interfaces {
    ethernet eth0 {
        address 100.64.10.1/31
    }
    ethernet eth1 {
    }
    loopback lo {
    }
    tunnel tun0 {
        address 192.168.254.62/26
        encapsulation gre
        multicast enable
        parameters {
            ip {
                key 1
            }
        }
        source-address 100.64.10.1
    }
}
protocols {
    bgp 65000 {
        address-family {
            ipv4-unicast {
                network 172.20.0.0/16 {
                }
            }
        }
        neighbor 192.168.254.1 {
            peer-group DMVPN
            remote-as 65001
        }
        neighbor 192.168.254.2 {
            peer-group DMVPN
            remote-as 65002
        }
        neighbor 192.168.254.3 {
            peer-group DMVPN
            remote-as 65003
        }
        parameters {
            default {
                no-ipv4-unicast
            }
            log-neighbor-changes
        }
        peer-group DMVPN {
            address-family {
                ipv4-unicast {
                }
            }
        }
        timers {
            holdtime 30
            keepalive 10
        }
    }
    nhrp {
        tunnel tun0 {
            cisco-authentication secret
            holding-time 300
            multicast dynamic
            redirect
            shortcut
        }
    }
    static {
        route 0.0.0.0/0 {
            next-hop 100.64.10.0 {
            }
        }
        route 172.20.0.0/16 {
            blackhole {
                distance 200
            }
        }
    }
}
system {
    config-management {
        commit-revisions 100
    }
    conntrack {
        modules {
            ftp
            h323
            nfs
            pptp
            sip
            sqlnet
            tftp
        }
    }
    console {
        device ttyS0 {
            speed 115200
        }
    }
    host-name cpe-4
    login {
        user vyos {
            authentication {
                encrypted-password $6$r/Yw/07NXNY$/ZB.Rjf9jxEV.BYoDyLdH.kH14rU52pOBtrX.4S34qlPt77chflCHvpTCq9a6huLzwaMR50rEICzA5GoIRZlM0
                plaintext-password ""
            }
        }
    }
    name-server 1.1.1.1
    name-server 8.8.8.8
    name-server 9.9.9.9
    ntp {
        server time1.vyos.net {
        }
        server time2.vyos.net {
        }
        server time3.vyos.net {
        }
    }
    syslog {
        global {
            facility all {
                level info
            }
            facility protocols {
                level debug
            }
        }
    }
}
vpn {
    ipsec {
        esp-group ESP-DMVPN {
            compression disable
            lifetime 1800
            mode transport
            pfs dh-group2
            proposal 1 {
                encryption aes256
                hash sha1
            }
        }
        ike-group IKE-DMVPN {
            close-action none
            ikev2-reauth no
            key-exchange ikev1
            lifetime 3600
            proposal 1 {
                dh-group 2
                encryption aes256
                hash sha1
            }
        }
        ipsec-interfaces {
            interface eth0
        }
        profile NHRPVPN {
            authentication {
                mode pre-shared-secret
                pre-shared-secret VyOS-topsecret
            }
            bind {
                tunnel tun0
            }
            esp-group ESP-DMVPN
            ike-group IKE-DMVPN
        }
    }
}


// Warning: Do not remove the following line.
// vyos-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack@3:conntrack-sync@2:dhcp-relay@2:dhcp-server@6:dhcpv6-server@1:dns-forwarding@3:firewall@5:https@2:interfaces@22:ipoe-server@1:ipsec@5:isis@1:l2tp@3:lldp@1:mdns@1:nat@5:ntp@1:pppoe-server@5:pptp@2:qos@1:quagga@8:rpki@1:salt@1:snmp@2:ssh@2:sstp@3:system@21:vrrp@2:vyos-accel-ppp@2:wanloadbalance@3:webproxy@2:zone-policy@1"
// Release version: 1.3.0-epa3