interface
- external: eth0
- internal: eth1
(ここで使ったnetwork構成だと、eth0が同一のsubnetなのでvpnしなくてもrouting設定するだけでいいんだけど、実験のためにvpnやってみてる)
vyatta | vyatta1 | vyatta2 |
eth0 | 192.168.0.254/24 | 192.168.0.253/24 |
eth1 | 10.0.1.254/24 | 10.0.2.254/24 |
vyatta1
$ configure # set vpn ipsetc ipsec-interfaces interface eth0 #### phase 1 # set vpn ipsec ike-group ike1 lifetime 28800 # set vpn ipsec ike-group ike1 proposal 1 dh-group 2 # set vpn ipsec ike-group ike1 proposal 1 encryption aes128 # set vpn ipsec ike-group ike1 proposal 1 hash sha1 #### phase 2 # set vpn ipsec esp-group esp1 pfs enable # set vpn ipsec esp-group esp1 proposal 1 encryption aes128 # set vpn ipsec esp-group esp1 proposal 1 hash sha1 #### peer # set vpn ipsec site-to-site peer 192.168.0.253 # edit vpn ipsec site-to-site peer 192.168.0.253 # set authentication mode pre-shared-secret # set authentication pre-shared-secret "hogehoge" # set ike-group ike1 # set local-ip 192.168.0.254 # set tunnel 1 esp-group esp1 # set tunnel 1 local subnet 10.0.1.0/24 # set tunnel 1 remote subnet 10.0.2.0/24
vyatta2
省略。vpnの設定値は基本的にvyatta1と同じにして、peer のアドレス、local subnet, remote subnet 等を入れ替えて設定すれば良い。
確認
コマンド忘れた。たぶん show vpn なんたらでいい。