CloudFormation/vyos-vyos-template-with-advanced-configuration/opposide-side-vyos-instance-config-example.txt


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57

    set system host-name 'VyOS-in-Corporate-Data-Center'
    set system login banner pre-login 'Welcome to the VyOS on Corporate Data Center'
    set interfaces ethernet eth0 description 'OUTSIDE'
    set interfaces ethernet eth0 address '10.1.1.4/24'
    set interfaces ethernet eth1 description 'INSIDE'
    set interfaces ethernet eth1 address '10.1.11.4/24'
    set system name-server '8.8.8.8'
    set system name-server '8.8.4.8'
    set service dns forwarding name-server '8.8.8.8'
    set service dns forwarding listen-address '10.1.11.4'
    set service dns forwarding allow-from '10.1.11.0/24'
    set service dns forwarding no-serve-rfc1918
    set nat source rule 10 outbound-interface name 'eth0'
    set nat source rule 10 source address '10.1.11.0/24'
    set nat source rule 10 translation address 'masquerade'
    set vpn ipsec interface 'eth0'
    set vpn ipsec esp-group AWS lifetime '3600'
    set vpn ipsec esp-group AWS mode 'tunnel'
    set vpn ipsec esp-group AWS pfs 'dh-group2'
    set vpn ipsec esp-group AWS proposal 1 encryption 'aes256'
    set vpn ipsec esp-group AWS proposal 1 hash 'sha1'
    set vpn ipsec ike-group AWS dead-peer-detection action 'restart'
    set vpn ipsec ike-group AWS dead-peer-detection interval '15'
    set vpn ipsec ike-group AWS dead-peer-detection timeout '30'
    set vpn ipsec ike-group AWS ikev2-reauth
    set vpn ipsec ike-group AWS key-exchange 'ikev2'
    set vpn ipsec ike-group AWS lifetime '28800'
    set vpn ipsec ike-group AWS proposal 1 dh-group '2'
    set vpn ipsec ike-group AWS proposal 1 encryption 'aes256'
    set vpn ipsec ike-group AWS proposal 1 hash 'sha1'
    set vpn ipsec ike-group AWS close-action start
    set vpn ipsec option disable-route-autoinstall
    set interfaces vti vti1 address '10.2.100.11/32'
    set interfaces vti vti1 description 'Tunnel to VyOS on AWS'
    set interfaces vti vti1 ip adjust-mss '1350'
    set protocols static route 10.1.100.11/32 interface vti1
    set vpn ipsec authentication psk VyOS id '10.1.1.4'
    set vpn ipsec authentication psk VyOS id '10.0.1.10'
    set vpn ipsec authentication psk VyOS secret 'ch00s3-4-s3cur3-psk'
    set vpn ipsec site-to-site peer VyOS-on-AWS authentication local-id '10.1.1.4'
    set vpn ipsec site-to-site peer VyOS-on-AWS authentication mode 'pre-shared-secret'
    set vpn ipsec site-to-site peer VyOS-on-AWS authentication remote-id '10.0.1.10'
    set vpn ipsec site-to-site peer VyOS-on-AWS connection-type 'initiate'
    set vpn ipsec site-to-site peer VyOS-on-AWS description 'AWS TUNNEL to VyOS on AWS'
    set vpn ipsec site-to-site peer VyOS-on-AWS ike-group 'AWS'
    set vpn ipsec site-to-site peer VyOS-on-AWS ikev2-reauth 'inherit'
    set vpn ipsec site-to-site peer VyOS-on-AWS local-address '10.1.1.4'
    set vpn ipsec site-to-site peer VyOS-on-AWS remote-address '192.0.2.2'
    set vpn ipsec site-to-site peer VyOS-on-AWS vti bind 'vti1'
    set vpn ipsec site-to-site peer VyOS-on-AWS vti esp-group 'AWS'
    set protocols bgp system-as '65002'
    set protocols bgp address-family ipv4-unicast network 10.1.11.0/24
    set protocols bgp neighbor 10.1.100.11 remote-as '192.0.2.1'
    set protocols bgp neighbor 10.1.100.11 address-family ipv4-unicast soft-reconfiguration inbound
    set protocols bgp neighbor 10.1.100.11 timers holdtime '30'
    set protocols bgp neighbor 10.1.100.11 timers keepalive '10'
    set protocols bgp neighbor 10.1.100.11 ebgp-multihop '10'