interfaces { ethernet eth0 { vif 7 { description PPPoE-UPLINK } } ethernet eth1 { address 172.17.1.1/24 } loopback lo { } pppoe pppoe1 { authentication { password cpe-1 user cpe-1 } no-peer-dns source-interface eth0.7 } tunnel tun0 { address 192.168.254.1/26 encapsulation gre multicast enable parameters { ip { key 1 } } source-address 0.0.0.0 } } nat { source { rule 10 { log enable outbound-interface pppoe1 source { address 172.17.0.0/16 } translation { address masquerade } } } } protocols { bgp 65001 { address-family { ipv4-unicast { network 172.17.0.0/16 { } } } neighbor 192.168.254.62 { address-family { ipv4-unicast { } } remote-as 65000 } parameters { default { no-ipv4-unicast } log-neighbor-changes } timers { holdtime 30 keepalive 10 } } nhrp { tunnel tun0 { cisco-authentication secret holding-time 300 map 192.168.254.62/26 { nbma-address 100.64.10.1 register } multicast nhs redirect shortcut } } static { route 172.17.0.0/16 { blackhole { distance 200 } } } } service { dhcp-server { shared-network-name LAN-3 { subnet 172.17.1.0/24 { default-router 172.17.1.1 name-server 172.17.1.1 range 0 { start 172.17.1.100 stop 172.17.1.200 } } } } } system { config-management { commit-revisions 100 } conntrack { modules { ftp h323 nfs pptp sip sqlnet tftp } } console { device ttyS0 { speed 115200 } } host-name cpe-1 login { user vyos { authentication { encrypted-password $6$r/Yw/07NXNY$/ZB.Rjf9jxEV.BYoDyLdH.kH14rU52pOBtrX.4S34qlPt77chflCHvpTCq9a6huLzwaMR50rEICzA5GoIRZlM0 plaintext-password "" } } } name-server 1.1.1.1 name-server 8.8.8.8 name-server 9.9.9.9 ntp { server time1.vyos.net { } server time2.vyos.net { } server time3.vyos.net { } } syslog { global { facility all { level info } facility protocols { level debug } } } } vpn { ipsec { esp-group ESP-DMVPN { compression disable lifetime 1800 mode transport pfs dh-group2 proposal 1 { encryption aes256 hash sha1 } } ike-group IKE-DMVPN { close-action none ikev2-reauth no key-exchange ikev1 lifetime 3600 proposal 1 { dh-group 2 encryption aes256 hash sha1 } } ipsec-interfaces { interface pppoe1 } profile NHRPVPN { authentication { mode pre-shared-secret pre-shared-secret VyOS-topsecret } bind { tunnel tun0 } esp-group ESP-DMVPN ike-group IKE-DMVPN } } } // Warning: Do not remove the following line. // vyos-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack@3:conntrack-sync@2:dhcp-relay@2:dhcp-server@6:dhcpv6-server@1:dns-forwarding@3:firewall@5:https@2:interfaces@22:ipoe-server@1:ipsec@5:isis@1:l2tp@3:lldp@1:mdns@1:nat@5:ntp@1:pppoe-server@5:pptp@2:qos@1:quagga@8:rpki@1:salt@1:snmp@2:ssh@2:sstp@3:system@21:vrrp@2:vyos-accel-ppp@2:wanloadbalance@3:webproxy@2:zone-policy@1" // Release version: 1.3.0-epa3