From 8f61920f01d30e2a864dc6927b0038357e56bb05 Mon Sep 17 00:00:00 2001 From: Viacheslav Hletenko Date: Sun, 5 Feb 2023 12:22:36 +0000 Subject: Change IPsec authentication PSK and examples --- docs/configexamples/azure-vpn-bgp.rst | 7 ++-- docs/configexamples/azure-vpn-dual-bgp.rst | 51 ++++++++++++++++-------------- 2 files changed, 33 insertions(+), 25 deletions(-) (limited to 'docs/configexamples') diff --git a/docs/configexamples/azure-vpn-bgp.rst b/docs/configexamples/azure-vpn-bgp.rst index 6e715d79..fc6e1a04 100644 --- a/docs/configexamples/azure-vpn-bgp.rst +++ b/docs/configexamples/azure-vpn-bgp.rst @@ -100,15 +100,18 @@ Vyos configuration .. code-block:: none - set vpn ipsec site-to-site peer 203.0.113.2 authentication id '198.51.100.3' + set vpn ipsec authentication psk azure id '198.51.100.3' + set vpn ipsec authentication psk azure id '203.0.113.2' + set vpn ipsec authentication psk azure secret 'ch00s3-4-s3cur3-psk' + set vpn ipsec site-to-site peer azure authentication local-id '198.51.100.3' set vpn ipsec site-to-site peer 203.0.113.2 authentication mode 'pre-shared-secret' - set vpn ipsec site-to-site peer 203.0.113.2 authentication pre-shared-secret 'ch00s3-4-s3cur3-psk' set vpn ipsec site-to-site peer 203.0.113.2 authentication remote-id '203.0.113.2' set vpn ipsec site-to-site peer 203.0.113.2 connection-type 'respond' set vpn ipsec site-to-site peer 203.0.113.2 description 'AZURE PRIMARY TUNNEL' set vpn ipsec site-to-site peer 203.0.113.2 ike-group 'AZURE' set vpn ipsec site-to-site peer 203.0.113.2 ikev2-reauth 'inherit' set vpn ipsec site-to-site peer 203.0.113.2 local-address '10.10.0.5' + set vpn ipsec site-to-site peer azure remote-address '203.0.113.2' set vpn ipsec site-to-site peer 203.0.113.2 vti bind 'vti1' set vpn ipsec site-to-site peer 203.0.113.2 vti esp-group 'AZURE' diff --git a/docs/configexamples/azure-vpn-dual-bgp.rst b/docs/configexamples/azure-vpn-dual-bgp.rst index 2172e76d..7f4987bb 100644 --- a/docs/configexamples/azure-vpn-dual-bgp.rst +++ b/docs/configexamples/azure-vpn-dual-bgp.rst @@ -103,29 +103,34 @@ Vyos configuration .. code-block:: none - set vpn ipsec site-to-site peer 203.0.113.2 authentication id '198.51.100.3' - set vpn ipsec site-to-site peer 203.0.113.2 authentication mode 'pre-shared-secret' - set vpn ipsec site-to-site peer 203.0.113.2 authentication pre-shared-secret 'ch00s3-4-s3cur3-psk' - set vpn ipsec site-to-site peer 203.0.113.2 authentication remote-id '203.0.113.2' - set vpn ipsec site-to-site peer 203.0.113.2 connection-type 'respond' - set vpn ipsec site-to-site peer 203.0.113.2 description 'AZURE PRIMARY TUNNEL' - set vpn ipsec site-to-site peer 203.0.113.2 ike-group 'AZURE' - set vpn ipsec site-to-site peer 203.0.113.2 ikev2-reauth 'inherit' - set vpn ipsec site-to-site peer 203.0.113.2 local-address '10.10.0.5' - set vpn ipsec site-to-site peer 203.0.113.2 vti bind 'vti1' - set vpn ipsec site-to-site peer 203.0.113.2 vti esp-group 'AZURE' - - set vpn ipsec site-to-site peer 203.0.113.3 authentication id '198.51.100.3' - set vpn ipsec site-to-site peer 203.0.113.3 authentication mode 'pre-shared-secret' - set vpn ipsec site-to-site peer 203.0.113.3 authentication pre-shared-secret 'ch00s3-4-s3cur3-psk' - set vpn ipsec site-to-site peer 203.0.113.3 authentication remote-id '203.0.113.3' - set vpn ipsec site-to-site peer 203.0.113.3 connection-type 'respond' - set vpn ipsec site-to-site peer 203.0.113.3 description 'AZURE SECONDARY TUNNEL' - set vpn ipsec site-to-site peer 203.0.113.3 ike-group 'AZURE' - set vpn ipsec site-to-site peer 203.0.113.3 ikev2-reauth 'inherit' - set vpn ipsec site-to-site peer 203.0.113.3 local-address '10.10.0.5' - set vpn ipsec site-to-site peer 203.0.113.3 vti bind 'vti2' - set vpn ipsec site-to-site peer 203.0.113.3 vti esp-group 'AZURE' + set vpn ipsec authentication psk azure id '198.51.100.3' + set vpn ipsec authentication psk azure id '203.0.113.2' + set vpn ipsec authentication psk azure id '203.0.113.3' + set vpn ipsec authentication psk azure secret 'ch00s3-4-s3cur3-psk' + + set vpn ipsec site-to-site peer azure-primary authentication local-id '198.51.100.3' + set vpn ipsec site-to-site peer azure-primary authentication mode 'pre-shared-secret' + set vpn ipsec site-to-site peer azure-primary authentication remote-id '203.0.113.2' + set vpn ipsec site-to-site peer azure-primary connection-type 'respond' + set vpn ipsec site-to-site peer azure-primary description 'AZURE PRIMARY TUNNEL' + set vpn ipsec site-to-site peer azure-primary ike-group 'AZURE' + set vpn ipsec site-to-site peer azure-primary ikev2-reauth 'inherit' + set vpn ipsec site-to-site peer azure-primary local-address '10.10.0.5' + set vpn ipsec site-to-site peer azure-primary remote-address '203.0.113.2' + set vpn ipsec site-to-site peer azure-primary vti bind 'vti1' + set vpn ipsec site-to-site peer azure-primary vti esp-group 'AZURE' + + set vpn ipsec site-to-site peer azure-secondary authentication local-id '198.51.100.3' + set vpn ipsec site-to-site peer azure-secondary authentication mode 'pre-shared-secret' + set vpn ipsec site-to-site peer azure-secondary authentication remote-id '203.0.113.3' + set vpn ipsec site-to-site peer azure-secondary connection-type 'respond' + set vpn ipsec site-to-site peer azure-secondary description 'AZURE secondary TUNNEL' + set vpn ipsec site-to-site peer azure-secondary ike-group 'AZURE' + set vpn ipsec site-to-site peer azure-secondary ikev2-reauth 'inherit' + set vpn ipsec site-to-site peer azure-secondary local-address '10.10.0.5' + set vpn ipsec site-to-site peer azure-secondary remote-address '203.0.113.3' + set vpn ipsec site-to-site peer azure-secondary vti bind 'vti2' + set vpn ipsec site-to-site peer azure-secondary vti esp-group 'AZURE' - **Important**: Add an interface route to reach both Azure's BGP listeners -- cgit v1.2.3