From 904bc5cbaeb2567d09b44bd5453b9db340a7d530 Mon Sep 17 00:00:00 2001 From: Eshenko Dmitriy Date: Mon, 30 Nov 2020 17:23:13 +0300 Subject: Change IPSec ESP mode from tunnel to transport to fix issue when Spokes behind a NAT --- docs/vpn/dmvpn.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'docs/vpn/dmvpn.rst') diff --git a/docs/vpn/dmvpn.rst b/docs/vpn/dmvpn.rst index 5100b92f..662165a9 100644 --- a/docs/vpn/dmvpn.rst +++ b/docs/vpn/dmvpn.rst @@ -199,7 +199,7 @@ Hub set vpn ipsec esp-group ESP-HUB compression 'disable' set vpn ipsec esp-group ESP-HUB lifetime '1800' - set vpn ipsec esp-group ESP-HUB mode 'tunnel' + set vpn ipsec esp-group ESP-HUB mode 'transport' set vpn ipsec esp-group ESP-HUB pfs 'dh-group2' set vpn ipsec esp-group ESP-HUB proposal 1 encryption 'aes256' set vpn ipsec esp-group ESP-HUB proposal 1 hash 'sha1' @@ -307,7 +307,7 @@ VyOS can also run in DMVPN spoke mode. set vpn ipsec esp-group ESP-HUB compression 'disable' set vpn ipsec esp-group ESP-HUB lifetime '1800' - set vpn ipsec esp-group ESP-HUB mode 'tunnel' + set vpn ipsec esp-group ESP-HUB mode 'transport' set vpn ipsec esp-group ESP-HUB pfs 'dh-group2' set vpn ipsec esp-group ESP-HUB proposal 1 encryption 'aes256' set vpn ipsec esp-group ESP-HUB proposal 1 hash 'sha1' -- cgit v1.2.3