summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2021-10-31 14:01:42 +0100
committerChristian Poessinger <christian@poessinger.com>2021-10-31 14:02:03 +0100
commitf128d54665edf8f6bf834dd412a1b69210d985c4 (patch)
treefc6f1813f199736c7025ffb2b25e941d2e60b57b
parent60775392123a0253863ab7af5accd3b61285d84e (diff)
downloadvyos-1x-f128d54665edf8f6bf834dd412a1b69210d985c4.tar.gz
vyos-1x-f128d54665edf8f6bf834dd412a1b69210d985c4.zip
smoketest: config: add DMVPN hub and spoke examples
(cherry picked from commit 062422db04f5ec6fd0a769f0d71faf4efa2d377f)
-rw-r--r--smoketest/configs/bgp-dmvpn-hub174
-rw-r--r--smoketest/configs/bgp-dmvpn-spoke201
2 files changed, 375 insertions, 0 deletions
diff --git a/smoketest/configs/bgp-dmvpn-hub b/smoketest/configs/bgp-dmvpn-hub
new file mode 100644
index 000000000..fc5aadd8f
--- /dev/null
+++ b/smoketest/configs/bgp-dmvpn-hub
@@ -0,0 +1,174 @@
+interfaces {
+ ethernet eth0 {
+ address 100.64.10.1/31
+ }
+ ethernet eth1 {
+ }
+ loopback lo {
+ }
+ tunnel tun0 {
+ address 192.168.254.62/26
+ encapsulation gre
+ multicast enable
+ parameters {
+ ip {
+ key 1
+ }
+ }
+ source-address 100.64.10.1
+ }
+}
+protocols {
+ bgp 65000 {
+ address-family {
+ ipv4-unicast {
+ network 172.20.0.0/16 {
+ }
+ }
+ }
+ neighbor 192.168.254.1 {
+ peer-group DMVPN
+ remote-as 65001
+ }
+ neighbor 192.168.254.2 {
+ peer-group DMVPN
+ remote-as 65002
+ }
+ neighbor 192.168.254.3 {
+ peer-group DMVPN
+ remote-as 65003
+ }
+ parameters {
+ default {
+ no-ipv4-unicast
+ }
+ log-neighbor-changes
+ }
+ peer-group DMVPN {
+ address-family {
+ ipv4-unicast {
+ }
+ }
+ }
+ timers {
+ holdtime 30
+ keepalive 10
+ }
+ }
+ nhrp {
+ tunnel tun0 {
+ cisco-authentication secret
+ holding-time 300
+ multicast dynamic
+ redirect
+ shortcut
+ }
+ }
+ static {
+ route 0.0.0.0/0 {
+ next-hop 100.64.10.0 {
+ }
+ }
+ route 172.20.0.0/16 {
+ blackhole {
+ distance 200
+ }
+ }
+ }
+}
+system {
+ config-management {
+ commit-revisions 100
+ }
+ conntrack {
+ modules {
+ ftp
+ h323
+ nfs
+ pptp
+ sip
+ sqlnet
+ tftp
+ }
+ }
+ console {
+ device ttyS0 {
+ speed 115200
+ }
+ }
+ host-name cpe-4
+ login {
+ user vyos {
+ authentication {
+ encrypted-password $6$r/Yw/07NXNY$/ZB.Rjf9jxEV.BYoDyLdH.kH14rU52pOBtrX.4S34qlPt77chflCHvpTCq9a6huLzwaMR50rEICzA5GoIRZlM0
+ plaintext-password ""
+ }
+ }
+ }
+ name-server 1.1.1.1
+ name-server 8.8.8.8
+ name-server 9.9.9.9
+ ntp {
+ server time1.vyos.net {
+ }
+ server time2.vyos.net {
+ }
+ server time3.vyos.net {
+ }
+ }
+ syslog {
+ global {
+ facility all {
+ level info
+ }
+ facility protocols {
+ level debug
+ }
+ }
+ }
+}
+vpn {
+ ipsec {
+ esp-group ESP-DMVPN {
+ compression disable
+ lifetime 1800
+ mode transport
+ pfs dh-group2
+ proposal 1 {
+ encryption aes256
+ hash sha1
+ }
+ }
+ ike-group IKE-DMVPN {
+ close-action none
+ ikev2-reauth no
+ key-exchange ikev1
+ lifetime 3600
+ proposal 1 {
+ dh-group 2
+ encryption aes256
+ hash sha1
+ }
+ }
+ ipsec-interfaces {
+ interface eth0
+ }
+ profile NHRPVPN {
+ authentication {
+ mode pre-shared-secret
+ pre-shared-secret VyOS-topsecret
+ }
+ bind {
+ tunnel tun0
+ }
+ esp-group ESP-DMVPN
+ ike-group IKE-DMVPN
+ }
+ }
+}
+
+
+// Warning: Do not remove the following line.
+// vyos-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack@3:conntrack-sync@2:dhcp-relay@2:dhcp-server@6:dhcpv6-server@1:dns-forwarding@3:firewall@5:https@2:interfaces@22:ipoe-server@1:ipsec@5:isis@1:l2tp@3:lldp@1:mdns@1:nat@5:ntp@1:pppoe-server@5:pptp@2:qos@1:quagga@8:rpki@1:salt@1:snmp@2:ssh@2:sstp@3:system@21:vrrp@2:vyos-accel-ppp@2:wanloadbalance@3:webproxy@2:zone-policy@1"
+// Release version: 1.3.0-epa3
+
diff --git a/smoketest/configs/bgp-dmvpn-spoke b/smoketest/configs/bgp-dmvpn-spoke
new file mode 100644
index 000000000..3d7503a9b
--- /dev/null
+++ b/smoketest/configs/bgp-dmvpn-spoke
@@ -0,0 +1,201 @@
+interfaces {
+ ethernet eth0 {
+ vif 7 {
+ description PPPoE-UPLINK
+ }
+ }
+ ethernet eth1 {
+ address 172.17.1.1/24
+ }
+ loopback lo {
+ }
+ pppoe pppoe1 {
+ authentication {
+ password cpe-1
+ user cpe-1
+ }
+ no-peer-dns
+ source-interface eth0.7
+ }
+ tunnel tun0 {
+ address 192.168.254.1/26
+ encapsulation gre
+ multicast enable
+ parameters {
+ ip {
+ key 1
+ }
+ }
+ source-address 0.0.0.0
+ }
+}
+nat {
+ source {
+ rule 10 {
+ log enable
+ outbound-interface pppoe1
+ source {
+ address 172.17.0.0/16
+ }
+ translation {
+ address masquerade
+ }
+ }
+ }
+}
+protocols {
+ bgp 65001 {
+ address-family {
+ ipv4-unicast {
+ network 172.17.0.0/16 {
+ }
+ }
+ }
+ neighbor 192.168.254.62 {
+ address-family {
+ ipv4-unicast {
+ }
+ }
+ remote-as 65000
+ }
+ parameters {
+ default {
+ no-ipv4-unicast
+ }
+ log-neighbor-changes
+ }
+ timers {
+ holdtime 30
+ keepalive 10
+ }
+ }
+ nhrp {
+ tunnel tun0 {
+ cisco-authentication secret
+ holding-time 300
+ map 192.168.254.62/26 {
+ nbma-address 100.64.10.1
+ register
+ }
+ multicast nhs
+ redirect
+ shortcut
+ }
+ }
+ static {
+ route 172.17.0.0/16 {
+ blackhole {
+ distance 200
+ }
+ }
+ }
+}
+service {
+ dhcp-server {
+ shared-network-name LAN-3 {
+ subnet 172.17.1.0/24 {
+ default-router 172.17.1.1
+ name-server 172.17.1.1
+ range 0 {
+ start 172.17.1.100
+ stop 172.17.1.200
+ }
+ }
+ }
+ }
+}
+system {
+ config-management {
+ commit-revisions 100
+ }
+ conntrack {
+ modules {
+ ftp
+ h323
+ nfs
+ pptp
+ sip
+ sqlnet
+ tftp
+ }
+ }
+ console {
+ device ttyS0 {
+ speed 115200
+ }
+ }
+ host-name cpe-1
+ login {
+ user vyos {
+ authentication {
+ encrypted-password $6$r/Yw/07NXNY$/ZB.Rjf9jxEV.BYoDyLdH.kH14rU52pOBtrX.4S34qlPt77chflCHvpTCq9a6huLzwaMR50rEICzA5GoIRZlM0
+ plaintext-password ""
+ }
+ }
+ }
+ name-server 1.1.1.1
+ name-server 8.8.8.8
+ name-server 9.9.9.9
+ ntp {
+ server time1.vyos.net {
+ }
+ server time2.vyos.net {
+ }
+ server time3.vyos.net {
+ }
+ }
+ syslog {
+ global {
+ facility all {
+ level info
+ }
+ facility protocols {
+ level debug
+ }
+ }
+ }
+}
+vpn {
+ ipsec {
+ esp-group ESP-DMVPN {
+ compression disable
+ lifetime 1800
+ mode transport
+ pfs dh-group2
+ proposal 1 {
+ encryption aes256
+ hash sha1
+ }
+ }
+ ike-group IKE-DMVPN {
+ close-action none
+ ikev2-reauth no
+ key-exchange ikev1
+ lifetime 3600
+ proposal 1 {
+ dh-group 2
+ encryption aes256
+ hash sha1
+ }
+ }
+ ipsec-interfaces {
+ interface pppoe1
+ }
+ profile NHRPVPN {
+ authentication {
+ mode pre-shared-secret
+ pre-shared-secret VyOS-topsecret
+ }
+ bind {
+ tunnel tun0
+ }
+ esp-group ESP-DMVPN
+ ike-group IKE-DMVPN
+ }
+ }
+}
+
+
+// Warning: Do not remove the following line.
+// vyos-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack@3:conntrack-sync@2:dhcp-relay@2:dhcp-server@6:dhcpv6-server@1:dns-forwarding@3:firewall@5:https@2:interfaces@22:ipoe-server@1:ipsec@5:isis@1:l2tp@3:lldp@1:mdns@1:nat@5:ntp@1:pppoe-server@5:pptp@2:qos@1:quagga@8:rpki@1:salt@1:snmp@2:ssh@2:sstp@3:system@21:vrrp@2:vyos-accel-ppp@2:wanloadbalance@3:webproxy@2:zone-policy@1"
+// Release version: 1.3.0-epa3