summaryrefslogtreecommitdiff
path: root/docs/configuration/system/acceleration.rst
diff options
context:
space:
mode:
authorRobert Göhler <github@ghlr.de>2023-02-06 21:06:31 +0100
committerGitHub <noreply@github.com>2023-02-06 21:06:31 +0100
commita51949687e37de3b2f573788f8d20490b40d6c6a (patch)
tree041825aa22f05fe1cad3c38bb893ab62b4c7e4d5 /docs/configuration/system/acceleration.rst
parent05839481615d05396a193db82883a15c41e3cdf0 (diff)
parent8f61920f01d30e2a864dc6927b0038357e56bb05 (diff)
downloadvyos-documentation-a51949687e37de3b2f573788f8d20490b40d6c6a.tar.gz
vyos-documentation-a51949687e37de3b2f573788f8d20490b40d6c6a.zip
Merge pull request #946 from sever-sever/ipsec-auth-doc
Change IPsec authentication PSK and examples
Diffstat (limited to 'docs/configuration/system/acceleration.rst')
-rw-r--r--docs/configuration/system/acceleration.rst39
1 files changed, 25 insertions, 14 deletions
diff --git a/docs/configuration/system/acceleration.rst b/docs/configuration/system/acceleration.rst
index 62b85c71..63506d6d 100644
--- a/docs/configuration/system/acceleration.rst
+++ b/docs/configuration/system/acceleration.rst
@@ -63,39 +63,50 @@ Side A:
.. code-block::
+
set interfaces vti vti1 address '192.168.1.2/24'
+ set vpn ipsec authentication psk right id '10.10.10.2'
+ set vpn ipsec authentication psk right id '10.10.10.1'
+ set vpn ipsec authentication psk right secret 'Qwerty123'
set vpn ipsec esp-group MyESPGroup proposal 1 encryption 'aes256'
set vpn ipsec esp-group MyESPGroup proposal 1 hash 'sha256'
set vpn ipsec ike-group MyIKEGroup proposal 1 dh-group '14'
set vpn ipsec ike-group MyIKEGroup proposal 1 encryption 'aes256'
set vpn ipsec ike-group MyIKEGroup proposal 1 hash 'sha256'
set vpn ipsec interface 'eth0'
- set vpn ipsec site-to-site peer 10.10.10.1 authentication mode 'pre-shared-secret'
- set vpn ipsec site-to-site peer 10.10.10.1 authentication pre-shared-secret 'Qwerty123'
- set vpn ipsec site-to-site peer 10.10.10.1 connection-type 'initiate'
- set vpn ipsec site-to-site peer 10.10.10.1 default-esp-group 'MyESPGroup'
- set vpn ipsec site-to-site peer 10.10.10.1 ike-group 'MyIKEGroup'
- set vpn ipsec site-to-site peer 10.10.10.1 local-address '10.10.10.2'
- set vpn ipsec site-to-site peer 10.10.10.1 vti bind 'vti1'
+ set vpn ipsec site-to-site peer right authentication local-id '10.10.10.2'
+ set vpn ipsec site-to-site peer right authentication mode 'pre-shared-secret'
+ set vpn ipsec site-to-site peer right authentication remote-id '10.10.10.1'
+ set vpn ipsec site-to-site peer right connection-type 'initiate'
+ set vpn ipsec site-to-site peer right default-esp-group 'MyESPGroup'
+ set vpn ipsec site-to-site peer right ike-group 'MyIKEGroup'
+ set vpn ipsec site-to-site peer right local-address '10.10.10.2'
+ set vpn ipsec site-to-site peer right remote-address '10.10.10.1'
+ set vpn ipsec site-to-site peer right vti bind 'vti1'
Side B:
.. code-block::
set interfaces vti vti1 address '192.168.1.1/24'
+ set vpn ipsec authentication psk left id '10.10.10.2'
+ set vpn ipsec authentication psk left id '10.10.10.1'
+ set vpn ipsec authentication psk left secret 'Qwerty123'
set vpn ipsec esp-group MyESPGroup proposal 1 encryption 'aes256'
set vpn ipsec esp-group MyESPGroup proposal 1 hash 'sha256'
set vpn ipsec ike-group MyIKEGroup proposal 1 dh-group '14'
set vpn ipsec ike-group MyIKEGroup proposal 1 encryption 'aes256'
set vpn ipsec ike-group MyIKEGroup proposal 1 hash 'sha256'
set vpn ipsec interface 'eth0'
- set vpn ipsec site-to-site peer 10.10.10.2 authentication mode 'pre-shared-secret'
- set vpn ipsec site-to-site peer 10.10.10.2 authentication pre-shared-secret 'Qwerty123'
- set vpn ipsec site-to-site peer 10.10.10.2 connection-type 'initiate'
- set vpn ipsec site-to-site peer 10.10.10.2 default-esp-group 'MyESPGroup'
- set vpn ipsec site-to-site peer 10.10.10.2 ike-group 'MyIKEGroup'
- set vpn ipsec site-to-site peer 10.10.10.2 local-address '10.10.10.1'
- set vpn ipsec site-to-site peer 10.10.10.2 vti bind 'vti1'
+ set vpn ipsec site-to-site peer left authentication local-id '10.10.10.1'
+ set vpn ipsec site-to-site peer left authentication mode 'pre-shared-secret'
+ set vpn ipsec site-to-site peer left authentication remote-id '10.10.10.2'
+ set vpn ipsec site-to-site peer left connection-type 'initiate'
+ set vpn ipsec site-to-site peer left default-esp-group 'MyESPGroup'
+ set vpn ipsec site-to-site peer left ike-group 'MyIKEGroup'
+ set vpn ipsec site-to-site peer left local-address '10.10.10.1'
+ set vpn ipsec site-to-site peer left remote-address '10.10.10.2'
+ set vpn ipsec site-to-site peer left vti bind 'vti1'
a bandwidth test over the VPN got these results:
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-29 12:33:09 +0000