vyos@vrouter01a# run show configuration commands set interfaces ethernet eth0 address '10.10.100.41/24' set interfaces ethernet eth0 hw-id '00:50:56:a0:4d:c9' set interfaces ethernet eth1 address '172.16.254.2/24' set interfaces ethernet eth2 address '172.16.252.1/24' set interfaces ethernet eth2 hw-id '00:50:56:a0:f9:a9' set interfaces loopback lo address '100.100.100.100/32' set interfaces vti vti10 address '172.16.250.1/24' set protocols bgp address-family ipv4-unicast network 172.16.250.0/24 set protocols bgp address-family ipv4-unicast network 172.16.252.0/24 set protocols bgp address-family ipv4-unicast network 172.16.253.0/24 set protocols bgp address-family ipv4-unicast network 172.16.254.0/24 set protocols bgp address-family ipv4-unicast redistribute ospf set protocols bgp local-as '65000' set protocols bgp neighbor 172.16.250.2 ebgp-multihop '2' set protocols bgp neighbor 172.16.250.2 remote-as '65000' set protocols bgp neighbor 172.16.250.2 update-source '172.16.250.1' set protocols bgp neighbor 172.16.252.2 remote-as '65001' set protocols bgp neighbor 172.16.252.2 update-source '172.16.252.1' set protocols bgp neighbor 172.16.252.3 remote-as '65001' set protocols bgp neighbor 172.16.252.3 update-source '172.16.252.1' set protocols bgp parameters router-id '172.16.252.1' set protocols static route 0.0.0.0/0 next-hop 10.10.100.1 set protocols static route 172.16.255.0/24 next-hop 172.16.254.1 set service ssh set system config-management commit-revisions '100' set system console device ttyS0 speed '115200' set system host-name 'vrouter01a' set system login user vyos authentication encrypted-password '$6$mHHKteYxr0U0wzOA$dO1/Pp6l/weljs4WxHvakxwGczVpKJKKncBUObXwEPojxbtbauV7oZKFGK2A.NmLDHQCL4z4sacRTk7KiRSWk/' set system login user vyos authentication plaintext-password '' set system ntp server time1.vyos.net set system ntp server time2.vyos.net set system ntp server time3.vyos.net set system syslog global facility all level 'info' set system syslog global facility protocols level 'debug' set vpn ipsec esp-group ESP_DEFAULT compression 'disable' set vpn ipsec esp-group ESP_DEFAULT lifetime '3600' set vpn ipsec esp-group ESP_DEFAULT mode 'tunnel' set vpn ipsec esp-group ESP_DEFAULT pfs 'dh-group19' set vpn ipsec esp-group ESP_DEFAULT proposal 10 encryption 'aes256gcm128' set vpn ipsec esp-group ESP_DEFAULT proposal 10 hash 'sha256' set vpn ipsec ike-group IKEv2_DEFAULT ikev2-reauth 'no' set vpn ipsec ike-group IKEv2_DEFAULT key-exchange 'ikev2' set vpn ipsec ike-group IKEv2_DEFAULT lifetime '10800' set vpn ipsec ike-group IKEv2_DEFAULT mobike 'disable' set vpn ipsec ike-group IKEv2_DEFAULT proposal 10 dh-group '19' set vpn ipsec ike-group IKEv2_DEFAULT proposal 10 encryption 'aes256gcm128' set vpn ipsec ike-group IKEv2_DEFAULT proposal 10 hash 'sha256' set vpn ipsec interface 'eth1' set vpn ipsec site-to-site peer 172.16.255.2 authentication id '172.16.254.2' set vpn ipsec site-to-site peer 172.16.255.2 authentication mode 'pre-shared-secret' set vpn ipsec site-to-site peer 172.16.255.2 authentication pre-shared-secret 'secretkey' set vpn ipsec site-to-site peer 172.16.255.2 authentication remote-id '172.16.255.2' set vpn ipsec site-to-site peer 172.16.255.2 connection-type 'respond' set vpn ipsec site-to-site peer 172.16.255.2 ike-group 'IKEv2_DEFAULT' set vpn ipsec site-to-site peer 172.16.255.2 ikev2-reauth 'inherit' set vpn ipsec site-to-site peer 172.16.255.2 local-address '172.16.254.2' set vpn ipsec site-to-site peer 172.16.255.2 vti bind 'vti10' set vpn ipsec site-to-site peer 172.16.255.2 vti esp-group 'ESP_DEFAULT'