Hello Marius
It really depends upon what you want to achieve. Now I’m assuming you are using an IPSec VTI since that’s what you wrote in the title of your post. If you only want to shut down the VPN, then you simply have to disconnect the spoke router, and the virtual access interface on the hub will disappear. That’s the wonderful thing about the IPSec VTI. Now if you want to get rid of all of the configurations for each spoke, then you have to take a look and see if you are using the same preshared keys for all or different ones for each spoke. If you have a different one for each spoke, you can simply remove the one that corresponds to the spokes you want to remove. If you’re using the same, there is no need to configure anything.
Take a look at this lesson which shows details of how to configure IPSec VTI:
I hope this has been helpful!
Laz