I've tried to create an ipsec based VPN configuration through uci commands. When I compare the "uci show ipsec" commands it's an exact match as compared to creating the same VPN through the web gui. Also when comparing the /etc/config/ipsec file (created through uci) with the same file (created through web) it's the same. Still the web created VPN works without issue's, the uci created VPN somehow doesn't work. It shows up in the gui (correctly). But when running the "ipsec showall" command, it doesn't show an SA (I've commited and reloaded the ipsec config, also rebooted the router).
Output of the "show ipsec" command (some details modified).
ipsec.@ipsec[0]=ipsec
ipsec.@ipsec[0].rtinstall_enabled='1'
ipsec.MyVPN=remote
ipsec.MyVPN.crypto_proposal='MyVPN_ph1'
ipsec.MyVPN.force_crypto_proposal='1'
ipsec.MyVPN.gateway='vpnmgmt.MyVPN.tld'
ipsec.MyVPN.authentication_method='psk'
ipsec.MyVPN.pre_shared_key='*********************************************'
ipsec.MyVPN.tunnel='MyVPN_c'
ipsec.MyVPN.remote_identifier='1.2.3.4'
ipsec.MyVPN.local_identifier='W99-RTR01'
ipsec.MyVPN._multiple_secrets='0'
ipsec.MyVPN.enabled='1'
ipsec.MyVPN_c=connection
ipsec.MyVPN_c.crypto_proposal='MyVPN_ph2'
ipsec.MyVPN_c.defaultroute='0'
ipsec.MyVPN_c.forceencaps='no'
ipsec.MyVPN_c.local_firewall='yes'
ipsec.MyVPN_c.remote_firewall='yes'
ipsec.MyVPN_c._dpd='1'
ipsec.MyVPN_c.force_crypto_proposal='1'
ipsec.MyVPN_c.mode='start'
ipsec.MyVPN_c.type='tunnel'
ipsec.MyVPN_c.keyexchange='ikev2'
ipsec.MyVPN_c.dpdaction='restart'
ipsec.MyVPN_c.remote_subnet='192.168.222.0/24' '10.20.0.0/16'
ipsec.MyVPN_c.comp_mode='1'
ipsec.MyVPN_c.aggressive='no'
ipsec.MyVPN_c.local_subnet='10.100.99.254/32' '10.101.99.0/25'
ipsec.MyVPN_ph1=proposal
ipsec.MyVPN_ph1.encryption_algorithm='aes256'
ipsec.MyVPN_ph1.hash_algorithm='sha256'
ipsec.MyVPN_ph1.dh_group='modp2048'
ipsec.MyVPN_ph2=proposal
--------------------
Output of the "ipsec showall"
Status of IKE charon daemon (strongSwan 5.9.2, Linux 5.4.147, armv7l):
uptime: 74 minutes, since Sep 22 11:43:21 2022
worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 0
loaded plugins: charon aes des sha2 sha1 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs8 pgp pem openssl gmp xcbc hmac kernel-netlink socket-default stroke vici updown eap-identity eap-mschapv2 xauth-generic
Listening IP addresses:
10.178.51.58
10.101.99.2
fd79:8e10:b7c9::1
Connections:
Security Associations (0 up, 0 connecting):
none
---------------------------
I've added the troubleshoot file.
There was an earlier question from someone running into the same issue, but that wasn't answered.