summaryrefslogtreecommitdiff
path: root/smoketest/config-tests/bgp-azure-ipsec-gateway
blob: bbd7b961f57c9b33dfbe0a5fd7b84fe6334b3005 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231

set firewall global-options all-ping 'enable'
set firewall global-options broadcast-ping 'disable'
set firewall global-options ip-src-route 'disable'
set firewall global-options ipv6-receive-redirects 'disable'
set firewall global-options ipv6-src-route 'disable'
set firewall global-options log-martians 'disable'
set firewall global-options receive-redirects 'disable'
set firewall global-options send-redirects 'enable'
set firewall global-options source-validation 'disable'
set firewall global-options syn-cookies 'enable'
set firewall global-options twa-hazards-protection 'disable'
set high-availability vrrp group DMZ-VLAN-3962 address 192.168.34.36/27
set high-availability vrrp group DMZ-VLAN-3962 interface 'eth1'
set high-availability vrrp group DMZ-VLAN-3962 preempt-delay '180'
set high-availability vrrp group DMZ-VLAN-3962 priority '200'
set high-availability vrrp group DMZ-VLAN-3962 vrid '62'
set interfaces ethernet eth0 address '192.0.2.189/27'
set interfaces ethernet eth0 duplex 'auto'
set interfaces ethernet eth0 offload gro
set interfaces ethernet eth0 speed 'auto'
set interfaces ethernet eth1 address '192.168.34.37/27'
set interfaces ethernet eth1 duplex 'auto'
set interfaces ethernet eth1 offload gro
set interfaces ethernet eth1 speed 'auto'
set interfaces loopback lo
set interfaces vti vti31 ip adjust-mss '1350'
set interfaces vti vti32 ip adjust-mss '1350'
set interfaces vti vti41 ip adjust-mss '1350'
set interfaces vti vti42 ip adjust-mss '1350'
set interfaces vti vti51 ip adjust-mss '1350'
set interfaces vti vti52 ip adjust-mss '1350'
set policy prefix-list AZURE-BGP-IPv4-in description 'Prefixes received from Azure'
set policy prefix-list AZURE-BGP-IPv4-in rule 100 action 'permit'
set policy prefix-list AZURE-BGP-IPv4-in rule 100 le '32'
set policy prefix-list AZURE-BGP-IPv4-in rule 100 prefix '100.64.0.0/10'
set policy prefix-list ONPREM-BGP-IPv4-out description 'Prefixes allowed to be announced into Azure'
set policy prefix-list ONPREM-BGP-IPv4-out rule 100 action 'permit'
set policy prefix-list ONPREM-BGP-IPv4-out rule 100 prefix '10.0.0.0/8'
set policy prefix-list ONPREM-BGP-IPv4-out rule 200 action 'permit'
set policy prefix-list ONPREM-BGP-IPv4-out rule 200 prefix '172.16.0.0/12'
set policy prefix-list ONPREM-BGP-IPv4-out rule 300 action 'permit'
set policy prefix-list ONPREM-BGP-IPv4-out rule 300 prefix '192.168.0.0/16'
set protocols bgp address-family ipv4-unicast network 10.0.0.0/8
set protocols bgp address-family ipv4-unicast network 172.16.0.0/12
set protocols bgp address-family ipv4-unicast network 192.168.0.0/16
set protocols bgp neighbor 100.66.8.36 peer-group 'AZURE'
set protocols bgp neighbor 100.66.8.36 remote-as '64517'
set protocols bgp neighbor 100.66.8.37 peer-group 'AZURE'
set protocols bgp neighbor 100.66.8.37 remote-as '64517'
set protocols bgp neighbor 100.66.24.36 peer-group 'AZURE'
set protocols bgp neighbor 100.66.24.36 remote-as '64513'
set protocols bgp neighbor 100.66.24.37 peer-group 'AZURE'
set protocols bgp neighbor 100.66.24.37 remote-as '64513'
set protocols bgp neighbor 100.66.40.36 peer-group 'AZURE'
set protocols bgp neighbor 100.66.40.36 remote-as '64515'
set protocols bgp neighbor 100.66.40.37 peer-group 'AZURE'
set protocols bgp neighbor 100.66.40.37 remote-as '64515'
set protocols bgp neighbor 192.168.34.38 address-family ipv4-unicast nexthop-self
set protocols bgp neighbor 192.168.34.38 address-family ipv4-unicast soft-reconfiguration inbound
set protocols bgp neighbor 192.168.34.38 capability dynamic
set protocols bgp neighbor 192.168.34.38 password 'VyOSR0xx123'
set protocols bgp neighbor 192.168.34.38 remote-as '65522'
set protocols bgp neighbor 192.168.34.38 update-source 'eth1'
set protocols bgp peer-group AZURE address-family ipv4-unicast maximum-prefix '50'
set protocols bgp peer-group AZURE address-family ipv4-unicast prefix-list export 'ONPREM-BGP-IPv4-out'
set protocols bgp peer-group AZURE address-family ipv4-unicast prefix-list import 'AZURE-BGP-IPv4-in'
set protocols bgp peer-group AZURE ebgp-multihop '2'
set protocols bgp peer-group AZURE update-source 'eth1'
set protocols bgp system-as '65522'
set protocols bgp timers holdtime '30'
set protocols bgp timers keepalive '5'
set protocols static route 0.0.0.0/0 next-hop 192.168.34.33
set protocols static route 51.105.0.0/16 next-hop 192.0.2.161
set protocols static route 52.143.0.0/16 next-hop 192.0.2.161
set protocols static route 100.66.8.36/32 interface vti31
set protocols static route 100.66.8.36/32 interface vti32
set protocols static route 100.66.8.37/32 interface vti31
set protocols static route 100.66.8.37/32 interface vti32
set protocols static route 100.66.24.36/32 interface vti41
set protocols static route 100.66.24.36/32 interface vti42
set protocols static route 100.66.24.37/32 interface vti41
set protocols static route 100.66.24.37/32 interface vti42
set protocols static route 100.66.40.36/32 interface vti51
set protocols static route 100.66.40.36/32 interface vti52
set protocols static route 100.66.40.37/32 interface vti51
set protocols static route 100.66.40.37/32 interface vti52
set protocols static route 195.137.175.0/24 next-hop 192.0.2.161
set protocols static route 212.23.159.0/26 next-hop 192.0.2.161
set service ntp allow-client address '0.0.0.0/0'
set service ntp allow-client address '::/0'
set service ntp server 192.0.2.254
set service snmp v3 engineid 'ff42'
set service snmp v3 group default mode 'ro'
set service snmp v3 group default seclevel 'priv'
set service snmp v3 group default view 'default'
set service snmp v3 user VyOS auth encrypted-password '1ad73f4620b8c0dd2de066622f875b161a14adad'
set service snmp v3 user VyOS auth type 'sha'
set service snmp v3 user VyOS group 'default'
set service snmp v3 user VyOS privacy encrypted-password '1ad73f4620b8c0dd2de066622f875b16'
set service snmp v3 user VyOS privacy type 'aes'
set service snmp v3 view default oid 1
set service ssh disable-host-validation
set service ssh port '22'
set system config-management commit-revisions '100'
set system conntrack modules ftp
set system conntrack modules h323
set system conntrack modules nfs
set system conntrack modules pptp
set system conntrack modules sip
set system conntrack modules sqlnet
set system conntrack modules tftp
set system console device ttyS0 speed '115200'
set system domain-name 'vyos.net'
set system flow-accounting interface 'eth1'
set system flow-accounting interface 'vti31'
set system flow-accounting interface 'vti32'
set system flow-accounting interface 'vti41'
set system flow-accounting interface 'vti42'
set system flow-accounting interface 'vti51'
set system flow-accounting interface 'vti52'
set system flow-accounting netflow server 10.0.1.1 port '2055'
set system flow-accounting netflow source-address '192.168.34.37'
set system flow-accounting netflow version '10'
set system flow-accounting syslog-facility 'daemon'
set system host-name 'azure-gw-01'
set system login radius server 192.0.2.253 key 'secret1234'
set system login radius server 192.0.2.253 port '1812'
set system login radius server 192.0.2.253 timeout '2'
set system login radius server 192.0.2.254 key 'secret1234'
set system login radius server 192.0.2.254 port '1812'
set system login radius server 192.0.2.254 timeout '2'
set system login radius source-address '192.168.34.37'
set system login user vyos authentication encrypted-password '$6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0'
set system login user vyos authentication plaintext-password ''
set system logs logrotate messages max-size '20'
set system logs logrotate messages rotate '10'
set system name-server '192.0.2.254'
set system syslog global facility all level 'info'
set system syslog global facility local7 level 'debug'
set system syslog host 10.0.9.188 facility all level 'info'
set system syslog host 10.0.9.188 protocol 'udp'
set system time-zone 'Europe/Berlin'
set vpn ipsec authentication psk peer_51-105-0-1 id '51.105.0.1'
set vpn ipsec authentication psk peer_51-105-0-1 id '192.0.2.189'
set vpn ipsec authentication psk peer_51-105-0-1 secret 'averysecretpsktowardsazure'
set vpn ipsec authentication psk peer_51-105-0-2 id '51.105.0.2'
set vpn ipsec authentication psk peer_51-105-0-2 id '192.0.2.189'
set vpn ipsec authentication psk peer_51-105-0-2 secret 'averysecretpsktowardsazure'
set vpn ipsec authentication psk peer_51-105-0-3 id '51.105.0.3'
set vpn ipsec authentication psk peer_51-105-0-3 id '192.0.2.189'
set vpn ipsec authentication psk peer_51-105-0-3 secret 'averysecretpsktowardsazure'
set vpn ipsec authentication psk peer_51-105-0-4 id '51.105.0.4'
set vpn ipsec authentication psk peer_51-105-0-4 id '192.0.2.189'
set vpn ipsec authentication psk peer_51-105-0-4 secret 'averysecretpsktowardsazure'
set vpn ipsec authentication psk peer_51-105-0-5 id '51.105.0.5'
set vpn ipsec authentication psk peer_51-105-0-5 id '192.0.2.189'
set vpn ipsec authentication psk peer_51-105-0-5 secret 'averysecretpsktowardsazure'
set vpn ipsec authentication psk peer_51-105-0-6 id '51.105.0.6'
set vpn ipsec authentication psk peer_51-105-0-6 id '192.0.2.189'
set vpn ipsec authentication psk peer_51-105-0-6 secret 'averysecretpsktowardsazure'
set vpn ipsec esp-group ESP-AZURE lifetime '27000'
set vpn ipsec esp-group ESP-AZURE mode 'tunnel'
set vpn ipsec esp-group ESP-AZURE pfs 'disable'
set vpn ipsec esp-group ESP-AZURE proposal 1 encryption 'aes256'
set vpn ipsec esp-group ESP-AZURE proposal 1 hash 'sha1'
set vpn ipsec ike-group IKE-AZURE close-action 'none'
set vpn ipsec ike-group IKE-AZURE dead-peer-detection action 'restart'
set vpn ipsec ike-group IKE-AZURE dead-peer-detection interval '2'
set vpn ipsec ike-group IKE-AZURE dead-peer-detection timeout '15'
set vpn ipsec ike-group IKE-AZURE key-exchange 'ikev2'
set vpn ipsec ike-group IKE-AZURE lifetime '27000'
set vpn ipsec ike-group IKE-AZURE proposal 1 dh-group '2'
set vpn ipsec ike-group IKE-AZURE proposal 1 encryption 'aes256'
set vpn ipsec ike-group IKE-AZURE proposal 1 hash 'sha1'
set vpn ipsec interface 'eth0'
set vpn ipsec log level '2'
set vpn ipsec log subsystem 'ike'
set vpn ipsec site-to-site peer peer_51-105-0-1 authentication mode 'pre-shared-secret'
set vpn ipsec site-to-site peer peer_51-105-0-1 authentication remote-id '51.105.0.1'
set vpn ipsec site-to-site peer peer_51-105-0-1 connection-type 'respond'
set vpn ipsec site-to-site peer peer_51-105-0-1 default-esp-group 'ESP-AZURE'
set vpn ipsec site-to-site peer peer_51-105-0-1 ike-group 'IKE-AZURE'
set vpn ipsec site-to-site peer peer_51-105-0-1 ikev2-reauth 'inherit'
set vpn ipsec site-to-site peer peer_51-105-0-1 local-address '192.0.2.189'
set vpn ipsec site-to-site peer peer_51-105-0-1 remote-address '51.105.0.1'
set vpn ipsec site-to-site peer peer_51-105-0-1 vti bind 'vti51'
set vpn ipsec site-to-site peer peer_51-105-0-2 authentication mode 'pre-shared-secret'
set vpn ipsec site-to-site peer peer_51-105-0-2 authentication remote-id '51.105.0.2'
set vpn ipsec site-to-site peer peer_51-105-0-2 connection-type 'respond'
set vpn ipsec site-to-site peer peer_51-105-0-2 default-esp-group 'ESP-AZURE'
set vpn ipsec site-to-site peer peer_51-105-0-2 ike-group 'IKE-AZURE'
set vpn ipsec site-to-site peer peer_51-105-0-2 ikev2-reauth 'inherit'
set vpn ipsec site-to-site peer peer_51-105-0-2 local-address '192.0.2.189'
set vpn ipsec site-to-site peer peer_51-105-0-2 remote-address '51.105.0.2'
set vpn ipsec site-to-site peer peer_51-105-0-2 vti bind 'vti52'
set vpn ipsec site-to-site peer peer_51-105-0-3 authentication mode 'pre-shared-secret'
set vpn ipsec site-to-site peer peer_51-105-0-3 authentication remote-id '51.105.0.3'
set vpn ipsec site-to-site peer peer_51-105-0-3 connection-type 'respond'
set vpn ipsec site-to-site peer peer_51-105-0-3 ike-group 'IKE-AZURE'
set vpn ipsec site-to-site peer peer_51-105-0-3 ikev2-reauth 'inherit'
set vpn ipsec site-to-site peer peer_51-105-0-3 local-address '192.0.2.189'
set vpn ipsec site-to-site peer peer_51-105-0-3 remote-address '51.105.0.3'
set vpn ipsec site-to-site peer peer_51-105-0-3 vti bind 'vti32'
set vpn ipsec site-to-site peer peer_51-105-0-3 vti esp-group 'ESP-AZURE'
set vpn ipsec site-to-site peer peer_51-105-0-4 authentication mode 'pre-shared-secret'
set vpn ipsec site-to-site peer peer_51-105-0-4 authentication remote-id '51.105.0.4'
set vpn ipsec site-to-site peer peer_51-105-0-4 connection-type 'respond'
set vpn ipsec site-to-site peer peer_51-105-0-4 ike-group 'IKE-AZURE'
set vpn ipsec site-to-site peer peer_51-105-0-4 ikev2-reauth 'inherit'
set vpn ipsec site-to-site peer peer_51-105-0-4 local-address '192.0.2.189'
set vpn ipsec site-to-site peer peer_51-105-0-4 remote-address '51.105.0.4'
set vpn ipsec site-to-site peer peer_51-105-0-4 vti bind 'vti31'
set vpn ipsec site-to-site peer peer_51-105-0-4 vti esp-group 'ESP-AZURE'
set vpn ipsec site-to-site peer peer_51-105-0-5 authentication mode 'pre-shared-secret'
set vpn ipsec site-to-site peer peer_51-105-0-5 authentication remote-id '51.105.0.5'
set vpn ipsec site-to-site peer peer_51-105-0-5 connection-type 'respond'
set vpn ipsec site-to-site peer peer_51-105-0-5 ike-group 'IKE-AZURE'
set vpn ipsec site-to-site peer peer_51-105-0-5 ikev2-reauth 'inherit'
set vpn ipsec site-to-site peer peer_51-105-0-5 local-address '192.0.2.189'
set vpn ipsec site-to-site peer peer_51-105-0-5 remote-address '51.105.0.5'
set vpn ipsec site-to-site peer peer_51-105-0-5 vti bind 'vti42'
set vpn ipsec site-to-site peer peer_51-105-0-5 vti esp-group 'ESP-AZURE'
set vpn ipsec site-to-site peer peer_51-105-0-6 authentication mode 'pre-shared-secret'
set vpn ipsec site-to-site peer peer_51-105-0-6 authentication remote-id '51.105.0.6'
set vpn ipsec site-to-site peer peer_51-105-0-6 connection-type 'respond'
set vpn ipsec site-to-site peer peer_51-105-0-6 ike-group 'IKE-AZURE'
set vpn ipsec site-to-site peer peer_51-105-0-6 ikev2-reauth 'inherit'
set vpn ipsec site-to-site peer peer_51-105-0-6 local-address '192.0.2.189'
set vpn ipsec site-to-site peer peer_51-105-0-6 remote-address '51.105.0.6'
set vpn ipsec site-to-site peer peer_51-105-0-6 vti bind 'vti41'
set vpn ipsec site-to-site peer peer_51-105-0-6 vti esp-group 'ESP-AZURE'
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-05 05:28:34 +0000