vyos@vyos# show | commands
set interfaces ethernet eth0 address '10.2.3.2/30'
set interfaces loopback lo address '172.2.3.1/30'
set interfaces loopback lo address '192.168.2.1/24'
set interfaces loopback lo address '10.20.20.1/24'
set protocols static route 0.0.0.0/0 next-hop 10.2.3.1


set vpn ipsec esp-group VR02_esp compression 'disable'
set vpn ipsec esp-group VR02_esp lifetime '3600'
set vpn ipsec esp-group VR02_esp mode 'tunnel'
set vpn ipsec esp-group VR02_esp pfs 'disable'
set vpn ipsec esp-group VR02_esp proposal 1 encryption 'aes256'
set vpn ipsec esp-group VR02_esp proposal 1 hash 'sha256'
set vpn ipsec ike-group VR02_ike close-action 'none'
set vpn ipsec ike-group VR02_ike ikev2-reauth 'no'
set vpn ipsec ike-group VR02_ike key-exchange 'ikev2'
set vpn ipsec ike-group VR02_ike lifetime '86400'
set vpn ipsec ike-group VR02_ike mobike 'disable'
set vpn ipsec ike-group VR02_ike proposal 1 dh-group '14'
set vpn ipsec ike-group VR02_ike proposal 1 encryption 'aes256'
set vpn ipsec ike-group VR02_ike proposal 1 hash 'sha256'
set vpn ipsec ipsec-interfaces interface 'lo'
set vpn ipsec logging log-level '1'
set vpn ipsec site-to-site peer 10.4.1.2 authentication mode 'pre-shared-secret'
set vpn ipsec site-to-site peer 10.4.1.2 authentication pre-shared-secret 'salam'
set vpn ipsec site-to-site peer 10.4.1.2 connection-type 'initiate'
set vpn ipsec site-to-site peer 10.4.1.2 force-encapsulation 'enable'
set vpn ipsec site-to-site peer 10.4.1.2 ike-group 'VR02_ike'
set vpn ipsec site-to-site peer 10.4.1.2 ikev2-reauth 'inherit'
set vpn ipsec site-to-site peer 10.4.1.2 local-address '192.168.2.1'
set vpn ipsec site-to-site peer 10.4.1.2 tunnel 0 allow-nat-networks 'disable'
set vpn ipsec site-to-site peer 10.4.1.2 tunnel 0 allow-public-networks 'disable'
set vpn ipsec site-to-site peer 10.4.1.2 tunnel 0 esp-group 'VR02_esp'
set vpn ipsec site-to-site peer 10.4.1.2 tunnel 0 local prefix '10.20.20.0/24'
set vpn ipsec site-to-site peer 10.4.1.2 tunnel 0 remote prefix '10.10.10.0/24'
[edit]