From 8f61920f01d30e2a864dc6927b0038357e56bb05 Mon Sep 17 00:00:00 2001 From: Viacheslav Hletenko Date: Sun, 5 Feb 2023 12:22:36 +0000 Subject: Change IPsec authentication PSK and examples --- docs/configuration/nat/nat44.rst | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) (limited to 'docs/configuration/nat') diff --git a/docs/configuration/nat/nat44.rst b/docs/configuration/nat/nat44.rst index 62964fea..b2ba61af 100644 --- a/docs/configuration/nat/nat44.rst +++ b/docs/configuration/nat/nat44.rst @@ -697,17 +697,22 @@ too. .. code-block:: none - set vpn ipsec site-to-site peer 198.51.100.243 authentication mode 'pre-shared-secret' - set vpn ipsec site-to-site peer 198.51.100.243 authentication pre-shared-secret 'PASSWORD IS HERE' - set vpn ipsec site-to-site peer 198.51.100.243 connection-type 'initiate' - set vpn ipsec site-to-site peer 198.51.100.243 default-esp-group 'my-esp' - set vpn ipsec site-to-site peer 198.51.100.243 ike-group 'my-ike' - set vpn ipsec site-to-site peer 198.51.100.243 ikev2-reauth 'inherit' - set vpn ipsec site-to-site peer 198.51.100.243 local-address '203.0.113.46' - set vpn ipsec site-to-site peer 198.51.100.243 tunnel 0 local prefix '172.29.41.89/32' - set vpn ipsec site-to-site peer 198.51.100.243 tunnel 0 remote prefix '172.27.1.0/24' - set vpn ipsec site-to-site peer 198.51.100.243 tunnel 1 local prefix '172.29.41.89/32' - set vpn ipsec site-to-site peer 198.51.100.243 tunnel 1 remote prefix '10.125.0.0/16' + set vpn ipsec authentication psk vyos id '203.0.113.46' + set vpn ipsec authentication psk vyos id '198.51.100.243' + set vpn ipsec authentication psk vyos secret 'MYSECRETPASSWORD' + set vpn ipsec site-to-site peer branch authentication local-id '203.0.113.46' + set vpn ipsec site-to-site peer branch authentication mode 'pre-shared-secret' + set vpn ipsec site-to-site peer branch authentication remote-id '198.51.100.243' + set vpn ipsec site-to-site peer branch connection-type 'initiate' + set vpn ipsec site-to-site peer branch default-esp-group 'my-esp' + set vpn ipsec site-to-site peer branch ike-group 'my-ike' + set vpn ipsec site-to-site peer branch ikev2-reauth 'inherit' + set vpn ipsec site-to-site peer branch local-address '203.0.113.46' + set vpn ipsec site-to-site peer branch remote-address '198.51.100.243' + set vpn ipsec site-to-site peer branch tunnel 0 local prefix '172.29.41.89/32' + set vpn ipsec site-to-site peer branch tunnel 0 remote prefix '172.27.1.0/24' + set vpn ipsec site-to-site peer branch tunnel 1 local prefix '172.29.41.89/32' + set vpn ipsec site-to-site peer branch tunnel 1 remote prefix '10.125.0.0/16' Testing and Validation """""""""""""""""""""" -- cgit v1.2.3