Vyatta NOS documentation

Learn how to install, configure, and operate Vyatta Network Operating System (Vyatta NOS), which helps to drive our virtual networking and physical platforms portfolio.

Modify EAST's connection to WEST

This task modifies the connection from EAST to WEST to use RSA digital signatures for authentication.

In this example:

  • The authentication mode is changed from pre-shared secret to RSA digital signatures.
  • WEST's public key is specified as the remote key, under the identifier configured in.

To modify the site-to-site connection to use RSA configuration, perform the following steps:

Table 1. Configure EAST for RSA authentication
Step Command

Remove the pre-shared key.

vyatta@EAST# delete security vpn ipsec site-to-site peer 192.0.2.1 authentication pre-shared-secret

Change the authentication mode.

vyatta@EAST# set security vpn ipsec site-to-site peer 192.0.2.1 authentication mode rsa

Provide the identifier for WEST's digital signature.

vyatta@EAST# set security vpn ipsec site-to-site peer 192.0.2.1 authentication rsa-key-name WEST-key

Commit the configuration.

vyatta@EAST# commit

View the modified configuration for the site-to-site connection.

vyatta@EAST# show security vpn ipsec site-to-site peer 192.0.2.1

    authentication {
        mode rsa
        rsa-key WEST-key
    }
    default-esp-group ESP-1E
    ike-group IKE-1E
    local-address 192.0.2.33
    tunnel 1 {
        local {
            prefix 192.168.60.0/24
        }
        remote {
            prefix 192.168.40.0/24
        }
    }

View data plane interface dp0p1p1 address configuration. local-address is set to this address.

vyatta@EAST# show interfaces dataplane dp0p1p1 address

 address 192.0.2.33/27