- set system host-name 'VyOS-for-On-Prem'
    - set system login banner pre-login 'Welcome to the VyOS for DEMO'
    - set interfaces ethernet eth0 description 'WAN'
    - set interfaces ethernet eth1 description 'LAN'
    - set interfaces ethernet eth1 dhcp-options no-default-route
    - set system name-server '<DNS>'
    - set service dns forwarding name-server '<DNS>'
    - set service dns forwarding listen-address '<VYOS_PRIV_NIC_IP>'
    - set service dns forwarding allow-from '<VYOS_CIDR>'
    - set service dns forwarding no-serve-rfc1918
    - set nat source rule 10 outbound-interface name 'eth0'
    - set nat source rule 10 source address '<VYOS_CIDR>'
    - set nat source rule 10 translation address 'masquerade'
    - set vpn ipsec interface 'eth0'
    - set vpn ipsec esp-group AWS lifetime '3600'
    - set vpn ipsec esp-group AWS mode 'tunnel'
    - set vpn ipsec esp-group AWS pfs 'dh-group2'
    - set vpn ipsec esp-group AWS proposal 1 encryption 'aes256'
    - set vpn ipsec esp-group AWS proposal 1 hash 'sha1'
    - set vpn ipsec ike-group AWS dead-peer-detection action 'restart'
    - set vpn ipsec ike-group AWS dead-peer-detection interval '15'
    - set vpn ipsec ike-group AWS ikev2-reauth
    - set vpn ipsec ike-group AWS key-exchange 'ikev2'
    - set vpn ipsec ike-group AWS lifetime '28800'
    - set vpn ipsec ike-group AWS proposal 1 dh-group '2'
    - set vpn ipsec ike-group AWS proposal 1 encryption 'aes256'
    - set vpn ipsec ike-group AWS proposal 1 hash 'sha1'
    - set vpn ipsec ike-group AWS close-action start
    - set vpn ipsec option disable-route-autoinstall
    - set interfaces vti vti1 address '10.2.100.11/32'
    - set interfaces vti vti1 description 'Tunnel for VyOS-01 in AWS'
    - set interfaces vti vti1 ip adjust-mss '1350'
    - set interfaces vti vti2 address '10.2.100.12/32'
    - set interfaces vti vti2 description 'Tunnel for VyOS-02 in AWS'
    - set interfaces vti vti2 ip adjust-mss '1350'
    - set protocols bfd peer 10.1.100.11 interval multiplier '3'
    - set protocols bfd peer 10.1.100.11 interval receive '300'
    - set protocols bfd peer 10.1.100.11 interval transmit '300'
    - set protocols bfd peer 10.1.100.12 interval multiplier '3'
    - set protocols bfd peer 10.1.100.12 interval receive '300'
    - set protocols bfd peer 10.1.100.12 interval transmit '300'
    - set protocols static route 10.1.100.11/32 interface vti1
    - set protocols static route 10.1.100.12/32 interface vti2
    - set vpn ipsec authentication psk VyOS id '<VYOS_PUBLIC_IP>'
    - set vpn ipsec authentication psk VyOS id '<AWS_VYOS_PUBLIC_IP_01>'
    - set vpn ipsec authentication psk VyOS id '<AWS_VYOS_PUBLIC_IP_02>'
    - set vpn ipsec authentication psk VyOS secret 'ch00s3-4-s3cur3-psk'
    - set vpn ipsec site-to-site peer AWS-VyOS-01 authentication local-id '<VYOS_PUBLIC_IP>'
    - set vpn ipsec site-to-site peer AWS-VyOS-01 authentication mode 'pre-shared-secret'
    - set vpn ipsec site-to-site peer AWS-VyOS-01 authentication remote-id '<AWS_VYOS_PUBLIC_IP_01>'
    - set vpn ipsec site-to-site peer AWS-VyOS-01 connection-type 'none'
    - set vpn ipsec site-to-site peer AWS-VyOS-01 description 'TUNNEL to VyOS on AWS'
    - set vpn ipsec site-to-site peer AWS-VyOS-01 ike-group 'AWS'
    - set vpn ipsec site-to-site peer AWS-VyOS-01 ikev2-reauth 'inherit'
    - set vpn ipsec site-to-site peer AWS-VyOS-01 local-address '<vyos_pub_nic_ip>'
    - set vpn ipsec site-to-site peer AWS-VyOS-01 remote-address '<AWS_VYOS_PUBLIC_IP_01>'
    - set vpn ipsec site-to-site peer AWS-VyOS-01 vti bind 'vti1'
    - set vpn ipsec site-to-site peer AWS-VyOS-01 vti esp-group 'AWS'
    - set vpn ipsec site-to-site peer AWS-VyOS-02 authentication local-id '<VYOS_PUBLIC_IP>'
    - set vpn ipsec site-to-site peer AWS-VyOS-02 authentication mode 'pre-shared-secret'
    - set vpn ipsec site-to-site peer AWS-VyOS-02 authentication remote-id '<AWS_VYOS_PUBLIC_IP_02>'
    - set vpn ipsec site-to-site peer AWS-VyOS-02 connection-type 'none'
    - set vpn ipsec site-to-site peer AWS-VyOS-02 description 'TUNNEL to VyOS on AWS'
    - set vpn ipsec site-to-site peer AWS-VyOS-02 ike-group 'AWS'
    - set vpn ipsec site-to-site peer AWS-VyOS-02 ikev2-reauth 'inherit'
    - set vpn ipsec site-to-site peer AWS-VyOS-02 local-address '<vyos_pub_nic_ip>'
    - set vpn ipsec site-to-site peer AWS-VyOS-02 remote-address '<AWS_VYOS_PUBLIC_IP_02>'
    - set vpn ipsec site-to-site peer AWS-VyOS-02 vti bind 'vti2'
    - set vpn ipsec site-to-site peer AWS-VyOS-02 vti esp-group 'AWS'
    - set protocols bgp system-as '<vyos_bgp_as_number>'
    - set protocols bgp address-family ipv4-unicast network <VYOS_CIDR>
    - set protocols bgp neighbor 10.1.100.11 remote-as '<on_prem_bgp_as_number>'
    - set protocols bgp neighbor 10.1.100.11 address-family ipv4-unicast soft-reconfiguration inbound
    - set protocols bgp neighbor 10.1.100.11 timers holdtime '30'
    - set protocols bgp neighbor 10.1.100.11 bfd
    - set protocols bgp neighbor 10.1.100.11 disable-connected-check
    - set protocols bgp neighbor 10.1.100.11 update-source '10.2.100.11'
    - set protocols bgp neighbor 10.1.100.12 remote-as '<on_prem_bgp_as_number>'
    - set protocols bgp neighbor 10.1.100.12 address-family ipv4-unicast soft-reconfiguration inbound
    - set protocols bgp neighbor 10.1.100.12 timers holdtime '30'
    - set protocols bgp neighbor 10.1.100.12 bfd
    - set protocols bgp neighbor 10.1.100.12 disable-connected-check
    - set protocols bgp neighbor 10.1.100.12 update-source '10.2.100.12'