Not truly a bug, but definitely a very confusing place in VyOS CLI:
set vpn ipsec interface set vpn ipsec options interface
Both use the generic interface includes:
#include <include/generic-interface-multi.xml.i> #include <include/generic-interface.xml.i>
Therefore, both have the same description and syntax (with a difference that in one case, users may include multiple entries). For users, it is absolutely impossible to find out what options do what without consulting the documentation.
In my opinion, we need to do one of the following:
- Move set vpn ipsec options interface to set vpn ipsec options flexvpn interface
- Replace set vpn ipsec options interface with a non-generic XML node, which will have in its description a clear connection to FlexVPN.
- Reorganize both options under set vpn ipsec options using clearly described CLI nodes.