IPsec VPN, how to "disconnect" from the cli?

jef

I have a multiple ipsec vpn tunnels, 1 of them quits working, yet the tunnel remains "Green".   If in the webpage I click on "Disconnect" it fixes the tunnel and the connection is resumed.

VPN Connection / IPv4 Configuration /
Select the trouble tunnel "row" with the "Activated  bulb that is On" and "Green World", click "Disconnect" and tada the tunnel resumes functionality.

I am not sure of any setting(s) that can prevent / detect or fix this. 

I have "nailed up" and "ICPM" checks on.  

I was thinking if there was a way in CLI to do a "disconnect" it would be easy and script-able when this tunnel fails.   But reading in the CLI documentation I can't find anywhere to "activate" or "connect" or "inactivate" etc an existing vpn ipsec policy.

please help

Zyxel_Jeff

Hello @jef

Welcome to the Zyxel community. I am Jeff, too. Nice to meet you ! Regarding your situation, you can disable the "nailed up" option in your VPN connection profile and the peer site VPN connection. 


Once you disable the "nailed up" option and your device won't initiate IPsec SA automatically, I quoted the user guide for you, as below:


Thanks.

jef

Hi Jeff, thanks.

Are you saying that "Nailed-Up" is causing the problem?

And is there a CLI for ipsec "disconnect" ?

I have removed the 'check' from "Nailed-Up" on that tunnel, I'll see if it becomes more stable.