From 65f456222375c017e45f27dfb283d1d4176e260f Mon Sep 17 00:00:00 2001 From: aslanvyos Date: Thu, 31 Oct 2024 10:04:05 +0400 Subject: Added CloudFormation templates for VyOS deployment on AWS --- .../opposide-side-vyos-instance-config-example.txt | 57 ++++++++++++++++++++++ 1 file changed, 57 insertions(+) create mode 100644 CloudFormation/vyos-vyos-template-with-advanced-configuration/opposide-side-vyos-instance-config-example.txt (limited to 'CloudFormation/vyos-vyos-template-with-advanced-configuration/opposide-side-vyos-instance-config-example.txt') diff --git a/CloudFormation/vyos-vyos-template-with-advanced-configuration/opposide-side-vyos-instance-config-example.txt b/CloudFormation/vyos-vyos-template-with-advanced-configuration/opposide-side-vyos-instance-config-example.txt new file mode 100644 index 0000000..692feac --- /dev/null +++ b/CloudFormation/vyos-vyos-template-with-advanced-configuration/opposide-side-vyos-instance-config-example.txt @@ -0,0 +1,57 @@ + set system host-name 'VyOS-in-Corporate-Data-Center' + set system login banner pre-login 'Welcome to the VyOS on Corporate Data Center' + set interfaces ethernet eth0 description 'OUTSIDE' + set interfaces ethernet eth0 address '10.1.1.4/24' + set interfaces ethernet eth1 description 'INSIDE' + set interfaces ethernet eth1 address '10.1.11.4/24' + set system name-server '8.8.8.8' + set system name-server '8.8.4.8' + set service dns forwarding name-server '8.8.8.8' + set service dns forwarding listen-address '10.1.11.4' + set service dns forwarding allow-from '10.1.11.0/24' + set service dns forwarding no-serve-rfc1918 + set nat source rule 10 outbound-interface name 'eth0' + set nat source rule 10 source address '10.1.11.0/24' + set nat source rule 10 translation address 'masquerade' + set vpn ipsec interface 'eth0' + set vpn ipsec esp-group AWS lifetime '3600' + set vpn ipsec esp-group AWS mode 'tunnel' + set vpn ipsec esp-group AWS pfs 'dh-group2' + set vpn ipsec esp-group AWS proposal 1 encryption 'aes256' + set vpn ipsec esp-group AWS proposal 1 hash 'sha1' + set vpn ipsec ike-group AWS dead-peer-detection action 'restart' + set vpn ipsec ike-group AWS dead-peer-detection interval '15' + set vpn ipsec ike-group AWS dead-peer-detection timeout '30' + set vpn ipsec ike-group AWS ikev2-reauth + set vpn ipsec ike-group AWS key-exchange 'ikev2' + set vpn ipsec ike-group AWS lifetime '28800' + set vpn ipsec ike-group AWS proposal 1 dh-group '2' + set vpn ipsec ike-group AWS proposal 1 encryption 'aes256' + set vpn ipsec ike-group AWS proposal 1 hash 'sha1' + set vpn ipsec ike-group AWS close-action start + set vpn ipsec option disable-route-autoinstall + set interfaces vti vti1 address '10.2.100.11/32' + set interfaces vti vti1 description 'Tunnel to VyOS on AWS' + set interfaces vti vti1 ip adjust-mss '1350' + set protocols static route 10.1.100.11/32 interface vti1 + set vpn ipsec authentication psk VyOS id '10.1.1.4' + set vpn ipsec authentication psk VyOS id '10.0.1.10' + set vpn ipsec authentication psk VyOS secret 'ch00s3-4-s3cur3-psk' + set vpn ipsec site-to-site peer VyOS-on-AWS authentication local-id '10.1.1.4' + set vpn ipsec site-to-site peer VyOS-on-AWS authentication mode 'pre-shared-secret' + set vpn ipsec site-to-site peer VyOS-on-AWS authentication remote-id '10.0.1.10' + set vpn ipsec site-to-site peer VyOS-on-AWS connection-type 'initiate' + set vpn ipsec site-to-site peer VyOS-on-AWS description 'AWS TUNNEL to VyOS on AWS' + set vpn ipsec site-to-site peer VyOS-on-AWS ike-group 'AWS' + set vpn ipsec site-to-site peer VyOS-on-AWS ikev2-reauth 'inherit' + set vpn ipsec site-to-site peer VyOS-on-AWS local-address '10.1.1.4' + set vpn ipsec site-to-site peer VyOS-on-AWS remote-address '192.0.2.2' + set vpn ipsec site-to-site peer VyOS-on-AWS vti bind 'vti1' + set vpn ipsec site-to-site peer VyOS-on-AWS vti esp-group 'AWS' + set protocols bgp system-as '65002' + set protocols bgp address-family ipv4-unicast network 10.1.11.0/24 + set protocols bgp neighbor 10.1.100.11 remote-as '192.0.2.1' + set protocols bgp neighbor 10.1.100.11 address-family ipv4-unicast soft-reconfiguration inbound + set protocols bgp neighbor 10.1.100.11 timers holdtime '30' + set protocols bgp neighbor 10.1.100.11 timers keepalive '10' + set protocols bgp neighbor 10.1.100.11 ebgp-multihop '10' \ No newline at end of file -- cgit v1.2.3