diff options
| author | sofukong <130022807+sofukong@users.noreply.github.com> | 2023-11-03 11:36:41 +0800 | 
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-11-03 11:36:41 +0800 | 
| commit | 5634562722a5f96dd68f867a21e62b125f07776c (patch) | |
| tree | bd106385f496371dda3a6d0574ea8ff020008b2c /docs/configuration | |
| parent | 77e17d2ed52030af1c3d7b91d90a751ffa742ce0 (diff) | |
| parent | b9ecefbc811c4abd7baf5203458814e93de3d875 (diff) | |
| download | vyos-documentation-5634562722a5f96dd68f867a21e62b125f07776c.tar.gz vyos-documentation-5634562722a5f96dd68f867a21e62b125f07776c.zip | |
Merge branch 'vyos:equuleus' into equuleus
Diffstat (limited to 'docs/configuration')
| -rw-r--r-- | docs/configuration/vpn/site2site_ipsec.rst | 23 | 
1 files changed, 21 insertions, 2 deletions
| diff --git a/docs/configuration/vpn/site2site_ipsec.rst b/docs/configuration/vpn/site2site_ipsec.rst index 879f8dfa..53109243 100644 --- a/docs/configuration/vpn/site2site_ipsec.rst +++ b/docs/configuration/vpn/site2site_ipsec.rst @@ -272,15 +272,28 @@ Imagine the following topology     IPSec IKEv2 site2site VPN (source ./draw.io/vpn_s2s_ikev2.drawio) +**LEFT:** +* WAN interface on `eth0.201` +* `eth0.201` interface IP: `172.18.201.10/24` +* `vti10` interface IP: `10.0.0.2/31` +* `dum0` interface IP: `10.0.11.1/24` (for testing purposes) + +**RIGHT:** +* WAN interface on `eth0.202` +* `eth0.201` interface IP: `172.18.202.10/24` +* `vti10` interface IP: `10.0.0.3/31` +* `dum0` interface IP: `10.0.12.1/24` (for testing purposes)  .. note:: Don't get confused about the used /31 tunnel subnet. :rfc:`3021`     gives you additional information for using /31 subnets on point-to-point     links. -**left** +**LEFT**  .. code-block:: none +  set interfaces ethernet eth0 vif 201 address '172.18.201.10/24' +  set interfaces dummy dum0 address '10.0.11.1/24'    set interfaces vti vti10 address '10.0.0.2/31'    set vpn ipsec esp-group ESP_DEFAULT compression 'disable' @@ -311,10 +324,14 @@ Imagine the following topology    set vpn ipsec site-to-site peer 172.18.202.10 vti bind 'vti10'    set vpn ipsec site-to-site peer 172.18.202.10 vti esp-group 'ESP_DEFAULT' -**right** +  set protocols static interface-route 10.0.12.0/24 next-hop-interface vti10 + +**RIGHT**  .. code-block:: none +  set interfaces ethernet eth0 vif 202 address '172.18.202.10/24' +  set interfaces dummy dum0 address '10.0.12.1/24'    set interfaces vti vti10 address '10.0.0.3/31'    set vpn ipsec esp-group ESP_DEFAULT compression 'disable' @@ -345,6 +362,8 @@ Imagine the following topology    set vpn ipsec site-to-site peer 172.18.201.10 vti bind 'vti10'    set vpn ipsec site-to-site peer 172.18.201.10 vti esp-group 'ESP_DEFAULT' +  set protocols static interface-route 10.0.11.0/24 next-hop-interface vti10 +  Key Parameters:  * ``authentication local-id/remote-id`` - IKE identification is used for | 
