From 02e462900ff6b57102229fe7eaaeaca1dc045246 Mon Sep 17 00:00:00 2001
From: aslanvyos <126803786+aslanvyos@users.noreply.github.com>
Date: Wed, 18 Oct 2023 12:14:46 +0400
Subject: Update site2site_ipsec.rst

To make easily understandable the Site-to-Site VPN ikev2 configuration for users (specially if the user is new in VyOS) made the following changes:
- Added dummy interface to both routers for testing purposes
- Added static route for both routers for dummy interface
---
 docs/configuration/vpn/site2site_ipsec.rst | 23 +++++++++++++++++++++--
 1 file changed, 21 insertions(+), 2 deletions(-)

(limited to 'docs')

diff --git a/docs/configuration/vpn/site2site_ipsec.rst b/docs/configuration/vpn/site2site_ipsec.rst
index 879f8dfa..0be12955 100644
--- a/docs/configuration/vpn/site2site_ipsec.rst
+++ b/docs/configuration/vpn/site2site_ipsec.rst
@@ -272,15 +272,28 @@ Imagine the following topology
 
    IPSec IKEv2 site2site VPN (source ./draw.io/vpn_s2s_ikev2.drawio)
 
+**LEFT:**
+* WAN interface on `eth0.201`
+* `eth0.201` interface IP: `172.18.201.10/24`
+* `vti10` interface IP: `10.0.0.2/31`
+* `dum0` interface IP: `10.0.11.1/24` (for testing purposes we create the `dummy` interface)
+
+**RIGHT:**
+* WAN interface on `eth0.202`
+* `eth0.201` interface IP: `172.18.202.10/24`
+* `vti10` interface IP: `10.0.0.3/31`
+* `dum0` interface IP: `10.0.12.1/24` (for testing purposes we create the `dummy` interface)
 
 .. note:: Don't get confused about the used /31 tunnel subnet. :rfc:`3021`
    gives you additional information for using /31 subnets on point-to-point
    links.
 
-**left**
+**LEFT**
 
 .. code-block:: none
 
+  set interfaces ethernet eth0 vif 201 address '172.18.201.10/24'
+  set interfaces dummy dum0 address '10.0.11.1/24'
   set interfaces vti vti10 address '10.0.0.2/31'
 
   set vpn ipsec esp-group ESP_DEFAULT compression 'disable'
@@ -311,10 +324,14 @@ Imagine the following topology
   set vpn ipsec site-to-site peer 172.18.202.10 vti bind 'vti10'
   set vpn ipsec site-to-site peer 172.18.202.10 vti esp-group 'ESP_DEFAULT'
 
-**right**
+  set protocols static interface-route 10.0.12.0/24 next-hop-interface vti10
+
+**RIGHT**
 
 .. code-block:: none
 
+  set interfaces ethernet eth0 vif 202 address '172.18.202.10/24'
+  set interfaces dummy dum0 address '10.0.12.1/24'
   set interfaces vti vti10 address '10.0.0.3/31'
 
   set vpn ipsec esp-group ESP_DEFAULT compression 'disable'
@@ -345,6 +362,8 @@ Imagine the following topology
   set vpn ipsec site-to-site peer 172.18.201.10 vti bind 'vti10'
   set vpn ipsec site-to-site peer 172.18.201.10 vti esp-group 'ESP_DEFAULT'
 
+  set protocols static interface-route 10.0.11.0/24 next-hop-interface vti10
+
 Key Parameters:
 
 * ``authentication local-id/remote-id`` - IKE identification is used for
-- 
cgit v1.2.3


From b6e9dbe49e4682d846a348a59f7ffbfb45786f08 Mon Sep 17 00:00:00 2001
From: aslanvyos <126803786+aslanvyos@users.noreply.github.com>
Date: Wed, 18 Oct 2023 12:22:34 +0400
Subject: Update site2site_ipsec.rst

To make easily understandable the Site-to-Site VPN ikev2 configuration for users (specially if the user is new in VyOS) made the following changes:

Added dummy interface to both routers for testing purposes
Added static route for both routers for dummy interface
---
 docs/configuration/vpn/site2site_ipsec.rst | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'docs')

diff --git a/docs/configuration/vpn/site2site_ipsec.rst b/docs/configuration/vpn/site2site_ipsec.rst
index 0be12955..53109243 100644
--- a/docs/configuration/vpn/site2site_ipsec.rst
+++ b/docs/configuration/vpn/site2site_ipsec.rst
@@ -276,13 +276,13 @@ Imagine the following topology
 * WAN interface on `eth0.201`
 * `eth0.201` interface IP: `172.18.201.10/24`
 * `vti10` interface IP: `10.0.0.2/31`
-* `dum0` interface IP: `10.0.11.1/24` (for testing purposes we create the `dummy` interface)
+* `dum0` interface IP: `10.0.11.1/24` (for testing purposes)
 
 **RIGHT:**
 * WAN interface on `eth0.202`
 * `eth0.201` interface IP: `172.18.202.10/24`
 * `vti10` interface IP: `10.0.0.3/31`
-* `dum0` interface IP: `10.0.12.1/24` (for testing purposes we create the `dummy` interface)
+* `dum0` interface IP: `10.0.12.1/24` (for testing purposes)
 
 .. note:: Don't get confused about the used /31 tunnel subnet. :rfc:`3021`
    gives you additional information for using /31 subnets on point-to-point
-- 
cgit v1.2.3