as the stable version would not install on the Zotac CI323 Nano mini PC I am using.
I’m not sure if the below behaviour is a bug, or I am missing something in how VyOS config works:

What I have hit is that after trying an unsuccessful ipsec config (I am new to this on VyOS as well), I then revert to my working config with no ipsec using “rollback” there is still signs of the ipsec config and processes loitering about outside of the VyOS config, and I have to do "sudo bash; /etc/init.d/ipsec stop from the console to have my stable (no ipsec) VyOS config actually working.
It’s my understanding that the VyOS config should be driven entirely from the config changes, so would this be a bug that I have to stop ipsec using init script, after reverting a config change to remove all ipsec VyOS config ?

The config I am attempting is essentially the same as Create Site to Site VPN Between AWS & Vyatta vRouter - Fir3net except with specific config info from my server and AWS.