IPsec VPN, how to "disconnect" from the cli?

jef Posts: 37  Freshman Member
First Anniversary 10 Comments
edited November 2022 in Security
I have a multiple ipsec vpn tunnels, 1 of them quits working, yet the tunnel remains "Green".   If in the webpage I click on "Disconnect" it fixes the tunnel and the connection is resumed.

VPN Connection / IPv4 Configuration /
Select the trouble tunnel "row" with the "Activated  bulb that is On" and "Green World", click "Disconnect" and tada the tunnel resumes functionality.

I am not sure of any setting(s) that can prevent / detect or fix this. 
I have "nailed up" and "ICPM" checks on.  

I was thinking if there was a way in CLI to do a "disconnect" it would be easy and script-able when this tunnel fails.   But reading in the CLI documentation I can't find anywhere to "activate" or "connect" or "inactivate" etc an existing vpn ipsec policy.

please help

All Replies

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,066  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Hello @jef

    Welcome to the Zyxel community. I am Jeff, too. Nice to meet you :3 ! Regarding your situation, you can disable the "nailed up" option in your VPN connection profile and the peer site VPN connection. 

    Once you disable the "nailed up" option and your device won't initiate IPsec SA automatically, I quoted the user guide for you, as below:

  • jef
    jef Posts: 37  Freshman Member
    First Anniversary 10 Comments
    Hi Jeff, thanks.
    Are you saying that "Nailed-Up" is causing the problem?
    And is there a CLI for ipsec "disconnect" ?
    I have removed the 'check' from "Nailed-Up" on that tunnel, I'll see if it becomes more stable.

Security Highlight