Page Menu
Home
VyOS Platform
Search
Configure Global Search
Log In
Files
F2019354
vpn.txt
All Users
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Authored By
Viacheslav
Oct 29 2021, 3:09 PM
2021-10-29 15:09:10 (UTC+0)
Size
4 KB
Referenced Files
None
Subscribers
None
vpn.txt
View Options
set interfaces ethernet eth0 address '192.168.122.14/24'
set interfaces ethernet eth0 description 'Wan'
set interfaces ethernet eth1 address '100.64.0.2/30'
set interfaces ethernet eth1 address '192.0.2.1/30'
set interfaces ethernet eth1 description 'Lan'
set interfaces vti vti1 address '10.0.102.2/30'
set interfaces vti vti1 description 'Tunnel to 100.64.0.1'
set protocols static route 0.0.0.0/0 next-hop 192.168.122.1
set vpn ipsec esp-group ESP-GRP compression 'disable'
set vpn ipsec esp-group ESP-GRP lifetime '1800'
set vpn ipsec esp-group ESP-GRP mode 'tunnel'
set vpn ipsec esp-group ESP-GRP pfs 'enable'
set vpn ipsec esp-group ESP-GRP proposal 1 encryption 'aes256'
set vpn ipsec esp-group ESP-GRP proposal 1 hash 'sha1'
set vpn ipsec esp-group group-ESP compression 'disable'
set vpn ipsec esp-group group-ESP lifetime '3600'
set vpn ipsec esp-group group-ESP mode 'tunnel'
set vpn ipsec esp-group group-ESP pfs 'dh-group19'
set vpn ipsec esp-group group-ESP proposal 10 encryption 'aes256gcm128'
set vpn ipsec esp-group group-ESP proposal 10 hash 'sha256'
set vpn ipsec ike-group IKE-GRP close-action 'none'
set vpn ipsec ike-group IKE-GRP ikev2-reauth 'no'
set vpn ipsec ike-group IKE-GRP key-exchange 'ikev1'
set vpn ipsec ike-group IKE-GRP lifetime '3600'
set vpn ipsec ike-group IKE-GRP proposal 1 dh-group '2'
set vpn ipsec ike-group IKE-GRP proposal 1 encryption 'aes256'
set vpn ipsec ike-group IKE-GRP proposal 1 hash 'sha1'
set vpn ipsec ike-group group-IKE close-action 'none'
set vpn ipsec ike-group group-IKE dead-peer-detection action 'hold'
set vpn ipsec ike-group group-IKE dead-peer-detection interval '30'
set vpn ipsec ike-group group-IKE dead-peer-detection timeout '120'
set vpn ipsec ike-group group-IKE ikev2-reauth 'no'
set vpn ipsec ike-group group-IKE key-exchange 'ikev2'
set vpn ipsec ike-group group-IKE lifetime '28000'
set vpn ipsec ike-group group-IKE mobike 'disable'
set vpn ipsec ike-group group-IKE proposal 10 dh-group '19'
set vpn ipsec ike-group group-IKE proposal 10 encryption 'aes256gcm128'
set vpn ipsec ike-group group-IKE proposal 10 hash 'sha256'
set vpn ipsec ipsec-interfaces interface 'eth1'
set vpn ipsec site-to-site peer 100.64.0.1 authentication id '100.64.0.2'
set vpn ipsec site-to-site peer 100.64.0.1 authentication mode 'pre-shared-secret'
set vpn ipsec site-to-site peer 100.64.0.1 authentication pre-shared-secret 'SSSecccRetT'
set vpn ipsec site-to-site peer 100.64.0.1 authentication remote-id '100.64.0.1'
set vpn ipsec site-to-site peer 100.64.0.1 connection-type 'respond'
set vpn ipsec site-to-site peer 100.64.0.1 ike-group 'group-IKE'
set vpn ipsec site-to-site peer 100.64.0.1 ikev2-reauth 'inherit'
set vpn ipsec site-to-site peer 100.64.0.1 local-address '100.64.0.2'
set vpn ipsec site-to-site peer 100.64.0.1 vti bind 'vti1'
set vpn ipsec site-to-site peer 100.64.0.1 vti esp-group 'group-ESP'
set vpn ipsec site-to-site peer 192.0.2.2 authentication mode 'pre-shared-secret'
set vpn ipsec site-to-site peer 192.0.2.2 authentication pre-shared-secret 'SeCrEt'
set vpn ipsec site-to-site peer 192.0.2.2 connection-type 'initiate'
set vpn ipsec site-to-site peer 192.0.2.2 ike-group 'IKE-GRP'
set vpn ipsec site-to-site peer 192.0.2.2 ikev2-reauth 'inherit'
set vpn ipsec site-to-site peer 192.0.2.2 local-address '192.0.2.1'
set vpn ipsec site-to-site peer 192.0.2.2 tunnel 1 allow-nat-networks 'disable'
set vpn ipsec site-to-site peer 192.0.2.2 tunnel 1 allow-public-networks 'disable'
set vpn ipsec site-to-site peer 192.0.2.2 tunnel 1 esp-group 'ESP-GRP'
set vpn ipsec site-to-site peer 192.0.2.2 tunnel 1 local prefix '10.1.1.0/24'
set vpn ipsec site-to-site peer 192.0.2.2 tunnel 1 remote prefix '10.2.1.0/24'
set vpn ipsec site-to-site peer 192.0.2.2 tunnel 2 allow-nat-networks 'disable'
set vpn ipsec site-to-site peer 192.0.2.2 tunnel 2 allow-public-networks 'disable'
set vpn ipsec site-to-site peer 192.0.2.2 tunnel 2 esp-group 'ESP-GRP'
set vpn ipsec site-to-site peer 192.0.2.2 tunnel 2 local prefix '10.1.2.0/24'
set vpn ipsec site-to-site peer 192.0.2.2 tunnel 2 remote prefix '10.2.2.0/24'
set vpn ipsec site-to-site peer 192.0.2.2 tunnel 3 allow-nat-networks 'disable'
set vpn ipsec site-to-site peer 192.0.2.2 tunnel 3 allow-public-networks 'disable'
set vpn ipsec site-to-site peer 192.0.2.2 tunnel 3 esp-group 'ESP-GRP'
set vpn ipsec site-to-site peer 192.0.2.2 tunnel 3 local prefix '10.1.3.0/24'
set vpn ipsec site-to-site peer 192.0.2.2 tunnel 3 remote prefix '10.2.3.0/24'
File Metadata
Details
Attached
Mime Type
text/plain
Storage Engine
local-disk
Storage Format
Raw Data
Storage Handle
39/73/3d25373ae370dba6ad38da2efd3d
Default Alt Text
vpn.txt (4 KB)
Attached To
Mode
T3953: IPSec with vti interfaces by default add default route to table 220
Attached
Detach File
Event Timeline
Log In to Comment