interfaces {
    ethernet eth0 {
        vif 7 {
            description PPPoE-UPLINK
        }
    }
    ethernet eth1 {
        address 172.17.1.1/24
    }
    loopback lo {
    }
    pppoe pppoe1 {
        authentication {
            password cpe-1
            user cpe-1
        }
        no-peer-dns
        source-interface eth0.7
    }
    tunnel tun0 {
        address 192.168.254.1/26
        encapsulation gre
        multicast enable
        parameters {
            ip {
                key 1
            }
        }
        source-address 0.0.0.0
    }
}
nat {
    source {
        rule 10 {
            log enable
            outbound-interface pppoe1
            source {
                address 172.17.0.0/16
            }
            translation {
                address masquerade
            }
        }
    }
}
protocols {
    bgp 65001 {
        address-family {
            ipv4-unicast {
                network 172.17.0.0/16 {
                }
            }
        }
        neighbor 192.168.254.62 {
            address-family {
                ipv4-unicast {
                }
            }
            remote-as 65000
        }
        parameters {
            default {
                no-ipv4-unicast
            }
            log-neighbor-changes
        }
        timers {
            holdtime 30
            keepalive 10
        }
    }
    nhrp {
        tunnel tun0 {
            cisco-authentication secret
            holding-time 300
            map 192.168.254.62/26 {
                nbma-address 100.64.10.1
                register
            }
            multicast nhs
            redirect
            shortcut
        }
    }
    static {
        route 172.17.0.0/16 {
            blackhole {
                distance 200
            }
        }
    }
}
service {
    dhcp-server {
        shared-network-name LAN-3 {
            subnet 172.17.1.0/24 {
                default-router 172.17.1.1
                name-server 172.17.1.1
                range 0 {
                    start 172.17.1.100
                    stop 172.17.1.200
                }
            }
        }
    }
}
system {
    config-management {
        commit-revisions 100
    }
    conntrack {
        modules {
            ftp
            h323
            nfs
            pptp
            sip
            sqlnet
            tftp
        }
    }
    console {
        device ttyS0 {
            speed 115200
        }
    }
    host-name cpe-1
    login {
        user vyos {
            authentication {
                encrypted-password $6$r/Yw/07NXNY$/ZB.Rjf9jxEV.BYoDyLdH.kH14rU52pOBtrX.4S34qlPt77chflCHvpTCq9a6huLzwaMR50rEICzA5GoIRZlM0
                plaintext-password ""
            }
        }
    }
    name-server 1.1.1.1
    name-server 8.8.8.8
    name-server 9.9.9.9
    ntp {
        server time1.vyos.net {
        }
        server time2.vyos.net {
        }
        server time3.vyos.net {
        }
    }
    syslog {
        global {
            facility all {
                level info
            }
            facility protocols {
                level debug
            }
        }
    }
}
vpn {
    ipsec {
        esp-group ESP-DMVPN {
            compression disable
            lifetime 1800
            mode transport
            pfs dh-group2
            proposal 1 {
                encryption aes256
                hash sha1
            }
        }
        ike-group IKE-DMVPN {
            close-action none
            ikev2-reauth no
            key-exchange ikev1
            lifetime 3600
            proposal 1 {
                dh-group 2
                encryption aes256
                hash sha1
            }
        }
        ipsec-interfaces {
            interface pppoe1
        }
        profile NHRPVPN {
            authentication {
                mode pre-shared-secret
                pre-shared-secret VyOS-topsecret
            }
            bind {
                tunnel tun0
            }
            esp-group ESP-DMVPN
            ike-group IKE-DMVPN
        }
    }
}


// Warning: Do not remove the following line.
// vyos-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack@3:conntrack-sync@2:dhcp-relay@2:dhcp-server@6:dhcpv6-server@1:dns-forwarding@3:firewall@5:https@2:interfaces@22:ipoe-server@1:ipsec@5:isis@1:l2tp@3:lldp@1:mdns@1:nat@5:ntp@1:pppoe-server@5:pptp@2:qos@1:quagga@8:rpki@1:salt@1:snmp@2:ssh@2:sstp@3:system@21:vrrp@2:vyos-accel-ppp@2:wanloadbalance@3:webproxy@2:zone-policy@1"
// Release version: 1.3.0-epa3