Vyatta NOS documentation

Learn how to install, configure, and operate Vyatta Network Operating System (Vyatta NOS), which helps to drive our virtual networking and physical platforms portfolio.

Defining the IPsec tunnel on WEST

Defining the IPsec tunnel from WEST to EAST creates the IPsec tunnel from WEST to EAST.

  • WEST uses IP address 192.0.2.1 on dp0p1p2.
  • EAST uses IP address 192.0.2.33 on dp0p1p1.
  • The IKE group is IKE-1W.
  • The preshared secret is “test_key_1”.
  • All GRE traffic will be passed through the tunnel.

This examples assumes that you have already configured the following:

To create the IPsec tunnel from WEST to EAST, perform the following steps on WEST in configuration mode.

Table 1. Defining the IPsec tunnel from WEST to EAST
Step Command

Define the site-to-site connection to EAST. Set the authentication mode.

vyatta@WEST# set security vpn ipsec site-to-site peer 192.0.2.33 authentication mode pre-shared-secret

Navigate to the node for the peer for easier editing.

vyatta@WEST# edit security vpn ipsec site-to-site peer 192.0.2.33

[edit security vpn ipsec site-to-site peer 192.0.2.33]

Provide the string that will be used to authenticate the peers.

vyatta@WEST# set authentication pre-shared-secret test_key_1

[edit security vpn ipsec site-to-site peer 192.0.2.33]

Specify the default ESP group for all tunnels.

vyatta@WEST# set default-esp-group ESP-1W

[edit security vpn ipsec site-to-site peer 192.0.2.33]

Specify the IKE group.

vyatta@WEST# set ike-group IKE-1W

[edit security vpn ipsec site-to-site peer 192.0.2.33]

Identify the IP address on this vRouter to be used for this connection.

vyatta@WEST# set local-address 192.0.2.1

[edit security vpn ipsec site-to-site peer 192.0.2.33]

Specify that only GRE traffic will pass through the tunnel.

vyatta@WEST# set tunnel 1 protocol gre

[edit security vpn ipsec site-to-site peer 192.0.2.33]

Return to the top of the configuration hierarchy.

vyatta@WEST# top

Commit the configuration.

vyatta@WEST# commit

View the modified configuration.

vyatta@WEST# show security vpn ipsec site-to-site peer 192.0.2.33

 authentication
     mode pre-shared-secret
     pre-shared-secret test_key_1
 }
 default-esp-group ESP-1W
 ike-group IKE-1W
 local-address 192.0.2.1
 tunnel 1 {
     protocol gre
 }