summaryrefslogtreecommitdiff
path: root/smoketest/configs/pki-ipsec
blob: 6fc239d2764c7be8f841de9b2fe4d2f6c5453584 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
interfaces {
    dummy dum0 {
        address 172.20.0.1/30
    }
    ethernet eth0 {
        address 192.168.150.1/24
    }
}
system {
    config-management {
        commit-revisions 100
    }
    console {
        device ttyS0 {
            speed 115200
        }
    }
    host-name vyos
    login {
        user vyos {
            authentication {
                encrypted-password $6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/
                plaintext-password ""
            }
        }
    }
    ntp {
        server time1.vyos.net {
        }
        server time2.vyos.net {
        }
        server time3.vyos.net {
        }
    }
    syslog {
        global {
            facility all {
                level info
            }
            facility protocols {
                level debug
            }
        }
    }
}
vpn {
    ipsec {
        esp-group MyESPGroup {
            proposal 1 {
                encryption aes128
                hash sha1
            }
        }
        ike-group MyIKEGroup {
            proposal 1 {
                dh-group 2
                encryption aes128
                hash sha1
            }
        }
        ipsec-interfaces {
            interface eth0
        }
        site-to-site {
            peer 192.168.150.2 {
                authentication {
                    mode x509
                    x509 {
                        ca-cert-file ovpn_test_ca.pem
                        cert-file ovpn_test_server.pem
                        key {
                            file ovpn_test_server.key
                        }
                    }
                }
                default-esp-group MyESPGroup
                ike-group MyIKEGroup
                local-address 192.168.150.1
                tunnel 0 {
                    local {
                        prefix 172.20.0.0/24
                    }
                    remote {
                        prefix 172.21.0.0/24
                    }
                }
            }
            peer 192.168.150.3 {
                authentication {
                    mode rsa
                    pre-shared-secret MYSECRETKEY
                    rsa-key-name peer2
                }
                default-esp-group MyESPGroup
                ike-group MyIKEGroup
                local-address 192.168.150.1
                tunnel 0 {
                    local {
                        prefix 172.20.0.0/24
                    }
                    remote {
                        prefix 172.22.0.0/24
                    }
                }
            }
        }
    }
    l2tp {
        remote-access {
            authentication {
                local-users {
                    username alice {
                        password notsecure
                    }
                }
                mode local
            }
            client-ip-pool {
                start 192.168.255.2
                stop 192.168.255.254
            }
            ipsec-settings {
                authentication {
                    mode x509
                    x509 {
                        ca-cert-file /config/auth/ovpn_test_ca.pem
                        server-cert-file /config/auth/ovpn_test_server.pem
                        server-key-file /config/auth/ovpn_test_server.key
                    }
                }
            }
            outside-address 192.168.150.1
        }
    }
    rsa-keys {
        local-key {
            file /config/auth/ovpn_test_server.key
        }
        rsa-key-name peer2 {
            rsa-key 0sAwEAAbudt5WQZSW2plbixjpgx4yVN/WMHdYRIZhyypJWO4ujQ/UQS9j3oTBgV2+RLtQ0YQ7eocwIfkvJVUnnZVMyZ4asQMOarQgbQ5nFGliCcDOMtNXRxHlMsvmjLx4o6FWbGukwgoxsT2x915n0XMn4XJNNSIEQotxj2GWFhEfBSPHyOM++kODk0lkbE7mLeHMMFq02vQhoczzEPWxjUUoY3jywhmHMfb4PdAKLFyt9x40znmPCYh+NSMQmpBXtD3gjGtX62bgrqKuP3BJU44x1gLlv8rJAJ4SY74YKnFUZ8m5GSbnVapwPOrp65lJZFKOGs2XXjAp5leoR+wmSYyqbDJM=
        }
    }
}


// Warning: Do not remove the following line.
// vyos-config-version: "bgp@1:broadcast-relay@1:cluster@1:config-management@1:conntrack@2:conntrack-sync@2:dhcp-relay@2:dhcp-server@5:dhcpv6-server@1:dns-forwarding@3:firewall@5:https@2:interfaces@22:ipoe-server@1:ipsec@6:isis@1:l2tp@3:lldp@1:mdns@1:nat@5:nat66@1:ntp@1:policy@1:pppoe-server@5:pptp@2:qos@1:quagga@9:rpki@1:salt@1:snmp@2:ssh@2:sstp@3:system@21:vrf@2:vrrp@2:vyos-accel-ppp@2:wanloadbalance@3:webproxy@2:zone-policy@1"
// Release version: 1.4-rolling-202106290839