| The below is a standard ADVPN config: config vpn ipsec phase1-interface
edit VPN1
set type dynamic
set interface port1
set ike-version 2
set peertype any
set net-device disable
set mode-cfg enable
set proposal aes256-sha256
set add-route disable
set dpd on-idle
set dhgrp 21 14 5
set auto-discovery-sender enable
set network-overlay enable
set network-id 1
set ipv4-start-ip 10.251.1.1
set ipv4-end-ip 10.251.1.252
set ipv4-netmask 255.255.255.0
set psksecret < pre-shared key >
set dpd-retryinterval 60
next
end The 'set auto-discovery-sender enable' not only allows the ADVPN shortcut to be built but also can affect the mode-cfg settings. Below is the log without discovery-sender: 2025-07-25 01:41:31.467426 ike 0:hub2:17565: mode-cfg type 1 response 4:0AFB0123
2025-07-25 01:41:31.467567 ike 0:hub2:17565: mode-cfg received INTERNAL_IP4_ADDRESS 10.251.1.35
2025-07-25 01:41:31.467759 ike 0:hub2:17565: mode-cfg type 2 response 4:FFFFFF00
2025-07-25 01:41:31.468174 ike 0:hub2:17565: mode-cfg received INTERNAL_IP4_NETMASK 255.255.255.0
2025-07-25 01:41:31.468375 ike 0:hub2:17565: mode-cfg type 13 response 8:0000000000000000
2025-07-25 01:41:31.468611 ike 0:hub2:17565: mode-cfg received INTERNAL_IP4_SUBNET 0.0.0.0/0.0.0.0
2025-07-25 01:41:31.468838 ike 0:hub2:17565: mode-cfg received APPLICATION_VERSION 'FortiWiFi-81F-2R-POE v7.4.8,build2795,250523 (GA.M)'
2025-07-25 01:41:31.469065 ike 0:hub2: mode-cfg add 10.251.1.35/255.255.255.0 to 'hub2'/21
2025-07-25 01:41:31.503245 ike 0:hub2:17565: established IKE SA aeab315cd04737d6/d0b09d57fc3e78ec
2025-07-25 01:41:31.503409 ike 0:hub2:17565: check peer route: if_addr4_rcvd=0, if_addr6_rcvd=0, mode_cfg=1
2025-07-25 01:41:31.503542 ike 0:hub2: set oper up After enabling discovery-sender: 2025-07-25 01:43:35.043056 ike 0:hub2:17571: mode-cfg type 1 response 4:0AFB0125
2025-07-25 01:43:35.043366 ike 0:hub2:17571: mode-cfg received INTERNAL_IP4_ADDRESS 10.251.1.37
2025-07-25 01:43:35.043733 ike 0:hub2:17571: mode-cfg type 2 response 4:FFFFFF00
2025-07-25 01:43:35.043766 ike 0:hub2:17571: mode-cfg received INTERNAL_IP4_NETMASK 255.255.255.0
2025-07-25 01:43:35.044231 ike 0:hub2:17571: mode-cfg type 13 response 8:0000000000000000
2025-07-25 01:43:35.044684 ike 0:hub2:17571: mode-cfg received INTERNAL_IP4_SUBNET 0.0.0.0/0.0.0.0
2025-07-25 01:43:35.044760 ike 0:hub2:17571: mode-cfg received APPLICATION_VERSION 'FortiWiFi-81F-2R-POE v7.4.8,build2795,250523 (GA.M)'
2025-07-25 01:43:35.045164 ike 0:hub2: mode-cfg add 10.251.1.37/255.255.255.0 to 'hub2'/21
2025-07-25 01:43:35.076010 ike 0:hub2:17571: established IKE SA b0e1f9dd484416c1/ec10212c82397e6f
2025-07-25 01:43:35.076764 ike 0:hub2:17571: auto-discovery receiver
2025-07-25 01:43:35.076904 ike 0:hub2:17571: auto-discovery 2
2025-07-25 01:43:35.077451 ike 0:hub2:17571: check peer route: if_addr4_rcvd=1, if_addr6_rcvd=0, mode_cfg=1
2025-07-25 01:43:35.077499 ike 0:hub2:17571: update peer route 0.0.0.0 -> 10.251.1.251
2025-07-25 01:43:35.078264 ike 0:hub2: add peer static route 10.251.1.251 via *.*.*.* dev hub2 The result is that the hub tunnel IP address 10.251.1.251 will be injected into the spoke routing table with an ad value 15 : get router info routing-table all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
V - BGP VPNv4
* - candidate default ... Routing table for VRF=10
S* 0.0.0.0/0 [10/0] via 100.65.0.1, port4, [1/0]
...
S 10.251.1.251/32 [15/0] via hub2 tunnel *.*.*.*, [1/0] <-----------
... This is for BGP neighbour peering. So, enabling discovery-sender is fundamental, especially when multiple ADVPN tunnels are created; the BGP needs multiple static routes to each HUB tunnel IP, whereas they are in the same subnet range. | 
