SDN+NFV

Vyatta Azure VPN Config 1 (Script)

by ‎04-03-2014 02:04 PM - edited ‎04-03-2014 03:13 PM (3,379 Views)


interfaces {
ethernet eth0 {
address 192.168.150.66/24
duplex auto
hw-id 00:15:5d:96:64:03
smp_affinity auto
speed auto
}
ethernet eth1 {
address 10.0.0.1/24
duplex auto
hw-id 00:15:5d:96:64:07
smp_affinity auto
speed auto
}
loopback lo {
}
}
protocols {
static {
route 0.0.0.0/0 {
next-hop 192.168.150.1 {
}
}
}
}
service {
https {
http-redirect enable
}
ssh {
allow-root
disable-host-validation
listen-address 192.168.150.66
port 22
}
}
system {
config-management {
commit-revisions 20
}
console {
device ttyS0 {
speed 9600
}
}
host-name vyatta
login {
user vyatta {
authentication {
encrypted-password ****************
}
level admin
}
}
ntp {
server 0.vyatta.pool.ntp.org {
}
server 1.vyatta.pool.ntp.org {
}
server 2.vyatta.pool.ntp.org {
}
}
package {
auto-sync 1
repository supported {
components main
distribution stable
password ****************
url https://packages.vyatta.com/vyatta-supported
username ""
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone GMT
}
vpn {
ipsec {
esp-group Azure {
compression disable
lifetime 3600
mode tunnel
pfs disable
proposal 1 {
encryption aes256
hash sha1
}
}
ike-group Azure {
lifetime 28800
proposal 1 {
dh-group 2
encryption aes256
hash sha1
}
}
ipsec-interfaces {
interface eth0
}
logging {
log-modes all
}
site-to-site {
peer 138.91.173.68 {
authentication {
mode pre-shared-secret
pre-shared-secret ****************
}
connection-type initiate
default-esp-group Azure
description "Azure cloud Virtual Network Gateway"
ike-group Azure
local-address 192.168.150.66
tunnel 1 {
allow-nat-networks disable
allow-public-networks disable
local {
prefix 10.0.0.0/24
}
remote {
prefix 10.0.1.0/24
}
}
}
}
}
}


vyatta@vyatta:~$ show configuration commands
set interfaces ethernet eth0 address '192.168.150.66/24'
set interfaces ethernet eth0 duplex 'auto'
set interfaces ethernet eth0 hw-id '00:15:5d:96:64:03'
set interfaces ethernet eth0 smp_affinity 'auto'
set interfaces ethernet eth0 speed 'auto'
set interfaces ethernet eth1 address '10.0.0.1/24'
set interfaces ethernet eth1 duplex 'auto'
set interfaces ethernet eth1 hw-id '00:15:5d:96:64:07'
set interfaces ethernet eth1 smp_affinity 'auto'
set interfaces ethernet eth1 speed 'auto'
set interfaces loopback 'lo'
set protocols static route 0.0.0.0/0 next-hop '192.168.150.1'
set service https http-redirect 'enable'
set service ssh 'allow-root'
set service ssh 'disable-host-validation'
set service ssh listen-address '192.168.150.66'
set service ssh port '22'
set system config-management commit-revisions '20'
set system console device ttyS0 speed '9600'
set system host-name 'vyatta'
set system login user vyatta authentication encrypted-password '$1$4XHPj9eT$G3ww9B/pYDLSXC8YVvazP0'
set system login user vyatta level 'admin'
set system ntp server '0.vyatta.pool.ntp.org'
set system ntp server '1.vyatta.pool.ntp.org'
set system ntp server '2.vyatta.pool.ntp.org'
set system package auto-sync '1'
set system package repository supported components 'main'
set system package repository supported distribution 'stable'
set system package repository supported password ''
set system package repository supported url 'https://packages.vyatta.com/vyatta-supported'
set system package repository supported username ''
set system static-host-mapping host-name VyattaNet2 alias 'VyattaNet2'
set system static-host-mapping host-name VyattaNet2 inet '192.168.1.254'
set system syslog global facility all level 'notice'
set system syslog global facility protocols level 'debug'
set system time-zone 'GMT'
set vpn ipsec esp-group Azure compression 'disable'
set vpn ipsec esp-group Azure lifetime '3600'
set vpn ipsec esp-group Azure mode 'tunnel'
set vpn ipsec esp-group Azure pfs 'disable'
set vpn ipsec esp-group Azure proposal 1 encryption 'aes256'
set vpn ipsec esp-group Azure proposal 1 hash 'sha1'
set vpn ipsec ike-group Azure lifetime '28800'
set vpn ipsec ike-group Azure proposal 1 dh-group '2'
set vpn ipsec ike-group Azure proposal 1 encryption 'aes256'
set vpn ipsec ike-group Azure proposal 1 hash 'sha1'
set vpn ipsec ipsec-interfaces interface 'eth0'
set vpn ipsec logging log-modes 'all'
set vpn ipsec site-to-site peer 138.91.173.68 authentication mode 'pre-shared-secret'
set vpn ipsec site-to-site peer 138.91.173.68 authentication pre-shared-secret 'Uulj3uPATGcYaDPjDG5WAFouHSlhM7aT'
set vpn ipsec site-to-site peer 138.91.173.68 connection-type 'initiate'
set vpn ipsec site-to-site peer 138.91.173.68 default-esp-group 'Azure'
set vpn ipsec site-to-site peer 138.91.173.68 description 'Azure cloud Virtual Network Gateway'
set vpn ipsec site-to-site peer 138.91.173.68 ike-group 'Azure'
set vpn ipsec site-to-site peer 138.91.173.68 local-address '192.168.150.66'
set vpn ipsec site-to-site peer 138.91.173.68 tunnel 1 allow-nat-networks 'disable'
set vpn ipsec site-to-site peer 138.91.173.68 tunnel 1 allow-public-networks 'disable'
set vpn ipsec site-to-site peer 138.91.173.68 tunnel 1 local prefix '10.0.0.0/24'
set vpn ipsec site-to-site peer 138.91.173.68 tunnel 1 remote prefix '10.0.1.0/24'
vyatta@vyatta:~$

Contributors