set interfaces tunnel tun1
set interfaces tunnel tun1 address 192.168.111.1/24
set interfaces tunnel tun1 description "IPIP Tunnel to Branch1"
set interfaces tunnel tun1 encapsulation ipip
set interfaces tunnel tun1 local-ip 192.168.200.1
set interfaces tunnel tun1 remote-ip 192.168.220.1

set interfaces tunnel tun2
set interfaces tunnel tun2 address 192.168.121.1/24
set interfaces tunnel tun2 description "IPIP Tunnel to Branch2"
set interfaces tunnel tun2 encapsulation ipip
set interfaces tunnel tun2 local-ip 192.168.210.1
set interfaces tunnel tun2 remote-ip 192.168.230.1

set vpn ipsec ipsec-interfaces interface eth0

set vpn ipsec ike-group IKE-IPIP proposal 1
set vpn ipsec ike-group IKE-IPIP proposal 1 encryption aes128
set vpn ipsec ike-group IKE-IPIP proposal 1 hash sha1
set vpn ipsec ike-group IKE-IPIP proposal 1 dh-group 5
set vpn ipsec ike-group IKE-IPIP lifetime 28800

set vpn ipsec esp-group ESP-IPIP proposal 1
set vpn ipsec esp-group ESP-IPIP proposal 1 encryption aes128
set vpn ipsec esp-group ESP-IPIP proposal 1 hash sha1
set vpn ipsec esp-group ESP-IPIP pfs
set vpn ipsec esp-group ESP-IPIP lifetime 3600

set vpn ipsec site-to-site peer 192.168.50.3 authentication mode pre-shared-secret
edit vpn ipsec site-to-site peer 192.168.50.3
set authentication pre-shared-secret 12345
set ike-group IKE-IPIP
set local-ip 192.168.50.2
set tunnel 1 local-subnet 192.168.200.0/24
set tunnel 1 remote-subnet 192.168.220.0/24
set tunnel 1 esp-group ESP-IPIP
top

set vpn ipsec site-to-site peer 192.168.50.4 authentication mode pre-shared-secret
edit vpn ipsec site-to-site peer 192.168.50.4
set authentication pre-shared-secret 67890
set ike-group IKE-IPIP
set local-ip 192.168.50.2
set tunnel 1 local-subnet 192.168.210.0/24
set tunnel 1 remote-subnet 192.168.230.0/24
set tunnel 1 esp-group ESP-IPIP
top
commit