blob: e29dff674276bea4e018c421d470637b83af534d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
|
#On Prem VyOS instance configuration example
set system host-name 'VyOS-02'
set system login banner pre-login 'Welcome to the VyOS on Azure'
set interfaces ethernet eth0 description 'OUTSIDE'
set interfaces ethernet eth1 description 'INSIDE'
set system name-server '<DNS IP>'
set system name-server '<DNS IP>'
set service dns forwarding name-server '<DNS IP>'
set service dns forwarding listen-address '<VyOS_Priv_NIC_IP>'
set service dns forwarding allow-from '<On_Prem_Priv_Subnet_Prefix>'
set service dns forwarding no-serve-rfc1918
set nat source rule 10 outbound-interface name 'eth0'
set nat source rule 10 source address '<On_Prem_Priv_Subnet_Prefix>'
set nat source rule 10 translation address 'masquerade'
set vpn ipsec interface 'eth0'
set vpn ipsec esp-group AZURE lifetime '3600'
set vpn ipsec esp-group AZURE mode 'tunnel'
set vpn ipsec esp-group AZURE pfs 'dh-group2'
set vpn ipsec esp-group AZURE proposal 1 encryption 'aes256'
set vpn ipsec esp-group AZURE proposal 1 hash 'sha1'
set vpn ipsec ike-group AZURE dead-peer-detection action 'restart'
set vpn ipsec ike-group AZURE dead-peer-detection interval '15'
set vpn ipsec ike-group AZURE dead-peer-detection timeout '30'
set vpn ipsec ike-group AZURE ikev2-reauth
set vpn ipsec ike-group AZURE key-exchange 'ikev2'
set vpn ipsec ike-group AZURE lifetime '28800'
set vpn ipsec ike-group AZURE proposal 1 dh-group '2'
set vpn ipsec ike-group AZURE proposal 1 encryption 'aes256'
set vpn ipsec ike-group AZURE proposal 1 hash 'sha1'
set vpn ipsec ike-group AZURE close-action start
set vpn ipsec option disable-route-autoinstall
set vpn ipsec interface 'eth0'
set interfaces vti vti1 address '10.2.100.11/32'
set interfaces vti vti1 description 'Azure Tunnel to VyOS 01'
set interfaces vti vti1 ip adjust-mss '1350'
set protocols static route 10.1.100.11/32 interface vti1
set vpn ipsec authentication psk VyOS id '<Azure_VyOS_Instance_Public_IP_Address>'
set vpn ipsec authentication psk VyOS id '<On_Prem_VyOS_Instance_Public_IP_Address>'
set vpn ipsec authentication psk VyOS secret 'ch00s3-4-s3cur3-psk'
set vpn ipsec site-to-site peer VyOS-01 authentication local-id '<On_Prem_VyOS_Instance_Public_IP_Address>'
set vpn ipsec site-to-site peer VyOS-01 authentication mode 'pre-shared-secret'
set vpn ipsec site-to-site peer VyOS-01 authentication remote-id '<Azure_VyOS_Instance_Public_IP_Address>'
set vpn ipsec site-to-site peer VyOS-01 connection-type 'initiate'
set vpn ipsec site-to-site peer VyOS-01 description 'AZURE TUNNEL to 01'
set vpn ipsec site-to-site peer VyOS-01 ike-group 'AZURE'
set vpn ipsec site-to-site peer VyOS-01 ikev2-reauth 'inherit'
set vpn ipsec site-to-site peer VyOS-01 local-address '<On_Prem_VyOS_Instance_Public_IP_Address>'
set vpn ipsec site-to-site peer VyOS-01 remote-address '<Azure_VyOS_Instance_Public_IP_Address>'
set vpn ipsec site-to-site peer VyOS-01 vti bind 'vti1'
set vpn ipsec site-to-site peer VyOS-01 vti esp-group 'AZURE'
set protocols bgp system-as '<On_Prem_Net_BGP_AS_Number>'
set protocols bgp address-family ipv4-unicast network '<On_Prem_Net_Subnet_Prefix>'
set protocols bgp neighbor 10.1.100.11 remote-as '<Azure_Net_BGP_AS_Number>'
set protocols bgp neighbor 10.1.100.11 address-family ipv4-unicast soft-reconfiguration inbound
set protocols bgp neighbor 10.1.100.11 timers holdtime '30'
set protocols bgp neighbor 10.1.100.11 timers keepalive '10'
set protocols bgp neighbor 10.1.100.11 disable-connected-check
|
