From 9a3fa21c25a92e240845085c9498fe0ab678c313 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Thu, 6 May 2021 19:47:15 +0200 Subject: smoketest: configs: azure: convert from DOS to UNIX line endings --- smoketest/configs/bgp-azure-ipsec-gateway | 870 +++++++++++++++--------------- 1 file changed, 435 insertions(+), 435 deletions(-) (limited to 'smoketest/configs/bgp-azure-ipsec-gateway') diff --git a/smoketest/configs/bgp-azure-ipsec-gateway b/smoketest/configs/bgp-azure-ipsec-gateway index b3f5e9edc..0862531fd 100644 --- a/smoketest/configs/bgp-azure-ipsec-gateway +++ b/smoketest/configs/bgp-azure-ipsec-gateway @@ -1,435 +1,435 @@ -firewall { - all-ping enable - broadcast-ping disable - config-trap disable - ipv6-receive-redirects disable - ipv6-src-route disable - ip-src-route disable - log-martians disable - options { - interface vti31 { - adjust-mss 1350 - } - interface vti32 { - adjust-mss 1350 - } - interface vti41 { - adjust-mss 1350 - } - interface vti42 { - adjust-mss 1350 - } - interface vti51 { - adjust-mss 1350 - } - interface vti52 { - adjust-mss 1350 - } - } - receive-redirects disable - send-redirects enable - source-validation disable - syn-cookies enable - twa-hazards-protection disable -} -high-availability { - vrrp { - group DMZ-VLAN-3962 { - interface eth1 - preempt-delay 180 - priority 200 - virtual-address 192.168.34.36/27 - vrid 62 - } - } -} -interfaces { - ethernet eth0 { - address 192.0.2.189/27 - duplex auto - smp-affinity auto - speed auto - } - ethernet eth1 { - address 192.168.34.37/27 - duplex auto - smp-affinity auto - speed auto - } - loopback lo { - } - vti vti31 { - } - vti vti32 { - } - vti vti41 { - } - vti vti42 { - } - vti vti51 { - } - vti vti52 { - } -} -policy { - prefix-list AZURE-BGP-IPv4-in { - description "Prefixes received from Azure" - rule 100 { - action permit - le 32 - prefix 100.64.0.0/10 - } - } - prefix-list ONPREM-BGP-IPv4-out { - description "Prefixes allowed to be announced into Azure" - rule 100 { - action permit - prefix 10.0.0.0/8 - } - rule 200 { - action permit - prefix 172.16.0.0/12 - } - rule 300 { - action permit - prefix 192.168.0.0/16 - } - } -} -protocols { - bgp 65522 { - address-family { - ipv4-unicast { - network 10.0.0.0/8 { - } - network 172.16.0.0/12 { - } - network 192.168.0.0/16 { - } - } - } - neighbor 100.66.8.36 { - peer-group AZURE - remote-as 64517 - } - neighbor 100.66.8.37 { - peer-group AZURE - remote-as 64517 - } - neighbor 100.66.24.36 { - peer-group AZURE - remote-as 64513 - } - neighbor 100.66.24.37 { - peer-group AZURE - remote-as 64513 - } - neighbor 100.66.40.36 { - peer-group AZURE - remote-as 64515 - } - neighbor 100.66.40.37 { - peer-group AZURE - remote-as 64515 - } - neighbor 192.168.34.38 { - address-family { - ipv4-unicast { - nexthop-self - soft-reconfiguration { - inbound - } - } - } - capability { - dynamic - } - password VyOSR0xx123 - remote-as 65522 - update-source eth1 - } - peer-group AZURE { - address-family { - ipv4-unicast { - maximum-prefix 50 - prefix-list { - export ONPREM-BGP-IPv4-out - import AZURE-BGP-IPv4-in - } - } - } - ebgp-multihop 2 - update-source eth1 - } - timers { - holdtime 30 - keepalive 5 - } - } - static { - interface-route 100.66.8.36/32 { - next-hop-interface vti31 { - } - next-hop-interface vti32 { - } - } - interface-route 100.66.8.37/32 { - next-hop-interface vti31 { - } - next-hop-interface vti32 { - } - } - interface-route 100.66.24.36/32 { - next-hop-interface vti41 { - } - next-hop-interface vti42 { - } - } - interface-route 100.66.24.37/32 { - next-hop-interface vti41 { - } - next-hop-interface vti42 { - } - } - interface-route 100.66.40.36/32 { - next-hop-interface vti51 { - } - next-hop-interface vti52 { - } - } - interface-route 100.66.40.37/32 { - next-hop-interface vti51 { - } - next-hop-interface vti52 { - } - } - route 0.0.0.0/0 { - next-hop 192.168.34.33 { - } - } - route 51.105.0.0/16 { - next-hop 192.0.2.161 { - } - } - route 52.143.0.0/16 { - next-hop 192.0.2.161 { - } - } - route 195.137.175.0/24 { - next-hop 192.0.2.161 { - } - } - route 212.23.159.0/26 { - next-hop 192.0.2.161 { - } - } - } -} -service { - ssh { - disable-host-validation - port 22 - } -} -system { - config-management { - commit-revisions 100 - } - console { - device ttyS0 { - speed 115200 - } - } - domain-name vyos.net - flow-accounting { - interface eth1 - interface vti31 - interface vti32 - interface vti41 - interface vti42 - interface vti51 - interface vti52 - netflow { - server 10.0.1.1 { - port 2055 - } - source-ip 192.168.34.37 - version 10 - } - syslog-facility daemon - } - host-name azure-gw-01 - login { - radius-server 192.0.2.253 { - port 1812 - secret secret1234 - timeout 2 - } - radius-server 192.0.2.254 { - port 1812 - secret secret1234 - timeout 2 - } - radius-source-address 192.168.34.37 - user vyos { - authentication { - encrypted-password $6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0 - plaintext-password "" - } - } - } - name-server 192.0.2.254 - ntp { - server 192.0.2.254 { - } - } - syslog { - global { - archive { - file 10 - size 20480 - } - facility all { - level info - } - facility protocols { - level debug - } - } - host 10.0.9.188 { - facility all { - level info - protocol udp - } - } - } - time-zone Europe/Berlin -} -vpn { - ipsec { - esp-group ESP-AZURE { - compression disable - lifetime 27000 - mode tunnel - pfs disable - proposal 1 { - encryption aes256 - hash sha1 - } - } - ike-group IKE-AZURE { - close-action none - dead-peer-detection { - action restart - interval 2 - timeout 15 - } - ikev2-reauth no - key-exchange ikev2 - lifetime 27000 - proposal 1 { - dh-group 2 - encryption aes256 - hash sha1 - } - } - ipsec-interfaces { - interface eth0 - } - logging { - log-level 2 - log-modes ike - } - site-to-site { - peer 51.105.0.2 { - authentication { - mode pre-shared-secret - pre-shared-secret averysecretpsktowardsazure - } - connection-type respond - ike-group IKE-AZURE - ikev2-reauth inherit - local-address 192.0.2.189 - vti { - bind vti51 - esp-group ESP-AZURE - } - } - peer 51.105.0.3 { - authentication { - mode pre-shared-secret - pre-shared-secret averysecretpsktowardsazure - } - connection-type respond - ike-group IKE-AZURE - ikev2-reauth inherit - local-address 192.0.2.189 - vti { - bind vti52 - esp-group ESP-AZURE - } - } - peer 51.105.0.246 { - authentication { - mode pre-shared-secret - pre-shared-secret averysecretpsktowardsazure - } - connection-type respond - ike-group IKE-AZURE - ikev2-reauth inherit - local-address 192.0.2.189 - vti { - bind vti32 - esp-group ESP-AZURE - } - } - peer 51.105.0.247 { - authentication { - mode pre-shared-secret - pre-shared-secret averysecretpsktowardsazure - } - connection-type respond - ike-group IKE-AZURE - ikev2-reauth inherit - local-address 192.0.2.189 - vti { - bind vti31 - esp-group ESP-AZURE - } - } - peer 51.105.0.18 { - authentication { - mode pre-shared-secret - pre-shared-secret averysecretpsktowardsazure - } - connection-type respond - ike-group IKE-AZURE - ikev2-reauth inherit - local-address 192.0.2.189 - vti { - bind vti42 - esp-group ESP-AZURE - } - } - peer 51.105.0.19 { - authentication { - mode pre-shared-secret - pre-shared-secret averysecretpsktowardsazure - } - connection-type respond - ike-group IKE-AZURE - ikev2-reauth inherit - local-address 192.0.2.189 - vti { - bind vti41 - esp-group ESP-AZURE - } - } - } - } -} - - -/* Warning: Do not remove the following line. */ -/* === vyatta-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack-sync@1:conntrack@1:dhcp-relay@2:dhcp-server@5:dns-forwarding@1:firewall@5:ipsec@5:l2tp@1:mdns@1:nat@4:ntp@1:pptp@1:qos@1:quagga@6:snmp@1:ssh@1:system@9:vrrp@2:wanloadbalance@3:webgui@1:webproxy@1:webproxy@2:zone-policy@1" === */ -/* Release version: 1.2.5 */ +firewall { + all-ping enable + broadcast-ping disable + config-trap disable + ipv6-receive-redirects disable + ipv6-src-route disable + ip-src-route disable + log-martians disable + options { + interface vti31 { + adjust-mss 1350 + } + interface vti32 { + adjust-mss 1350 + } + interface vti41 { + adjust-mss 1350 + } + interface vti42 { + adjust-mss 1350 + } + interface vti51 { + adjust-mss 1350 + } + interface vti52 { + adjust-mss 1350 + } + } + receive-redirects disable + send-redirects enable + source-validation disable + syn-cookies enable + twa-hazards-protection disable +} +high-availability { + vrrp { + group DMZ-VLAN-3962 { + interface eth1 + preempt-delay 180 + priority 200 + virtual-address 192.168.34.36/27 + vrid 62 + } + } +} +interfaces { + ethernet eth0 { + address 192.0.2.189/27 + duplex auto + smp-affinity auto + speed auto + } + ethernet eth1 { + address 192.168.34.37/27 + duplex auto + smp-affinity auto + speed auto + } + loopback lo { + } + vti vti31 { + } + vti vti32 { + } + vti vti41 { + } + vti vti42 { + } + vti vti51 { + } + vti vti52 { + } +} +policy { + prefix-list AZURE-BGP-IPv4-in { + description "Prefixes received from Azure" + rule 100 { + action permit + le 32 + prefix 100.64.0.0/10 + } + } + prefix-list ONPREM-BGP-IPv4-out { + description "Prefixes allowed to be announced into Azure" + rule 100 { + action permit + prefix 10.0.0.0/8 + } + rule 200 { + action permit + prefix 172.16.0.0/12 + } + rule 300 { + action permit + prefix 192.168.0.0/16 + } + } +} +protocols { + bgp 65522 { + address-family { + ipv4-unicast { + network 10.0.0.0/8 { + } + network 172.16.0.0/12 { + } + network 192.168.0.0/16 { + } + } + } + neighbor 100.66.8.36 { + peer-group AZURE + remote-as 64517 + } + neighbor 100.66.8.37 { + peer-group AZURE + remote-as 64517 + } + neighbor 100.66.24.36 { + peer-group AZURE + remote-as 64513 + } + neighbor 100.66.24.37 { + peer-group AZURE + remote-as 64513 + } + neighbor 100.66.40.36 { + peer-group AZURE + remote-as 64515 + } + neighbor 100.66.40.37 { + peer-group AZURE + remote-as 64515 + } + neighbor 192.168.34.38 { + address-family { + ipv4-unicast { + nexthop-self + soft-reconfiguration { + inbound + } + } + } + capability { + dynamic + } + password VyOSR0xx123 + remote-as 65522 + update-source eth1 + } + peer-group AZURE { + address-family { + ipv4-unicast { + maximum-prefix 50 + prefix-list { + export ONPREM-BGP-IPv4-out + import AZURE-BGP-IPv4-in + } + } + } + ebgp-multihop 2 + update-source eth1 + } + timers { + holdtime 30 + keepalive 5 + } + } + static { + interface-route 100.66.8.36/32 { + next-hop-interface vti31 { + } + next-hop-interface vti32 { + } + } + interface-route 100.66.8.37/32 { + next-hop-interface vti31 { + } + next-hop-interface vti32 { + } + } + interface-route 100.66.24.36/32 { + next-hop-interface vti41 { + } + next-hop-interface vti42 { + } + } + interface-route 100.66.24.37/32 { + next-hop-interface vti41 { + } + next-hop-interface vti42 { + } + } + interface-route 100.66.40.36/32 { + next-hop-interface vti51 { + } + next-hop-interface vti52 { + } + } + interface-route 100.66.40.37/32 { + next-hop-interface vti51 { + } + next-hop-interface vti52 { + } + } + route 0.0.0.0/0 { + next-hop 192.168.34.33 { + } + } + route 51.105.0.0/16 { + next-hop 192.0.2.161 { + } + } + route 52.143.0.0/16 { + next-hop 192.0.2.161 { + } + } + route 195.137.175.0/24 { + next-hop 192.0.2.161 { + } + } + route 212.23.159.0/26 { + next-hop 192.0.2.161 { + } + } + } +} +service { + ssh { + disable-host-validation + port 22 + } +} +system { + config-management { + commit-revisions 100 + } + console { + device ttyS0 { + speed 115200 + } + } + domain-name vyos.net + flow-accounting { + interface eth1 + interface vti31 + interface vti32 + interface vti41 + interface vti42 + interface vti51 + interface vti52 + netflow { + server 10.0.1.1 { + port 2055 + } + source-ip 192.168.34.37 + version 10 + } + syslog-facility daemon + } + host-name azure-gw-01 + login { + radius-server 192.0.2.253 { + port 1812 + secret secret1234 + timeout 2 + } + radius-server 192.0.2.254 { + port 1812 + secret secret1234 + timeout 2 + } + radius-source-address 192.168.34.37 + user vyos { + authentication { + encrypted-password $6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0 + plaintext-password "" + } + } + } + name-server 192.0.2.254 + ntp { + server 192.0.2.254 { + } + } + syslog { + global { + archive { + file 10 + size 20480 + } + facility all { + level info + } + facility protocols { + level debug + } + } + host 10.0.9.188 { + facility all { + level info + protocol udp + } + } + } + time-zone Europe/Berlin +} +vpn { + ipsec { + esp-group ESP-AZURE { + compression disable + lifetime 27000 + mode tunnel + pfs disable + proposal 1 { + encryption aes256 + hash sha1 + } + } + ike-group IKE-AZURE { + close-action none + dead-peer-detection { + action restart + interval 2 + timeout 15 + } + ikev2-reauth no + key-exchange ikev2 + lifetime 27000 + proposal 1 { + dh-group 2 + encryption aes256 + hash sha1 + } + } + ipsec-interfaces { + interface eth0 + } + logging { + log-level 2 + log-modes ike + } + site-to-site { + peer 51.105.0.2 { + authentication { + mode pre-shared-secret + pre-shared-secret averysecretpsktowardsazure + } + connection-type respond + ike-group IKE-AZURE + ikev2-reauth inherit + local-address 192.0.2.189 + vti { + bind vti51 + esp-group ESP-AZURE + } + } + peer 51.105.0.3 { + authentication { + mode pre-shared-secret + pre-shared-secret averysecretpsktowardsazure + } + connection-type respond + ike-group IKE-AZURE + ikev2-reauth inherit + local-address 192.0.2.189 + vti { + bind vti52 + esp-group ESP-AZURE + } + } + peer 51.105.0.246 { + authentication { + mode pre-shared-secret + pre-shared-secret averysecretpsktowardsazure + } + connection-type respond + ike-group IKE-AZURE + ikev2-reauth inherit + local-address 192.0.2.189 + vti { + bind vti32 + esp-group ESP-AZURE + } + } + peer 51.105.0.247 { + authentication { + mode pre-shared-secret + pre-shared-secret averysecretpsktowardsazure + } + connection-type respond + ike-group IKE-AZURE + ikev2-reauth inherit + local-address 192.0.2.189 + vti { + bind vti31 + esp-group ESP-AZURE + } + } + peer 51.105.0.18 { + authentication { + mode pre-shared-secret + pre-shared-secret averysecretpsktowardsazure + } + connection-type respond + ike-group IKE-AZURE + ikev2-reauth inherit + local-address 192.0.2.189 + vti { + bind vti42 + esp-group ESP-AZURE + } + } + peer 51.105.0.19 { + authentication { + mode pre-shared-secret + pre-shared-secret averysecretpsktowardsazure + } + connection-type respond + ike-group IKE-AZURE + ikev2-reauth inherit + local-address 192.0.2.189 + vti { + bind vti41 + esp-group ESP-AZURE + } + } + } + } +} + + +/* Warning: Do not remove the following line. */ +/* === vyatta-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack-sync@1:conntrack@1:dhcp-relay@2:dhcp-server@5:dns-forwarding@1:firewall@5:ipsec@5:l2tp@1:mdns@1:nat@4:ntp@1:pptp@1:qos@1:quagga@6:snmp@1:ssh@1:system@9:vrrp@2:wanloadbalance@3:webgui@1:webproxy@1:webproxy@2:zone-policy@1" === */ +/* Release version: 1.2.5 */ -- cgit v1.2.3