Vyatta Network OS Documentation

Learn how to install, configure and operate the Vyatta NOS, which helps drive our virtual networking & physical platforms portfolio.

Modify EAST's connection to WEST

This task modifies the connection from EAST to WEST to use RSA digital signatures for authentication.

In this example:

  • The authentication mode is changed from pre-shared secret to RSA digital signatures.
  • WEST's public key is specified as the remote key, under the identifier configured in.

To modify the site-to-site connection to use RSA configuration, perform the following steps:

Table 1. Configure EAST for RSA authentication
Step Command

Remove the pre-shared key.

vyatta@EAST# delete security vpn ipsec site-to-site peer 192.0.2.1 authentication pre-shared-secret

Change the authentication mode.

vyatta@EAST# set security vpn ipsec site-to-site peer 192.0.2.1 authentication mode rsa

Provide the identifier for WEST's digital signature.

vyatta@EAST# set security vpn ipsec site-to-site peer 192.0.2.1 authentication rsa-key-name WEST-key

Commit the configuration.

vyatta@EAST# commit

View the modified configuration for the site-to-site connection.

vyatta@EAST# show security vpn ipsec site-to-site peer 192.0.2.1

    authentication {
        mode rsa
        rsa-key WEST-key
    }
    default-esp-group ESP-1E
    ike-group IKE-1E
    local-address 192.0.2.33
    tunnel 1 {
        local {
            prefix 192.168.60.0/24
        }
        remote {
            prefix 192.168.40.0/24
        }
    }

View data plane interface dp0p1p1 address configuration. local-address is set to this address.

vyatta@EAST# show interfaces dataplane dp0p1p1 address

 address 192.0.2.33/27