I have tried the config from the link (shared above) but didn't work as is, upon troubleshooting noticed the config is missing the line
set services ipsec-vpn rule demo-rule term demo-term then dynamic ipsec-policy demo_ipsec_policy
Also I have had to use inline service interface si-* in place of ms-* since I was trying out on vMX 18
Here is my full config in case someone needs a reference
set chassis fpc 0 pic 0 tunnel-services bandwidth 10g
set chassis fpc 0 pic 0 inline-services bandwidth 10g
set groups IPVPN-PARAMEMTERS services ipsec-vpn ipsec proposal IPVPN-IPSEC-PROPOSAL protocol esp
set groups IPVPN-PARAMEMTERS services ipsec-vpn ipsec proposal IPVPN-IPSEC-PROPOSAL authentication-algorithm hmac-sha1-96
set groups IPVPN-PARAMEMTERS services ipsec-vpn ipsec proposal IPVPN-IPSEC-PROPOSAL encryption-algorithm aes-256-cbc
set groups IPVPN-PARAMEMTERS services ipsec-vpn ipsec proposal IPVPN-IPSEC-PROPOSAL lifetime-seconds 3600
set groups IPVPN-PARAMEMTERS services ipsec-vpn ipsec policy IPVPN-IPSEC-POLICY perfect-forward-secrecy keys group14
set groups IPVPN-PARAMEMTERS services ipsec-vpn ipsec policy IPVPN-IPSEC-POLICY proposals IPVPN-IPSEC-PROPOSAL
set groups IPVPN-PARAMEMTERS services ipsec-vpn ike proposal IPVPN-IKE-PROPOSAL authentication-method pre-shared-keys
set groups IPVPN-PARAMEMTERS services ipsec-vpn ike proposal IPVPN-IKE-PROPOSAL dh-group group2
set groups IPVPN-PARAMEMTERS services ipsec-vpn ike proposal IPVPN-IKE-PROPOSAL authentication-algorithm sha1
set groups IPVPN-PARAMEMTERS services ipsec-vpn ike proposal IPVPN-IKE-PROPOSAL encryption-algorithm 3des-cbc
set groups IPVPN-PARAMEMTERS services ipsec-vpn ike proposal IPVPN-IKE-PROPOSAL lifetime-seconds 28800
set groups IPVPN-PARAMEMTERS services ipsec-vpn ike policy IPVPN-IKE-POLICY version 2
set groups IPVPN-PARAMEMTERS services ipsec-vpn ike policy IPVPN-IKE-POLICY proposals IPVPN-IKE-PROPOSAL
set groups IPVPN-PARAMEMTERS services ipsec-vpn ike policy IPVPN-IKE-POLICY local-id ipv4_addr 172.16.0.1
set groups IPVPN-PARAMEMTERS services ipsec-vpn ike policy IPVPN-IKE-POLICY remote-id ipv4_addr 172.17.0.1
set groups IPVPN-PARAMEMTERS services ipsec-vpn ike policy IPVPN-IKE-POLICY remote-id ipv4_addr 172.19.0.1
set groups IPVPN-PARAMEMTERS services ipsec-vpn ike policy IPVPN-IKE-POLICY pre-shared-key ascii-text "$9$acUDHzF6AuBEc-bY4Djp0BRSeN-wsgJSrYo"
set groups IPVPN-SITE1 services ipsec-vpn rule SITE1-RULE term 1 then remote-gateway 172.17.0.1
set groups IPVPN-SITE1 services ipsec-vpn rule SITE1-RULE term 1 then dynamic ike-policy IPVPN-IKE-POLICY
set groups IPVPN-SITE1 services ipsec-vpn rule SITE1-RULE term 1 then dynamic ipsec-policy IPVPN-IPSEC-POLICY
set groups IPVPN-SITE1 services ipsec-vpn rule SITE1-RULE match-direction input
set groups IPVPN-SITE1 services service-set SERVICESET-SITE1 next-hop-service inside-service-interface si-0/0/0.1
set groups IPVPN-SITE1 services service-set SERVICESET-SITE1 next-hop-service outside-service-interface si-0/0/0.2
set groups IPVPN-SITE1 services service-set SERVICESET-SITE1 ipsec-vpn-options local-gateway 172.16.0.1
set groups IPVPN-SITE1 services service-set SERVICESET-SITE1 ipsec-vpn-rules SITE1-RULE
set groups IPVPN-SITE1 interfaces si-0/0/0 unit 1 description "to remote internet site 1 via IPSec"
set groups IPVPN-SITE1 interfaces si-0/0/0 unit 1 family inet address 172.18.0.1/30
set groups IPVPN-SITE1 interfaces si-0/0/0 unit 1 service-domain inside
set groups IPVPN-SITE1 interfaces si-0/0/0 unit 2 description "to remote internet site 1 via IPSec"
set groups IPVPN-SITE1 interfaces si-0/0/0 unit 2 family inet
set groups IPVPN-SITE1 interfaces si-0/0/0 unit 2 service-domain outside
set groups IPVPN-SITE1 routing-instances IPVPN interface si-0/0/0.1
set groups IPVPN-SITE1 routing-instances IPVPN routing-options static route 10.10.2.0/30 next-hop si-0/0/0.1
set groups IPVPN-SITE2 services ipsec-vpn rule SITE2-RULE term 1 then remote-gateway 172.19.0.1
set groups IPVPN-SITE2 services ipsec-vpn rule SITE2-RULE term 1 then dynamic ike-policy IPVPN-IKE-POLICY
set groups IPVPN-SITE2 services ipsec-vpn rule SITE2-RULE term 1 then dynamic ipsec-policy IPVPN-IPSEC-POLICY
set groups IPVPN-SITE2 services ipsec-vpn rule SITE2-RULE match-direction input
set groups IPVPN-SITE2 services service-set SERVICESET-SITE2 next-hop-service inside-service-interface si-0/0/0.3
set groups IPVPN-SITE2 services service-set SERVICESET-SITE2 next-hop-service outside-service-interface si-0/0/0.4
set groups IPVPN-SITE2 services service-set SERVICESET-SITE2 ipsec-vpn-options local-gateway 172.16.0.1
set groups IPVPN-SITE2 services service-set SERVICESET-SITE2 ipsec-vpn-rules SITE2-RULE
set groups IPVPN-SITE2 interfaces si-0/0/0 unit 3 description "to remote internet site 2 via IPSec"
set groups IPVPN-SITE2 interfaces si-0/0/0 unit 3 family inet address 172.20.0.1/30
set groups IPVPN-SITE2 interfaces si-0/0/0 unit 3 service-domain inside
set groups IPVPN-SITE2 interfaces si-0/0/0 unit 4 description "to remote internet site 2 via IPSec"
set groups IPVPN-SITE2 interfaces si-0/0/0 unit 4 family inet
set groups IPVPN-SITE2 interfaces si-0/0/0 unit 4 service-domain outside
set groups IPVPN-SITE2 routing-instances IPVPN interface si-0/0/0.3
set groups IPVPN-SITE2 routing-instances IPVPN routing-options static route 10.10.3.0/30 next-hop si-0/0/0.3
set apply-groups IPVPN-PARAMEMTERS
set apply-groups IPVPN-SITE1
set apply-groups IPVPN-SITE2
set interfaces ge-0/0/0 unit 0 description "to internet"
set interfaces ge-0/0/0 unit 0 family inet address 172.16.0.1/30
set interfaces ge-0/0/1 unit 0 description "to ce"
set interfaces ge-0/0/1 unit 0 family inet address 10.10.1.1/30
set routing-options static route 0.0.0.0/0 next-hop 172.16.0.2
set routing-instances IPVPN instance-type vrf
set routing-instances IPVPN interface ge-0/0/1.0
set routing-instances IPVPN route-distinguisher 100:100
set routing-instances IPVPN vrf-target target:100:100
set routing-instances IPVPN vrf-table-label