summaryrefslogtreecommitdiff
path: root/smoketest/config-tests/bgp-azure-ipsec-gateway
diff options
context:
space:
mode:
Diffstat (limited to 'smoketest/config-tests/bgp-azure-ipsec-gateway')
-rw-r--r--smoketest/config-tests/bgp-azure-ipsec-gateway231
1 files changed, 231 insertions, 0 deletions
diff --git a/smoketest/config-tests/bgp-azure-ipsec-gateway b/smoketest/config-tests/bgp-azure-ipsec-gateway
new file mode 100644
index 000000000..bbd7b961f
--- /dev/null
+++ b/smoketest/config-tests/bgp-azure-ipsec-gateway
@@ -0,0 +1,231 @@
+set firewall global-options all-ping 'enable'
+set firewall global-options broadcast-ping 'disable'
+set firewall global-options ip-src-route 'disable'
+set firewall global-options ipv6-receive-redirects 'disable'
+set firewall global-options ipv6-src-route 'disable'
+set firewall global-options log-martians 'disable'
+set firewall global-options receive-redirects 'disable'
+set firewall global-options send-redirects 'enable'
+set firewall global-options source-validation 'disable'
+set firewall global-options syn-cookies 'enable'
+set firewall global-options twa-hazards-protection 'disable'
+set high-availability vrrp group DMZ-VLAN-3962 address 192.168.34.36/27
+set high-availability vrrp group DMZ-VLAN-3962 interface 'eth1'
+set high-availability vrrp group DMZ-VLAN-3962 preempt-delay '180'
+set high-availability vrrp group DMZ-VLAN-3962 priority '200'
+set high-availability vrrp group DMZ-VLAN-3962 vrid '62'
+set interfaces ethernet eth0 address '192.0.2.189/27'
+set interfaces ethernet eth0 duplex 'auto'
+set interfaces ethernet eth0 offload gro
+set interfaces ethernet eth0 speed 'auto'
+set interfaces ethernet eth1 address '192.168.34.37/27'
+set interfaces ethernet eth1 duplex 'auto'
+set interfaces ethernet eth1 offload gro
+set interfaces ethernet eth1 speed 'auto'
+set interfaces loopback lo
+set interfaces vti vti31 ip adjust-mss '1350'
+set interfaces vti vti32 ip adjust-mss '1350'
+set interfaces vti vti41 ip adjust-mss '1350'
+set interfaces vti vti42 ip adjust-mss '1350'
+set interfaces vti vti51 ip adjust-mss '1350'
+set interfaces vti vti52 ip adjust-mss '1350'
+set policy prefix-list AZURE-BGP-IPv4-in description 'Prefixes received from Azure'
+set policy prefix-list AZURE-BGP-IPv4-in rule 100 action 'permit'
+set policy prefix-list AZURE-BGP-IPv4-in rule 100 le '32'
+set policy prefix-list AZURE-BGP-IPv4-in rule 100 prefix '100.64.0.0/10'
+set policy prefix-list ONPREM-BGP-IPv4-out description 'Prefixes allowed to be announced into Azure'
+set policy prefix-list ONPREM-BGP-IPv4-out rule 100 action 'permit'
+set policy prefix-list ONPREM-BGP-IPv4-out rule 100 prefix '10.0.0.0/8'
+set policy prefix-list ONPREM-BGP-IPv4-out rule 200 action 'permit'
+set policy prefix-list ONPREM-BGP-IPv4-out rule 200 prefix '172.16.0.0/12'
+set policy prefix-list ONPREM-BGP-IPv4-out rule 300 action 'permit'
+set policy prefix-list ONPREM-BGP-IPv4-out rule 300 prefix '192.168.0.0/16'
+set protocols bgp address-family ipv4-unicast network 10.0.0.0/8
+set protocols bgp address-family ipv4-unicast network 172.16.0.0/12
+set protocols bgp address-family ipv4-unicast network 192.168.0.0/16
+set protocols bgp neighbor 100.66.8.36 peer-group 'AZURE'
+set protocols bgp neighbor 100.66.8.36 remote-as '64517'
+set protocols bgp neighbor 100.66.8.37 peer-group 'AZURE'
+set protocols bgp neighbor 100.66.8.37 remote-as '64517'
+set protocols bgp neighbor 100.66.24.36 peer-group 'AZURE'
+set protocols bgp neighbor 100.66.24.36 remote-as '64513'
+set protocols bgp neighbor 100.66.24.37 peer-group 'AZURE'
+set protocols bgp neighbor 100.66.24.37 remote-as '64513'
+set protocols bgp neighbor 100.66.40.36 peer-group 'AZURE'
+set protocols bgp neighbor 100.66.40.36 remote-as '64515'
+set protocols bgp neighbor 100.66.40.37 peer-group 'AZURE'
+set protocols bgp neighbor 100.66.40.37 remote-as '64515'
+set protocols bgp neighbor 192.168.34.38 address-family ipv4-unicast nexthop-self
+set protocols bgp neighbor 192.168.34.38 address-family ipv4-unicast soft-reconfiguration inbound
+set protocols bgp neighbor 192.168.34.38 capability dynamic
+set protocols bgp neighbor 192.168.34.38 password 'VyOSR0xx123'
+set protocols bgp neighbor 192.168.34.38 remote-as '65522'
+set protocols bgp neighbor 192.168.34.38 update-source 'eth1'
+set protocols bgp peer-group AZURE address-family ipv4-unicast maximum-prefix '50'
+set protocols bgp peer-group AZURE address-family ipv4-unicast prefix-list export 'ONPREM-BGP-IPv4-out'
+set protocols bgp peer-group AZURE address-family ipv4-unicast prefix-list import 'AZURE-BGP-IPv4-in'
+set protocols bgp peer-group AZURE ebgp-multihop '2'
+set protocols bgp peer-group AZURE update-source 'eth1'
+set protocols bgp system-as '65522'
+set protocols bgp timers holdtime '30'
+set protocols bgp timers keepalive '5'
+set protocols static route 0.0.0.0/0 next-hop 192.168.34.33
+set protocols static route 51.105.0.0/16 next-hop 192.0.2.161
+set protocols static route 52.143.0.0/16 next-hop 192.0.2.161
+set protocols static route 100.66.8.36/32 interface vti31
+set protocols static route 100.66.8.36/32 interface vti32
+set protocols static route 100.66.8.37/32 interface vti31
+set protocols static route 100.66.8.37/32 interface vti32
+set protocols static route 100.66.24.36/32 interface vti41
+set protocols static route 100.66.24.36/32 interface vti42
+set protocols static route 100.66.24.37/32 interface vti41
+set protocols static route 100.66.24.37/32 interface vti42
+set protocols static route 100.66.40.36/32 interface vti51
+set protocols static route 100.66.40.36/32 interface vti52
+set protocols static route 100.66.40.37/32 interface vti51
+set protocols static route 100.66.40.37/32 interface vti52
+set protocols static route 195.137.175.0/24 next-hop 192.0.2.161
+set protocols static route 212.23.159.0/26 next-hop 192.0.2.161
+set service ntp allow-client address '0.0.0.0/0'
+set service ntp allow-client address '::/0'
+set service ntp server 192.0.2.254
+set service snmp v3 engineid 'ff42'
+set service snmp v3 group default mode 'ro'
+set service snmp v3 group default seclevel 'priv'
+set service snmp v3 group default view 'default'
+set service snmp v3 user VyOS auth encrypted-password '1ad73f4620b8c0dd2de066622f875b161a14adad'
+set service snmp v3 user VyOS auth type 'sha'
+set service snmp v3 user VyOS group 'default'
+set service snmp v3 user VyOS privacy encrypted-password '1ad73f4620b8c0dd2de066622f875b16'
+set service snmp v3 user VyOS privacy type 'aes'
+set service snmp v3 view default oid 1
+set service ssh disable-host-validation
+set service ssh port '22'
+set system config-management commit-revisions '100'
+set system conntrack modules ftp
+set system conntrack modules h323
+set system conntrack modules nfs
+set system conntrack modules pptp
+set system conntrack modules sip
+set system conntrack modules sqlnet
+set system conntrack modules tftp
+set system console device ttyS0 speed '115200'
+set system domain-name 'vyos.net'
+set system flow-accounting interface 'eth1'
+set system flow-accounting interface 'vti31'
+set system flow-accounting interface 'vti32'
+set system flow-accounting interface 'vti41'
+set system flow-accounting interface 'vti42'
+set system flow-accounting interface 'vti51'
+set system flow-accounting interface 'vti52'
+set system flow-accounting netflow server 10.0.1.1 port '2055'
+set system flow-accounting netflow source-address '192.168.34.37'
+set system flow-accounting netflow version '10'
+set system flow-accounting syslog-facility 'daemon'
+set system host-name 'azure-gw-01'
+set system login radius server 192.0.2.253 key 'secret1234'
+set system login radius server 192.0.2.253 port '1812'
+set system login radius server 192.0.2.253 timeout '2'
+set system login radius server 192.0.2.254 key 'secret1234'
+set system login radius server 192.0.2.254 port '1812'
+set system login radius server 192.0.2.254 timeout '2'
+set system login radius source-address '192.168.34.37'
+set system login user vyos authentication encrypted-password '$6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0'
+set system login user vyos authentication plaintext-password ''
+set system logs logrotate messages max-size '20'
+set system logs logrotate messages rotate '10'
+set system name-server '192.0.2.254'
+set system syslog global facility all level 'info'
+set system syslog global facility local7 level 'debug'
+set system syslog host 10.0.9.188 facility all level 'info'
+set system syslog host 10.0.9.188 protocol 'udp'
+set system time-zone 'Europe/Berlin'
+set vpn ipsec authentication psk peer_51-105-0-1 id '51.105.0.1'
+set vpn ipsec authentication psk peer_51-105-0-1 id '192.0.2.189'
+set vpn ipsec authentication psk peer_51-105-0-1 secret 'averysecretpsktowardsazure'
+set vpn ipsec authentication psk peer_51-105-0-2 id '51.105.0.2'
+set vpn ipsec authentication psk peer_51-105-0-2 id '192.0.2.189'
+set vpn ipsec authentication psk peer_51-105-0-2 secret 'averysecretpsktowardsazure'
+set vpn ipsec authentication psk peer_51-105-0-3 id '51.105.0.3'
+set vpn ipsec authentication psk peer_51-105-0-3 id '192.0.2.189'
+set vpn ipsec authentication psk peer_51-105-0-3 secret 'averysecretpsktowardsazure'
+set vpn ipsec authentication psk peer_51-105-0-4 id '51.105.0.4'
+set vpn ipsec authentication psk peer_51-105-0-4 id '192.0.2.189'
+set vpn ipsec authentication psk peer_51-105-0-4 secret 'averysecretpsktowardsazure'
+set vpn ipsec authentication psk peer_51-105-0-5 id '51.105.0.5'
+set vpn ipsec authentication psk peer_51-105-0-5 id '192.0.2.189'
+set vpn ipsec authentication psk peer_51-105-0-5 secret 'averysecretpsktowardsazure'
+set vpn ipsec authentication psk peer_51-105-0-6 id '51.105.0.6'
+set vpn ipsec authentication psk peer_51-105-0-6 id '192.0.2.189'
+set vpn ipsec authentication psk peer_51-105-0-6 secret 'averysecretpsktowardsazure'
+set vpn ipsec esp-group ESP-AZURE lifetime '27000'
+set vpn ipsec esp-group ESP-AZURE mode 'tunnel'
+set vpn ipsec esp-group ESP-AZURE pfs 'disable'
+set vpn ipsec esp-group ESP-AZURE proposal 1 encryption 'aes256'
+set vpn ipsec esp-group ESP-AZURE proposal 1 hash 'sha1'
+set vpn ipsec ike-group IKE-AZURE close-action 'none'
+set vpn ipsec ike-group IKE-AZURE dead-peer-detection action 'restart'
+set vpn ipsec ike-group IKE-AZURE dead-peer-detection interval '2'
+set vpn ipsec ike-group IKE-AZURE dead-peer-detection timeout '15'
+set vpn ipsec ike-group IKE-AZURE key-exchange 'ikev2'
+set vpn ipsec ike-group IKE-AZURE lifetime '27000'
+set vpn ipsec ike-group IKE-AZURE proposal 1 dh-group '2'
+set vpn ipsec ike-group IKE-AZURE proposal 1 encryption 'aes256'
+set vpn ipsec ike-group IKE-AZURE proposal 1 hash 'sha1'
+set vpn ipsec interface 'eth0'
+set vpn ipsec log level '2'
+set vpn ipsec log subsystem 'ike'
+set vpn ipsec site-to-site peer peer_51-105-0-1 authentication mode 'pre-shared-secret'
+set vpn ipsec site-to-site peer peer_51-105-0-1 authentication remote-id '51.105.0.1'
+set vpn ipsec site-to-site peer peer_51-105-0-1 connection-type 'respond'
+set vpn ipsec site-to-site peer peer_51-105-0-1 default-esp-group 'ESP-AZURE'
+set vpn ipsec site-to-site peer peer_51-105-0-1 ike-group 'IKE-AZURE'
+set vpn ipsec site-to-site peer peer_51-105-0-1 ikev2-reauth 'inherit'
+set vpn ipsec site-to-site peer peer_51-105-0-1 local-address '192.0.2.189'
+set vpn ipsec site-to-site peer peer_51-105-0-1 remote-address '51.105.0.1'
+set vpn ipsec site-to-site peer peer_51-105-0-1 vti bind 'vti51'
+set vpn ipsec site-to-site peer peer_51-105-0-2 authentication mode 'pre-shared-secret'
+set vpn ipsec site-to-site peer peer_51-105-0-2 authentication remote-id '51.105.0.2'
+set vpn ipsec site-to-site peer peer_51-105-0-2 connection-type 'respond'
+set vpn ipsec site-to-site peer peer_51-105-0-2 default-esp-group 'ESP-AZURE'
+set vpn ipsec site-to-site peer peer_51-105-0-2 ike-group 'IKE-AZURE'
+set vpn ipsec site-to-site peer peer_51-105-0-2 ikev2-reauth 'inherit'
+set vpn ipsec site-to-site peer peer_51-105-0-2 local-address '192.0.2.189'
+set vpn ipsec site-to-site peer peer_51-105-0-2 remote-address '51.105.0.2'
+set vpn ipsec site-to-site peer peer_51-105-0-2 vti bind 'vti52'
+set vpn ipsec site-to-site peer peer_51-105-0-3 authentication mode 'pre-shared-secret'
+set vpn ipsec site-to-site peer peer_51-105-0-3 authentication remote-id '51.105.0.3'
+set vpn ipsec site-to-site peer peer_51-105-0-3 connection-type 'respond'
+set vpn ipsec site-to-site peer peer_51-105-0-3 ike-group 'IKE-AZURE'
+set vpn ipsec site-to-site peer peer_51-105-0-3 ikev2-reauth 'inherit'
+set vpn ipsec site-to-site peer peer_51-105-0-3 local-address '192.0.2.189'
+set vpn ipsec site-to-site peer peer_51-105-0-3 remote-address '51.105.0.3'
+set vpn ipsec site-to-site peer peer_51-105-0-3 vti bind 'vti32'
+set vpn ipsec site-to-site peer peer_51-105-0-3 vti esp-group 'ESP-AZURE'
+set vpn ipsec site-to-site peer peer_51-105-0-4 authentication mode 'pre-shared-secret'
+set vpn ipsec site-to-site peer peer_51-105-0-4 authentication remote-id '51.105.0.4'
+set vpn ipsec site-to-site peer peer_51-105-0-4 connection-type 'respond'
+set vpn ipsec site-to-site peer peer_51-105-0-4 ike-group 'IKE-AZURE'
+set vpn ipsec site-to-site peer peer_51-105-0-4 ikev2-reauth 'inherit'
+set vpn ipsec site-to-site peer peer_51-105-0-4 local-address '192.0.2.189'
+set vpn ipsec site-to-site peer peer_51-105-0-4 remote-address '51.105.0.4'
+set vpn ipsec site-to-site peer peer_51-105-0-4 vti bind 'vti31'
+set vpn ipsec site-to-site peer peer_51-105-0-4 vti esp-group 'ESP-AZURE'
+set vpn ipsec site-to-site peer peer_51-105-0-5 authentication mode 'pre-shared-secret'
+set vpn ipsec site-to-site peer peer_51-105-0-5 authentication remote-id '51.105.0.5'
+set vpn ipsec site-to-site peer peer_51-105-0-5 connection-type 'respond'
+set vpn ipsec site-to-site peer peer_51-105-0-5 ike-group 'IKE-AZURE'
+set vpn ipsec site-to-site peer peer_51-105-0-5 ikev2-reauth 'inherit'
+set vpn ipsec site-to-site peer peer_51-105-0-5 local-address '192.0.2.189'
+set vpn ipsec site-to-site peer peer_51-105-0-5 remote-address '51.105.0.5'
+set vpn ipsec site-to-site peer peer_51-105-0-5 vti bind 'vti42'
+set vpn ipsec site-to-site peer peer_51-105-0-5 vti esp-group 'ESP-AZURE'
+set vpn ipsec site-to-site peer peer_51-105-0-6 authentication mode 'pre-shared-secret'
+set vpn ipsec site-to-site peer peer_51-105-0-6 authentication remote-id '51.105.0.6'
+set vpn ipsec site-to-site peer peer_51-105-0-6 connection-type 'respond'
+set vpn ipsec site-to-site peer peer_51-105-0-6 ike-group 'IKE-AZURE'
+set vpn ipsec site-to-site peer peer_51-105-0-6 ikev2-reauth 'inherit'
+set vpn ipsec site-to-site peer peer_51-105-0-6 local-address '192.0.2.189'
+set vpn ipsec site-to-site peer peer_51-105-0-6 remote-address '51.105.0.6'
+set vpn ipsec site-to-site peer peer_51-105-0-6 vti bind 'vti41'
+set vpn ipsec site-to-site peer peer_51-105-0-6 vti esp-group 'ESP-AZURE'
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-05 07:49:19 +0000