diff options
| author | Christian Poessinger <christian@poessinger.com> | 2020-11-15 18:58:02 +0100 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2020-11-15 18:58:02 +0100 |
| commit | 2b7e8e29f58539bd89b79f7842c201002e871b33 (patch) | |
| tree | 2903ae65a1a3063b8bf936518096e0e03e891603 | |
| parent | a9d70999d1495c36fe596fceaa5beba3bbe63a61 (diff) | |
| download | vyos-documentation-2b7e8e29f58539bd89b79f7842c201002e871b33.tar.gz vyos-documentation-2b7e8e29f58539bd89b79f7842c201002e871b33.zip | |
dmvpn: blueprint: add spoke05 as VyOS device
| -rw-r--r-- | docs/_static/images/blueprint-dmvpn.png | bin | 41398 -> 26830 bytes | |||
| -rw-r--r-- | docs/appendix/examples/dmvpn.rst | 50 |
2 files changed, 50 insertions, 0 deletions
diff --git a/docs/_static/images/blueprint-dmvpn.png b/docs/_static/images/blueprint-dmvpn.png Binary files differindex 04b7bd6f..b07c190d 100644 --- a/docs/_static/images/blueprint-dmvpn.png +++ b/docs/_static/images/blueprint-dmvpn.png diff --git a/docs/appendix/examples/dmvpn.rst b/docs/appendix/examples/dmvpn.rst index df6a051a..05e7c73a 100644 --- a/docs/appendix/examples/dmvpn.rst +++ b/docs/appendix/examples/dmvpn.rst @@ -121,3 +121,53 @@ spoke01 interface FastEthernet0/0 ip address dhcp duplex half + + +spoke05 +------- + +VyOS can also run in DMVPN spoke mode. + +.. code-block:: none + + set interfaces ethernet eth0 address 'dhcp' + + set interfaces tunnel tun100 address '172.16.253.133/29' + set interfaces tunnel tun100 dhcp-interface 'eth0' + set interfaces tunnel tun100 encapsulation 'gre' + set interfaces tunnel tun100 multicast 'enable' + set interfaces tunnel tun100 parameters ip key '1' + + set protocols nhrp tunnel tun100 cisco-authentication 'secret' + set protocols nhrp tunnel tun100 holding-time '300' + set protocols nhrp tunnel tun100 map 172.16.253.134/29 nbma-address '92.0.2.1' + set protocols nhrp tunnel tun100 map 172.16.253.134/29 register + set protocols nhrp tunnel tun100 multicast 'dynamic' + + set vpn ipsec esp-group ESP-HUB compression 'disable' + set vpn ipsec esp-group ESP-HUB lifetime '1800' + set vpn ipsec esp-group ESP-HUB mode 'tunnel' + set vpn ipsec esp-group ESP-HUB pfs 'dh-group2' + set vpn ipsec esp-group ESP-HUB proposal 1 encryption 'aes256' + set vpn ipsec esp-group ESP-HUB proposal 1 hash 'sha1' + set vpn ipsec esp-group ESP-HUB proposal 2 encryption '3des' + set vpn ipsec esp-group ESP-HUB proposal 2 hash 'md5' + set vpn ipsec ike-group IKE-HUB close-action 'none' + set vpn ipsec ike-group IKE-HUB ikev2-reauth 'no' + set vpn ipsec ike-group IKE-HUB key-exchange 'ikev1' + set vpn ipsec ike-group IKE-HUB lifetime '3600' + set vpn ipsec ike-group IKE-HUB proposal 1 dh-group '2' + set vpn ipsec ike-group IKE-HUB proposal 1 encryption 'aes256' + set vpn ipsec ike-group IKE-HUB proposal 1 hash 'sha1' + set vpn ipsec ike-group IKE-HUB proposal 2 dh-group '2' + set vpn ipsec ike-group IKE-HUB proposal 2 encryption 'aes128' + set vpn ipsec ike-group IKE-HUB proposal 2 hash 'sha1' + + set vpn ipsec ipsec-interfaces interface 'eth0' + + set vpn ipsec profile NHRPVPN authentication mode 'pre-shared-secret' + set vpn ipsec profile NHRPVPN authentication pre-shared-secret 'secret' + set vpn ipsec profile NHRPVPN bind tunnel 'tun100' + set vpn ipsec profile NHRPVPN esp-group 'ESP-HUB' + set vpn ipsec profile NHRPVPN ike-group 'IKE-HUB' + |
