blob: 6fc239d2764c7be8f841de9b2fe4d2f6c5453584 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
|
interfaces {
dummy dum0 {
address 172.20.0.1/30
}
ethernet eth0 {
address 192.168.150.1/24
}
}
system {
config-management {
commit-revisions 100
}
console {
device ttyS0 {
speed 115200
}
}
host-name vyos
login {
user vyos {
authentication {
encrypted-password $6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/
plaintext-password ""
}
}
}
ntp {
server time1.vyos.net {
}
server time2.vyos.net {
}
server time3.vyos.net {
}
}
syslog {
global {
facility all {
level info
}
facility protocols {
level debug
}
}
}
}
vpn {
ipsec {
esp-group MyESPGroup {
proposal 1 {
encryption aes128
hash sha1
}
}
ike-group MyIKEGroup {
proposal 1 {
dh-group 2
encryption aes128
hash sha1
}
}
ipsec-interfaces {
interface eth0
}
site-to-site {
peer 192.168.150.2 {
authentication {
mode x509
x509 {
ca-cert-file ovpn_test_ca.pem
cert-file ovpn_test_server.pem
key {
file ovpn_test_server.key
}
}
}
default-esp-group MyESPGroup
ike-group MyIKEGroup
local-address 192.168.150.1
tunnel 0 {
local {
prefix 172.20.0.0/24
}
remote {
prefix 172.21.0.0/24
}
}
}
peer 192.168.150.3 {
authentication {
mode rsa
pre-shared-secret MYSECRETKEY
rsa-key-name peer2
}
default-esp-group MyESPGroup
ike-group MyIKEGroup
local-address 192.168.150.1
tunnel 0 {
local {
prefix 172.20.0.0/24
}
remote {
prefix 172.22.0.0/24
}
}
}
}
}
l2tp {
remote-access {
authentication {
local-users {
username alice {
password notsecure
}
}
mode local
}
client-ip-pool {
start 192.168.255.2
stop 192.168.255.254
}
ipsec-settings {
authentication {
mode x509
x509 {
ca-cert-file /config/auth/ovpn_test_ca.pem
server-cert-file /config/auth/ovpn_test_server.pem
server-key-file /config/auth/ovpn_test_server.key
}
}
}
outside-address 192.168.150.1
}
}
rsa-keys {
local-key {
file /config/auth/ovpn_test_server.key
}
rsa-key-name peer2 {
rsa-key 0sAwEAAbudt5WQZSW2plbixjpgx4yVN/WMHdYRIZhyypJWO4ujQ/UQS9j3oTBgV2+RLtQ0YQ7eocwIfkvJVUnnZVMyZ4asQMOarQgbQ5nFGliCcDOMtNXRxHlMsvmjLx4o6FWbGukwgoxsT2x915n0XMn4XJNNSIEQotxj2GWFhEfBSPHyOM++kODk0lkbE7mLeHMMFq02vQhoczzEPWxjUUoY3jywhmHMfb4PdAKLFyt9x40znmPCYh+NSMQmpBXtD3gjGtX62bgrqKuP3BJU44x1gLlv8rJAJ4SY74YKnFUZ8m5GSbnVapwPOrp65lJZFKOGs2XXjAp5leoR+wmSYyqbDJM=
}
}
}
// Warning: Do not remove the following line.
// vyos-config-version: "bgp@1:broadcast-relay@1:cluster@1:config-management@1:conntrack@2:conntrack-sync@2:dhcp-relay@2:dhcp-server@5:dhcpv6-server@1:dns-forwarding@3:firewall@5:https@2:interfaces@22:ipoe-server@1:ipsec@6:isis@1:l2tp@3:lldp@1:mdns@1:nat@5:nat66@1:ntp@1:policy@1:pppoe-server@5:pptp@2:qos@1:quagga@9:rpki@1:salt@1:snmp@2:ssh@2:sstp@3:system@21:vrf@2:vrrp@2:vyos-accel-ppp@2:wanloadbalance@3:webproxy@2:zone-policy@1"
// Release version: 1.4-rolling-202106290839
|
