How to Configure Site-to-Site IPsec VPN on Ubiquiti EdgeRouter

configure
 set vpn ipsec esp-group SiteA
 set vpn ipsec esp-group SiteA mode tunnel
 set vpn ipsec esp-group SiteA pfs enable
 set vpn ipsec esp-group SiteA proposal 1
 set vpn ipsec esp-group SiteA proposal 1 encryption aes
 set vpn ipsec esp-group SiteA proposal 1 hash sha1
 set vpn ipsec esp-group SiteA lifetime 86400
 set vpn ipsec esp-group SiteA compression disable

set vpn ipsec ike-group SiteA dead-peer-detection action restart
 set vpn ipsec ike-group SiteA dead-peer-detection interval 30
 set vpn ipsec ike-group SiteA dead-peer-detection timeout 60

set vpn ipsec ike-group SiteA proposal 1
 set vpn ipsec ike-group SiteA proposal 1 encryption aes
 set vpn ipsec ike-group SiteA proposal 1 hash sha1
 set vpn ipsec ike-group SiteA lifetime 86400
 set vpn ipsec ike-group SiteA key-exchange ikev1
 set vpn ipsec ike-group SiteA proposal 1 dh-group 2

set vpn ipsec ipsec-interfaces interface eth0
 set vpn ipsec auto-firewall-nat-exclude enable
 set vpn ipsec nat-networks allowed-network 0.0.0.0/0

set vpn ipsec site-to-site peer 77.77.77.xx
 set vpn ipsec site-to-site peer 77.77.77.xx connection-type initiate
 set vpn ipsec site-to-site peer 77.77.77.xx authentication mode pre-shared-secret
 set vpn ipsec site-to-site peer 77.77.77.xx authentication pre-shared-secret SuperSecureXXXX
 set vpn ipsec site-to-site peer 77.77.77.xx ike-group SiteA
 set vpn ipsec site-to-site peer 77.77.77.xx local-address 66.66.66.xx
 set vpn ipsec site-to-site peer 77.77.77.xx tunnel 1
 set vpn ipsec site-to-site peer 77.77.77.xx tunnel 1 esp-group SiteA
 set vpn ipsec site-to-site peer 77.77.77.xx tunnel 1 local prefix 10.10.10.0/24
 set vpn ipsec site-to-site peer 77.77.77.xx tunnel 1 remote prefix 10.10.20.0/24
 set vpn ipsec site-to-site peer 77.77.77.xx tunnel 1 allow-nat-networks disable
 set vpn ipsec site-to-site peer 77.77.77.xx tunnel 1 allow-public-networks disable

set vpn ipsec nat-traversal enable
 commit
 save

configure
 set vpn ipsec esp-group SiteB
 set vpn ipsec esp-group SiteB mode tunnel
 set vpn ipsec esp-group SiteB pfs enable
 set vpn ipsec esp-group SiteB proposal 1
 set vpn ipsec esp-group SiteB proposal 1 encryption aes
 set vpn ipsec esp-group SiteB proposal 1 hash sha1
 set vpn ipsec esp-group SiteB lifetime 86400
 set vpn ipsec esp-group SiteB compression disable

set vpn ipsec ike-group SiteB dead-peer-detection action restart
 set vpn ipsec ike-group SiteB dead-peer-detection interval 30
 set vpn ipsec ike-group SiteB dead-peer-detection timeout 60

set vpn ipsec ike-group SiteB proposal 1
 set vpn ipsec ike-group SiteB proposal 1 encryption aes
 set vpn ipsec ike-group SiteB proposal 1 hash sha1
 set vpn ipsec ike-group SiteB lifetime 86400
 set vpn ipsec ike-group SiteB key-exchange ikev1
 set vpn ipsec ike-group SiteB proposal 1 dh-group 2

set vpn ipsec ipsec-interfaces interface eth0
 set vpn ipsec auto-firewall-nat-exclude enable
 set vpn ipsec nat-networks allowed-network 0.0.0.0/0

set vpn ipsec site-to-site peer 66.66.66.xx
 set vpn ipsec site-to-site peer 66.66.66.xx connection-type initiate
 set vpn ipsec site-to-site peer 66.66.66.xx authentication mode pre-shared-secret
 set vpn ipsec site-to-site peer 66.66.66.xx authentication pre-shared-secret SuperSecureXXXX
 set vpn ipsec site-to-site peer 66.66.66.xx ike-group SiteB
 set vpn ipsec site-to-site peer 66.66.66.xx local-address 77.77.77.xx
 set vpn ipsec site-to-site peer 66.66.66.xx tunnel 1
 set vpn ipsec site-to-site peer 66.66.66.xx tunnel 1 esp-group SiteB
 set vpn ipsec site-to-site peer 66.66.66.xx tunnel 1 local prefix 10.10.20.0/24
 set vpn ipsec site-to-site peer 66.66.66.xx tunnel 1 remote prefix 10.10.10.0/24
 set vpn ipsec site-to-site peer 66.66.66.xx tunnel 1 allow-nat-networks disable
 set vpn ipsec site-to-site peer 66.66.66.xx tunnel 1 allow-public-networks disable

set vpn ipsec nat-traversal enable
 commit
 save