interfaces { ethernet eth0 { address 192.168.0.1/24 address fe88::1/56 duplex auto smp-affinity auto speed auto } ethernet eth1 { duplex auto smp-affinity auto speed auto } ethernet eth2 { duplex auto smp-affinity auto speed auto vif 100 { address 100.100.0.1/24 } vif-s 200 { address 100.64.200.254/24 vif-c 201 { address 100.64.201.254/24 address fe89::1/56 } vif-c 202 { address 100.64.202.254/24 } } } loopback lo { } } load-balancing { reverse-proxy { backend bk-01 { balance "round-robin" mode "tcp" server srv01 { address "192.0.2.11" port "8881" } server srv02 { address "192.0.2.12" port "8882" } } service my-tcp-api { backend "bk-01" mode "tcp" port "8888" } } } protocols { static { arp 192.168.0.20 { hwaddr 00:50:00:00:00:20 } arp 192.168.0.30 { hwaddr 00:50:00:00:00:30 } arp 192.168.0.40 { hwaddr 00:50:00:00:00:40 } arp 100.100.0.2 { hwaddr 00:50:00:00:02:02 } arp 100.100.0.3 { hwaddr 00:50:00:00:02:03 } arp 100.100.0.4 { hwaddr 00:50:00:00:02:04 } arp 100.64.200.1 { hwaddr 00:50:00:00:00:01 } arp 100.64.200.2 { hwaddr 00:50:00:00:00:02 } arp 100.64.201.10 { hwaddr 00:50:00:00:00:10 } arp 100.64.201.20 { hwaddr 00:50:00:00:00:20 } arp 100.64.202.30 { hwaddr 00:50:00:00:00:30 } arp 100.64.202.40 { hwaddr 00:50:00:00:00:40 } route 0.0.0.0/0 { next-hop 100.64.0.1 { } } } } service { dhcp-server { shared-network-name LAN { authoritative subnet 192.168.0.0/24 { default-router 192.168.0.1 dns-server 192.168.0.1 domain-name vyos.net domain-search vyos.net range LANDynamic { start 192.168.0.30 stop 192.168.0.240 } static-mapping TEST1-1 { ip-address 192.168.0.11 mac-address 00:01:02:03:04:05 } static-mapping TEST1-2 { ip-address 192.168.0.12 mac-address 00:01:02:03:04:05 } static-mapping TEST2-1 { ip-address 192.168.0.21 mac-address 00:01:02:03:04:21 } static-mapping TEST2-2 { ip-address 192.168.0.21 mac-address 00:01:02:03:04:22 } } } } dhcpv6-server { shared-network-name LAN6 { subnet fe88::/56 { address-range { prefix fe88::/60 { temporary } start fe88:0000:0000:fe:: { stop fe88:0000:0000:ff:: } } domain-search vyos.net name-server fe88::1 prefix-delegation { start fe88:0000:0000:0001:: { prefix-length 64 stop fe88:0000:0000:0010:: } } } subnet fe89::/56 { address-range { prefix fe89::/60 { temporary } start fe89:0000:0000:fe:: { stop fe89:0000:0000:ff:: } } domain-search vyos.net name-server fe89::1 prefix-delegation { start fe89:0000:0000:0001:: { prefix-length 64 stop fe89:0000:0000:0010:: } } } } } dns { forwarding { allow-from 192.168.0.0/16 cache-size 10000 dnssec off listen-address 192.168.0.1 } } ssh { ciphers aes128-ctr,aes192-ctr,aes256-ctr ciphers chacha20-poly1305@openssh.com,rijndael-cbc@lysator.liu.se listen-address 192.168.0.1 key-exchange curve25519-sha256@libssh.org key-exchange diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256 port 22 } } system { config-management { commit-revisions 100 } console { device ttyS0 { speed 115200 } } conntrack { ignore { rule 1 { destination { address 192.0.2.2 } source { address 192.0.2.1 } } } } host-name vyos login { user vyos { authentication { encrypted-password $6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0 plaintext-password "" } } } name-server 192.168.0.1 syslog { console { facility all { level emerg } facility mail { level info } } global { facility all { level info } facility protocols { level debug } facility security { level info } preserve-fqdn } host syslog.vyos.net { facility local7 { level notice } facility protocols { level alert } facility security { level warning } format { octet-counted } port 8000 } } time-zone Europe/Berlin } /* Warning: Do not remove the following line. */ /* === vyatta-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack-sync@1:conntrack@1:dhcp-relay@2:dhcp-server@5:dns-forwarding@1:firewall@5:ipsec@5:l2tp@1:mdns@1:nat@4:ntp@1:pptp@1:qos@1:quagga@6:snmp@1:ssh@1:system@9:vrrp@2:wanloadbalance@3:webgui@1:webproxy@1:webproxy@2:zone-policy@1" === */ /* Release version: 1.2.6 */