Vyatta NOS documentation

Learn how to install, configure, and operate Vyatta Network Operating System (Vyatta NOS), which helps to drive our virtual networking and physical platforms portfolio.

Defining the IPsec tunnel on EAST

This task creates the IPsec tunnel from EAST to WEST.

  • EAST uses IP address 192.0.2.33 on dp0p1p1.
  • WEST uses IP address 192.0.2.1 on dp0p1p2.
  • The IKE group is IKE-1E.
  • The preshared secret is “test_key_1”.
  • All GRE traffic will be passed through the tunnel.

This examples assumes that you have already configured the following:

To create the IPsec tunnel from EAST to WEST, perform the following steps on EAST in configuration mode.

Table 1. Defining the IPsec tunnel from EAST to WEST
Step Command

Define the site-to-site connection to WEST. Set the authentication mode.

vyatta@EAST# set security vpn ipsec site-to-site peer 192.0.2.1 authentication mode pre-shared-secret

Navigate to the node for the peer for easier editing.

vyatta@EAST# edit security vpn ipsec site-to-site peer 192.0.2.1

[edit security vpn ipsec site-to-site peer 192.0.2.1]

Provide the string that will be used to authenticate the peers.

vyatta@EAST# set authentication pre-shared-secret test_key_1

[edit security vpn ipsec site-to-site peer 192.0.2.1]

Specify the default ESP group for all tunnels.

vyatta@EAST# set default-esp-group ESP-1E

[edit security vpn ipsec site-to-site peer 192.0.2.1]

Specify the IKE group.

vyatta@EAST# set ike-group IKE-1E

[edit security vpn ipsec site-to-site peer 192.0.2.1]

Identify the IP address on this vRouter to be used for this connection.

vyatta@EAST# set local-address 192.0.2.33

[edit security vpn ipsec site-to-site peer 192.0.2.1]

Specify that only GRE traffic will pass through the tunnel.

vyatta@EAST# set tunnel 1 protocol gre

[edit security vpn ipsec site-to-site peer 192.0.2.1]

Return to the top of the configuration hierarchy.

vyatta@EAST# top

Commit the configuration.

vyatta@EAST# commit

View the modified configuration.

vyatta@EAST# show security vpn ipsec site-to-site peer 192.0.2.1

 authentication
     mode pre-shared-secret
     pre-shared-secret test_key_1
 }
 default-esp-group ESP-1E
 ike-group IKE-1E
 local-address 192.0.2.33
 tunnel 1 {
     protocol gre
 }

View data plane interface dp0p1p1 address configuration. local-address is set to this address.

vyatta@EAST# show interfaces dataplane dp0p1p1 address address 192.0.2.33/27