From f5a8a9cdfe52c331177c8bc7b8fb84fc08d4f60a Mon Sep 17 00:00:00 2001
From: sarthurdev <965089+sarthurdev@users.noreply.github.com>
Date: Tue, 29 Jun 2021 11:06:44 +0200
Subject: pki: ipsec: T3642: Migrate IPSec to use PKI configuration

---
 smoketest/configs/pki-ipsec | 95 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 95 insertions(+)
 create mode 100644 smoketest/configs/pki-ipsec

(limited to 'smoketest/configs')

diff --git a/smoketest/configs/pki-ipsec b/smoketest/configs/pki-ipsec
new file mode 100644
index 000000000..7708a3cdd
--- /dev/null
+++ b/smoketest/configs/pki-ipsec
@@ -0,0 +1,95 @@
+interfaces {
+    dummy dum0 {
+        address 172.20.0.1/30
+    }
+    ethernet eth0 {
+        address 192.168.150.1/24
+    }
+}
+system {
+    config-management {
+        commit-revisions 100
+    }
+    console {
+        device ttyS0 {
+            speed 115200
+        }
+    }
+    host-name vyos
+    login {
+        user vyos {
+            authentication {
+                encrypted-password $6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/
+                plaintext-password ""
+            }
+        }
+    }
+    ntp {
+        server time1.vyos.net {
+        }
+        server time2.vyos.net {
+        }
+        server time3.vyos.net {
+        }
+    }
+    syslog {
+        global {
+            facility all {
+                level info
+            }
+            facility protocols {
+                level debug
+            }
+        }
+    }
+}
+vpn {
+    ipsec {
+        esp-group MyESPGroup {
+            proposal 1 {
+                encryption aes128
+                hash sha1
+            }
+        }
+        ike-group MyIKEGroup {
+            proposal 1 {
+                dh-group 2
+                encryption aes128
+                hash sha1
+            }
+        }
+        ipsec-interfaces {
+            interface eth0
+        }
+        site-to-site {
+            peer 192.168.150.2 {
+                authentication {
+                    mode x509
+                    x509 {
+                        ca-cert-file ovpn_test_ca.pem
+                        cert-file ovpn_test_server.pem
+                        key {
+                            file ovpn_test_server.key
+                        }
+                    }
+                }
+                default-esp-group MyESPGroup
+                ike-group MyIKEGroup
+                local-address 192.168.150.1
+                tunnel 0 {
+                    local {
+                        prefix 172.20.0.0/24
+                    }
+                    remote {
+                        prefix 172.21.0.0/24
+                    }
+                }
+            }
+        }
+    }
+}
+
+
+// Warning: Do not remove the following line.
+// vyos-config-version: "bgp@1:broadcast-relay@1:cluster@1:config-management@1:conntrack@2:conntrack-sync@2:dhcp-relay@2:dhcp-server@5:dhcpv6-server@1:dns-forwarding@3:firewall@5:https@2:interfaces@22:ipoe-server@1:ipsec@6:isis@1:l2tp@3:lldp@1:mdns@1:nat@5:nat66@1:ntp@1:policy@1:pppoe-server@5:pptp@2:qos@1:quagga@9:rpki@1:salt@1:snmp@2:ssh@2:sstp@3:system@21:vrf@2:vrrp@2:vyos-accel-ppp@2:wanloadbalance@3:webproxy@2:zone-policy@1"
+// Release version: 1.4-rolling-202106290839
-- 
cgit v1.2.3