diff options
| author | Robert Göhler <github@ghlr.de> | 2023-02-06 21:06:31 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-02-06 21:06:31 +0100 |
| commit | a51949687e37de3b2f573788f8d20490b40d6c6a (patch) | |
| tree | 041825aa22f05fe1cad3c38bb893ab62b4c7e4d5 /docs/configexamples | |
| parent | 05839481615d05396a193db82883a15c41e3cdf0 (diff) | |
| parent | 8f61920f01d30e2a864dc6927b0038357e56bb05 (diff) | |
| download | vyos-documentation-a51949687e37de3b2f573788f8d20490b40d6c6a.tar.gz vyos-documentation-a51949687e37de3b2f573788f8d20490b40d6c6a.zip | |
Merge pull request #946 from sever-sever/ipsec-auth-doc
Change IPsec authentication PSK and examples
Diffstat (limited to 'docs/configexamples')
| -rw-r--r-- | docs/configexamples/azure-vpn-bgp.rst | 7 | ||||
| -rw-r--r-- | docs/configexamples/azure-vpn-dual-bgp.rst | 51 |
2 files changed, 33 insertions, 25 deletions
diff --git a/docs/configexamples/azure-vpn-bgp.rst b/docs/configexamples/azure-vpn-bgp.rst index 6e715d79..fc6e1a04 100644 --- a/docs/configexamples/azure-vpn-bgp.rst +++ b/docs/configexamples/azure-vpn-bgp.rst @@ -100,15 +100,18 @@ Vyos configuration .. code-block:: none - set vpn ipsec site-to-site peer 203.0.113.2 authentication id '198.51.100.3' + set vpn ipsec authentication psk azure id '198.51.100.3' + set vpn ipsec authentication psk azure id '203.0.113.2' + set vpn ipsec authentication psk azure secret 'ch00s3-4-s3cur3-psk' + set vpn ipsec site-to-site peer azure authentication local-id '198.51.100.3' set vpn ipsec site-to-site peer 203.0.113.2 authentication mode 'pre-shared-secret' - set vpn ipsec site-to-site peer 203.0.113.2 authentication pre-shared-secret 'ch00s3-4-s3cur3-psk' set vpn ipsec site-to-site peer 203.0.113.2 authentication remote-id '203.0.113.2' set vpn ipsec site-to-site peer 203.0.113.2 connection-type 'respond' set vpn ipsec site-to-site peer 203.0.113.2 description 'AZURE PRIMARY TUNNEL' set vpn ipsec site-to-site peer 203.0.113.2 ike-group 'AZURE' set vpn ipsec site-to-site peer 203.0.113.2 ikev2-reauth 'inherit' set vpn ipsec site-to-site peer 203.0.113.2 local-address '10.10.0.5' + set vpn ipsec site-to-site peer azure remote-address '203.0.113.2' set vpn ipsec site-to-site peer 203.0.113.2 vti bind 'vti1' set vpn ipsec site-to-site peer 203.0.113.2 vti esp-group 'AZURE' diff --git a/docs/configexamples/azure-vpn-dual-bgp.rst b/docs/configexamples/azure-vpn-dual-bgp.rst index 2172e76d..7f4987bb 100644 --- a/docs/configexamples/azure-vpn-dual-bgp.rst +++ b/docs/configexamples/azure-vpn-dual-bgp.rst @@ -103,29 +103,34 @@ Vyos configuration .. code-block:: none - set vpn ipsec site-to-site peer 203.0.113.2 authentication id '198.51.100.3' - set vpn ipsec site-to-site peer 203.0.113.2 authentication mode 'pre-shared-secret' - set vpn ipsec site-to-site peer 203.0.113.2 authentication pre-shared-secret 'ch00s3-4-s3cur3-psk' - set vpn ipsec site-to-site peer 203.0.113.2 authentication remote-id '203.0.113.2' - set vpn ipsec site-to-site peer 203.0.113.2 connection-type 'respond' - set vpn ipsec site-to-site peer 203.0.113.2 description 'AZURE PRIMARY TUNNEL' - set vpn ipsec site-to-site peer 203.0.113.2 ike-group 'AZURE' - set vpn ipsec site-to-site peer 203.0.113.2 ikev2-reauth 'inherit' - set vpn ipsec site-to-site peer 203.0.113.2 local-address '10.10.0.5' - set vpn ipsec site-to-site peer 203.0.113.2 vti bind 'vti1' - set vpn ipsec site-to-site peer 203.0.113.2 vti esp-group 'AZURE' - - set vpn ipsec site-to-site peer 203.0.113.3 authentication id '198.51.100.3' - set vpn ipsec site-to-site peer 203.0.113.3 authentication mode 'pre-shared-secret' - set vpn ipsec site-to-site peer 203.0.113.3 authentication pre-shared-secret 'ch00s3-4-s3cur3-psk' - set vpn ipsec site-to-site peer 203.0.113.3 authentication remote-id '203.0.113.3' - set vpn ipsec site-to-site peer 203.0.113.3 connection-type 'respond' - set vpn ipsec site-to-site peer 203.0.113.3 description 'AZURE SECONDARY TUNNEL' - set vpn ipsec site-to-site peer 203.0.113.3 ike-group 'AZURE' - set vpn ipsec site-to-site peer 203.0.113.3 ikev2-reauth 'inherit' - set vpn ipsec site-to-site peer 203.0.113.3 local-address '10.10.0.5' - set vpn ipsec site-to-site peer 203.0.113.3 vti bind 'vti2' - set vpn ipsec site-to-site peer 203.0.113.3 vti esp-group 'AZURE' + set vpn ipsec authentication psk azure id '198.51.100.3' + set vpn ipsec authentication psk azure id '203.0.113.2' + set vpn ipsec authentication psk azure id '203.0.113.3' + set vpn ipsec authentication psk azure secret 'ch00s3-4-s3cur3-psk' + + set vpn ipsec site-to-site peer azure-primary authentication local-id '198.51.100.3' + set vpn ipsec site-to-site peer azure-primary authentication mode 'pre-shared-secret' + set vpn ipsec site-to-site peer azure-primary authentication remote-id '203.0.113.2' + set vpn ipsec site-to-site peer azure-primary connection-type 'respond' + set vpn ipsec site-to-site peer azure-primary description 'AZURE PRIMARY TUNNEL' + set vpn ipsec site-to-site peer azure-primary ike-group 'AZURE' + set vpn ipsec site-to-site peer azure-primary ikev2-reauth 'inherit' + set vpn ipsec site-to-site peer azure-primary local-address '10.10.0.5' + set vpn ipsec site-to-site peer azure-primary remote-address '203.0.113.2' + set vpn ipsec site-to-site peer azure-primary vti bind 'vti1' + set vpn ipsec site-to-site peer azure-primary vti esp-group 'AZURE' + + set vpn ipsec site-to-site peer azure-secondary authentication local-id '198.51.100.3' + set vpn ipsec site-to-site peer azure-secondary authentication mode 'pre-shared-secret' + set vpn ipsec site-to-site peer azure-secondary authentication remote-id '203.0.113.3' + set vpn ipsec site-to-site peer azure-secondary connection-type 'respond' + set vpn ipsec site-to-site peer azure-secondary description 'AZURE secondary TUNNEL' + set vpn ipsec site-to-site peer azure-secondary ike-group 'AZURE' + set vpn ipsec site-to-site peer azure-secondary ikev2-reauth 'inherit' + set vpn ipsec site-to-site peer azure-secondary local-address '10.10.0.5' + set vpn ipsec site-to-site peer azure-secondary remote-address '203.0.113.3' + set vpn ipsec site-to-site peer azure-secondary vti bind 'vti2' + set vpn ipsec site-to-site peer azure-secondary vti esp-group 'AZURE' - **Important**: Add an interface route to reach both Azure's BGP listeners |