diff --git a/docs/_include/draw.io/vpn_s2s_ikev2_c.drawio b/docs/_include/draw.io/vpn_s2s_ikev2_c.drawio
new file mode 100644
index 00000000..833dba76
--- /dev/null
+++ b/docs/_include/draw.io/vpn_s2s_ikev2_c.drawio
@@ -0,0 +1 @@
+7VpLc6M4EP41PpoCSbyOdhLPHjJVmUpVNnuUQbapBeQFObb3168EwjwkPzJrHKcK5xDUEq1W99etVosRfEh2PzK8Xv2kIYlHwAx3I/g4AgDYjsf/Ccq+pFi2bZaUZRaFklYTXqN/iSRWwzZRSPLWQEZpzKJ1mxjQNCUBa9FwltFte9iCxu1Z13hJFMJrgGOV+mcUslVJ9apVCPofJFquqpktU/YkuBosCfkKh3TbIMGnEXzIKGXlU7J7ILHQXqWX8r3Zkd6DYBlJ2SUvPMcQwd02m7w95GM/fv71vsVjyeUDxxu5YCks21cayOgmDYlgYo3gdLuKGHld40D0brnROW3Fklh2q0JVM5CMkV2DJIX8QWhCWLbnQ2TvGNlO+Y7EzBjaksm2tgBCqKStGtqHsLK8tPrywL1WDH+QuvmEnsAd6skyPXh3ioLnFcUdYS0ek91SBA0jiPKAGlx9jGS5/N/WVojzVaFZkzcWURw/0JhmBTdoQsfzXU7PWUb/Jo2eRfE79FTuy1U6FVqOuJM/4zmJX2gesYimvG9OGaNJY8Akjpaig1FhwNrEQpCDQ4tGQJMoqCSkKZvhJIqFXd5IFuIUS7IMcBa4GgZs1MYA8G0FA9DTYMDy/J4wgAYM3BIDCN4fBOwBAreEgItcw26DwLPgV4PAOQ8CEvJsSzZzsky4Dp5q0pSk4UQkcbw3pSlpw4HsIvYudM2XXrb+kpoXz4+7ZmPfsEkDG1M4mzmOiqbQJl6IdGhynCmYzRQ0QTnRC8kirjyB3HLylCuyFLIwdtEuxDT8qllLWrT2zZbKL5xFwgpF6yh0crrJAnJ+m2Y4WxJ23o+FmU4CsQGyKjVuYqyiZSTGLPpo59Y63MkZXmjEV1bj3HOg4cH610l/gNPmWKpBMmmmxgpf/xRf13cNp/Gz27OUSlRm4cDF+8awtRiQn1zckTh+XOzuG8g984ZrWiff4A+l3LXXH6z8+4HAHQJBIxB43h0FAvQ9AwFyQMthzY7L8iO60XHTi4MBdC3DUt29Ym07liZWXDsYAAQ+6dqoKpnc1LU9jWs7Mbf2dM4flqwAZ0kQLtdyeuefDa06xnmREk34AMtb7+rOiovlA24VzzANvswZQBVX3igZtyfj5IYAnWDD0yrWDiFt95YhphkLJAnLRDDgjlakp90MMYnCsIhYugJAO3G8RuKn7AC2qeb+FrJVT6zKUlfP+vxbIcIA9oCCclfvosCpij7NQpB7QxBUsegGKBBTDSAAYx+Y3TMgrElfBgRdhXkIB70iAZl3Fw509fMhHPQJAtCtCh5q/l8GAt3dQD+5ostzRc8AJhiSxebBxr+7ZNHS3RVcAwIfLKojwTzrWjxf4/Q4861cumCf0izBsQZjpjiKGGL9wrEOQCo5K/hqw64DsTOXhRfWm9uFCGt0UQUajZSax8IWf0dxLl6WolsaTJcl8mvA1TK7R2/f0qQzoDr7t+oMsC/A6m42vhNg4QDYvgCr1Gx886vRqruC+Z9bLkA6+GbFaoZttijEKZmX9himKY/2t8/qSvC9ACEmiwEHcv9C3QsqXQreEwze8zeeBrNfP6eTcLcC28dJvNB+7tVztfbUpqZSvjtiFHhoQHSimotQt4TjWuoewhOjG2JGd3TvWKBxOxfEOM/FDq9+7da5O7pIMze6TnL9zs7tmh11Xnx7pLByvA6rI1dEv3Ejo7XX7U/Z1kknv45LZ4SLg+fFAOFueMNoLlPCT3myvHnj09jTkf2oDwzaANKDv9tO198PaGn6O7zOHsGb9efGJdzqr7bh038=
\ No newline at end of file
diff --git a/docs/_static/images/vpn_s2s_ikev2_c.png b/docs/_static/images/vpn_s2s_ikev2_c.png
new file mode 100644
index 00000000..2d9e21b5
Binary files /dev/null and b/docs/_static/images/vpn_s2s_ikev2_c.png differ
diff --git a/docs/automation/vyos-api.rst b/docs/automation/vyos-api.rst
index 1504a05a..988ff010 100644
--- a/docs/automation/vyos-api.rst
+++ b/docs/automation/vyos-api.rst
@@ -4,7 +4,7 @@
 VyOS API
 ########
 
-for configuration and enabling the API see :ref:`http-api`
+For configuration and enabling the API see :ref:`http-api`
 
 **************
 Authentication
@@ -13,7 +13,7 @@ Authentication
 All Endpoint only listen on HTTP POST requests and the API KEY must set as
 ``key`` in the formdata.
 
-Below see one example or curl and one for python.
+Below see one example for curl and one for python.
 In the following, the documentation is reduced to curl.
 
 .. code-block:: none
@@ -314,4 +314,4 @@ To Load a configuration file.
       "success": true,
       "data": null,
       "error": null
-   }
\ No newline at end of file
+   }
diff --git a/docs/cli.rst b/docs/cli.rst
index 7578ef8d..884c3d51 100644
--- a/docs/cli.rst
+++ b/docs/cli.rst
@@ -110,8 +110,7 @@ files.
 Terminology
 ###########
 
-live
-A VyOS system has three major types of configurations:
+A live VyOS system has three major types of configurations:
 
 * **Active** or **running configuration** is the system configuration
   that is loaded  and currently active (used by VyOS). Any change in
@@ -404,7 +403,7 @@ different levels in the hierarchy.
    Use this command to preserve configuration changes upon reboot. By
    default it is stored at */config/config.boot*. In the case you want
    to store the configuration file somewhere else, you can add a local
-   path, an SCP address, an FTP address or a TFTP address. 
+   path, a SCP address, a FTP address or a TFTP address. 
 
    .. code-block:: none
 
@@ -455,7 +454,7 @@ different levels in the hierarchy.
    a firewall, and you are not sure there are no mistakes that will lock
    you out of your system. You can use confirmed commit. If you issue
    the ``commit-confirm`` command, your changes will be commited, and if
-   you don't issue issue the ``confirm`` command in 10 minutes, your
+   you don't issue  the ``confirm`` command in 10 minutes, your
    system will reboot into previous config revision.
 
    .. code-block:: none
diff --git a/docs/configuration/protocols/bgp.rst b/docs/configuration/protocols/bgp.rst
index 25ec3038..d6baa0b9 100644
--- a/docs/configuration/protocols/bgp.rst
+++ b/docs/configuration/protocols/bgp.rst
@@ -190,7 +190,7 @@ Defining Peers
 
    This command creates a new neighbor whose remote-as is . The neighbor
    address can be an IPv4 address or an IPv6 address or an interface to use
-   for the connection. The command it applicable for peer and peer group.
+   for the connection. The command is applicable for peer and peer group.
 
 .. cfgcmd:: set protocols bgp neighbor  remote-as
    internal
@@ -809,7 +809,7 @@ For outbound updates the order of preference is:
 .. cfgcmd:: set protocols bgp neighbor  address-family
     distribute-list  
 
-   This command applys the access list filters named in  to the
+   This command applies the access list filters named in  to the
    specified BGP neighbor to restrict the routing information that BGP learns
    and/or advertises. The arguments :cfgcmd:`export` and :cfgcmd:`import`
    specify the direction in which the access list are applied.
@@ -817,7 +817,7 @@ For outbound updates the order of preference is:
 .. cfgcmd:: set protocols bgp neighbor  address-family
     prefix-list  
 
-   This command applys the prfefix list filters named in  to the
+   This command applies the prfefix list filters named in  to the
    specified BGP neighbor to restrict the routing information that BGP learns
    and/or advertises. The arguments :cfgcmd:`export` and :cfgcmd:`import`
    specify the direction in which the prefix list are applied.
@@ -825,7 +825,7 @@ For outbound updates the order of preference is:
 .. cfgcmd:: set protocols bgp neighbor  address-family
     route-map  
 
-   This command applys the route map named in  to the specified BGP
+   This command applies the route map named in  to the specified BGP
    neighbor to control and modify routing information that is exchanged
    between peers. The arguments :cfgcmd:`export` and :cfgcmd:`import`
    specify the direction in which the route map are applied.
@@ -833,7 +833,7 @@ For outbound updates the order of preference is:
 .. cfgcmd:: set protocols bgp neighbor  address-family
     filter-list  
 
-   This command applys the AS path access list filters named in  to the
+   This command applies the AS path access list filters named in  to the
    specified BGP neighbor to restrict the routing information that BGP learns
    and/or advertises. The arguments :cfgcmd:`export` and :cfgcmd:`import`
    specify the direction in which the AS path access list are applied.
diff --git a/docs/configuration/system/console.rst b/docs/configuration/system/console.rst
index 4890da92..1f917e54 100644
--- a/docs/configuration/system/console.rst
+++ b/docs/configuration/system/console.rst
@@ -43,4 +43,4 @@ Major upgrades to the installed distribution may also require console access.
      control. This means you should start with a common baud rate (most likely
      9600 baud) as otherwise you probably can not connect to the device using
      high speed baud rates as your serial converter simply can not process this
-     datarate.
+     data rate.
diff --git a/docs/configuration/system/host-name.rst b/docs/configuration/system/host-name.rst
index 30efe01e..79fae851 100644
--- a/docs/configuration/system/host-name.rst
+++ b/docs/configuration/system/host-name.rst
@@ -22,7 +22,7 @@ the command line prompt.
 
 .. cfgcmd:: set system host-name 
 
-   Set system hostname. The hostname can be up to 63 characters. A hostname
+   The hostname can be up to 63 characters. A hostname
    must start and end with a letter or digit, and have as interior characters
    only letters, digits, or a hyphen.
 
diff --git a/docs/configuration/system/syslog.rst b/docs/configuration/system/syslog.rst
index 9ba9d415..ab427d99 100644
--- a/docs/configuration/system/syslog.rst
+++ b/docs/configuration/system/syslog.rst
@@ -33,7 +33,7 @@ Custom File
 
 .. cfgcmd:: set system syslog file  facility  level 
 
-   Log syslog messages to file specified via ``, for en explanation on
+   Log syslog messages to file specified via ``, for an explanation on
    :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords
    see tables below.
 
@@ -62,7 +62,7 @@ sending the messages via port 514/UDP.
 .. cfgcmd:: set system syslog host  facility  level 
 
    Log syslog messages to remote host specified by ``. The address
-   can be specified by either FQDN or IP address. For en explanation on
+   can be specified by either FQDN or IP address. For an explanation on
    :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level`
    keywords see tables below.
 
@@ -81,7 +81,7 @@ Local User Account
 
    If logging to a local user account is configured, all defined log messages
    are display on the console if the local user is logged in, if the user is not
-   logged in, no messages are being displayed. For en explanation on
+   logged in, no messages are being displayed. For an explanation on
    :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords
    see tables below.
 
diff --git a/docs/configuration/vpn/l2tp.rst b/docs/configuration/vpn/l2tp.rst
index bbe2b881..411b7b5e 100644
--- a/docs/configuration/vpn/l2tp.rst
+++ b/docs/configuration/vpn/l2tp.rst
@@ -160,7 +160,7 @@ servers can be setup and will be used subsequentially.
 RADIUS source address
 ^^^^^^^^^^^^^^^^^^^^^
 
-If you are using OSPF as IGP always the closets interface connected to the
+If you are using OSPF as IGP, always the closest interface connected to the
 RADIUS server is used. With VyOS 1.2 you can bind all outgoing RADIUS requests
 to a single source IP e.g. the loopback interface.
 
@@ -172,7 +172,7 @@ Above command will use `10.0.0.3` as source IPv4 address for all RADIUS queries
 on this NAS.
 
 .. note:: The ``source-address`` must be configured on one of VyOS interface.
-   Best proctice would be a loopback or dummy interface.
+   Best practice would be a loopback or dummy interface.
 
 RADIUS bandwidth shaping attribute
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
diff --git a/docs/configuration/vpn/site2site_ipsec.rst b/docs/configuration/vpn/site2site_ipsec.rst
index e81c5c3b..aace98aa 100644
--- a/docs/configuration/vpn/site2site_ipsec.rst
+++ b/docs/configuration/vpn/site2site_ipsec.rst
@@ -264,9 +264,15 @@ rules. (if you used the default configuration at the top of this page)
 IKEv2
 ^^^^^
 
+Example:
+
+* left local_ip: 192.168.0.10 # VPN Gateway, behind NAT device
+* left public_ip:172.18.201.10
+* right local_ip: 172.18.202.10 # right side WAN IP
+
 Imagine the following topology
 
-.. figure:: /_static/images/vpn_s2s_ikev2.png
+.. figure:: /_static/images/vpn_s2s_ikev2_c.png
    :scale: 50 %
    :alt: IPSec IKEv2 site2site VPN
 
@@ -289,9 +295,6 @@ Imagine the following topology
   set vpn ipsec esp-group ESP_DEFAULT pfs 'dh-group19'
   set vpn ipsec esp-group ESP_DEFAULT proposal 10 encryption 'aes256gcm128'
   set vpn ipsec esp-group ESP_DEFAULT proposal 10 hash 'sha256'
-  set vpn ipsec ike-group IKEv2_DEFAULT dead-peer-detection action 'hold'
-  set vpn ipsec ike-group IKEv2_DEFAULT dead-peer-detection interval '30'
-  set vpn ipsec ike-group IKEv2_DEFAULT dead-peer-detection timeout '120'
   set vpn ipsec ike-group IKEv2_DEFAULT ikev2-reauth 'no'
   set vpn ipsec ike-group IKEv2_DEFAULT key-exchange 'ikev2'
   set vpn ipsec ike-group IKEv2_DEFAULT lifetime '10800'
@@ -304,10 +307,10 @@ Imagine the following topology
   set vpn ipsec site-to-site peer 172.18.202.10 authentication mode 'pre-shared-secret'
   set vpn ipsec site-to-site peer 172.18.202.10 authentication pre-shared-secret 'secretkey'
   set vpn ipsec site-to-site peer 172.18.202.10 authentication remote-id '172.18.202.10'
-  set vpn ipsec site-to-site peer 172.18.202.10 connection-type 'initiate'
+  set vpn ipsec site-to-site peer 172.18.202.10 connection-type 'respond'
   set vpn ipsec site-to-site peer 172.18.202.10 ike-group 'IKEv2_DEFAULT'
   set vpn ipsec site-to-site peer 172.18.202.10 ikev2-reauth 'inherit'
-  set vpn ipsec site-to-site peer 172.18.202.10 local-address '172.18.201.10'
+  set vpn ipsec site-to-site peer 172.18.202.10 local-address '192.168.0.10'
   set vpn ipsec site-to-site peer 172.18.202.10 vti bind 'vti10'
   set vpn ipsec site-to-site peer 172.18.202.10 vti esp-group 'ESP_DEFAULT'
 
@@ -323,7 +326,7 @@ Imagine the following topology
   set vpn ipsec esp-group ESP_DEFAULT pfs 'dh-group19'
   set vpn ipsec esp-group ESP_DEFAULT proposal 10 encryption 'aes256gcm128'
   set vpn ipsec esp-group ESP_DEFAULT proposal 10 hash 'sha256'
-  set vpn ipsec ike-group IKEv2_DEFAULT dead-peer-detection action 'hold'
+  set vpn ipsec ike-group IKEv2_DEFAULT dead-peer-detection action 'restart'
   set vpn ipsec ike-group IKEv2_DEFAULT dead-peer-detection interval '30'
   set vpn ipsec ike-group IKEv2_DEFAULT dead-peer-detection timeout '120'
   set vpn ipsec ike-group IKEv2_DEFAULT ikev2-reauth 'no'
@@ -344,3 +347,40 @@ Imagine the following topology
   set vpn ipsec site-to-site peer 172.18.201.10 local-address '172.18.202.10'
   set vpn ipsec site-to-site peer 172.18.201.10 vti bind 'vti10'
   set vpn ipsec site-to-site peer 172.18.201.10 vti esp-group 'ESP_DEFAULT'
+
+Key Parameters:
+
+* ``authentication id/remote-id`` - IKE identification is used for validation 
+  of VPN peer devices during IKE negotiation. If you do not configure local/
+  remote-identity, the device uses the IPv4 or IPv6 address that corresponds 
+  to the local/remote peer by default.
+  In certain network setups (like ipsec interface with dynamic address, or 
+  behind the NAT ), the IKE ID received from the peer does not match the IKE 
+  gateway configured on the device. This can lead to a Phase 1 validation 
+  failure.
+  So, make sure to configure the local/remote id explicitly and ensure that the 
+  IKE ID is the same as the remote-identity configured on the peer device.
+
+* ``disable-route-autoinstall`` - This option when configured disables the
+  routes installed in the default table 220 for site-to-site ipsec.
+  It is mostly used with VTI configuration.
+
+* ``dead-peer-detection action = clear | hold | restart`` - R_U_THERE 
+  notification messages(IKEv1) or empty INFORMATIONAL messages (IKEv2) 
+  are periodically sent in order to check the liveliness of theIPsec peer. The 
+  values clear, hold, and restart all activate DPD and determine the action to 
+  perform on a timeout.
+  With ``clear`` the connection is closed with no further actions taken. 
+  ``hold`` installs a trap policy, which will catch matching traffic and tries 
+  to re-negotiate the connection on demand. 
+  ``restart`` will immediately trigger an attempt to re-negotiate the 
+  connection.
+
+* ``close-action = none | clear | hold | restart`` - defines the action to take 
+  if the remote peer unexpectedly closes a CHILD_SA (see above for meaning of 
+  values). A closeaction should not be used if the peer uses reauthentication or
+  uniqueids.
+  
+  For a responder, close-action or dead-peer-detection must not be enabled.  
+  For an initiator DPD with `restart` action, and `close-action 'restart'` 
+  is recommended in IKE profile.
diff --git a/docs/installation/install.rst b/docs/installation/install.rst
index 75c1713d..0af61ea4 100644
--- a/docs/installation/install.rst
+++ b/docs/installation/install.rst
@@ -62,7 +62,7 @@ LTS images are signed by VyOS lead package-maintainer private key. With
 the official public key, the authenticity of the package can be
 verified. :abbr:`GPG (GNU Privacy Guard)` is used for verification.
 
-.. note:: This subsection only applies e applies to LTS images, for
+.. note:: This subsection only applies to LTS images, for
    Rolling images please jump to :ref:`live_installation`.
 
 Preparing for the verification
@@ -326,7 +326,7 @@ In order to proceed with a permanent installation:
    Done!
 
 
- 3. After the installation is complete, remove the live USB stick or
+ 3. After the installation is completed, remove the live USB stick or
     CD.
 
  4. Reboot the system.
diff --git a/docs/installation/virtual/vmware.rst b/docs/installation/virtual/vmware.rst
index 28614573..c9880a01 100644
--- a/docs/installation/virtual/vmware.rst
+++ b/docs/installation/virtual/vmware.rst
@@ -17,7 +17,7 @@ installing from the ISO using the normal process around `install image`.
 Memory Contention Considerations
 --------------------------------
 When the underlying ESXi host is approaching ~92% memory utilisation it will
-start the balloon process in s a 'soft' state to start reclaiming memory from
+start the balloon process in  a 'soft' state to start reclaiming memory from
 guest operating systems. This causes an artificial pressure using the vmmemctl
 driver on memory usage on the virtual guest. As VyOS by default does not have
 a swap file, this vmmemctl pressure is unable to force processes to move in
@@ -43,4 +43,4 @@ References
 
 https://muralidba.blogspot.com/2018/03/how-does-linux-out-of-memory-oom-killer.html
 
-.. start_vyoslinter
\ No newline at end of file
+.. start_vyoslinter
diff --git a/docs/introducing/about.rst b/docs/introducing/about.rst
index 0411344b..944ff0a1 100644
--- a/docs/introducing/about.rst
+++ b/docs/introducing/about.rst
@@ -8,10 +8,10 @@ VyOS is an open source network operating system based on Debian GNU/Linux.
 
 VyOS provides a free routing platform that competes directly with other
 commercially available solutions from well known network providers. Because
-VyOS is run on standard amd64, i586 and ARM systems, it is able to be used
+VyOS runs on standard amd64, i586 and ARM systems, it is able to be used
 as a router and firewall platform for cloud deployments.
 
-We use multiple live versions of our manual hosted thankfully by
+We use multiple live versions of our manual, hosted thankfully by
 https://readthedocs.org. We will provide one version of the manual for every
 VyOS major version starting with VyOS 1.2 which will receive Long-term support
 (LTS).