Vyatta Network OS Documentation

Learn how to install, configure and operate the Vyatta NOS, which helps drive our virtual networking & physical platforms portfolio.

Modify WEST's connection to EAST

This task modifies the connection from WEST to EAST to use RSA digital signatures for authentication. In this example:

  • The authentication mode is changed from pre-shared secret to RSA digital signatures.
  • EAST's public key is specified as the remote key, under the identifier configured in Record EAST's public key on WEST.

To modify the site-to-site connection to use RSA configuration, perform the following steps:

Table 1. Configure WEST for RSA authentication
Step Command

Remove the pre-shared key.

vyatta@WEST# delete security vpn ipsec site-to-site peer 192.0.2.33 authentication pre-shared-secret

Change the authentication mode.

vyatta@WEST# set security vpn ipsec site-to-site peer 192.0.2.33 authentication mode rsa

Provide the identifier for EAST's digital signature.

vyatta@WEST# set security vpn ipsec site-to-site peer 192.0.2.33 authentication rsa-key-name EAST-key

Commit the configuration.

vyatta@WEST# commit

View the modified configuration for the site-to-site connection.

vyatta@WEST# show security vpn ipsec site-to-site peer 192.0.2.33

    authentication {
        mode rsa
        rsa-key-name EAST-key
    }
    default-esp-group ESP-1W
    ike-group IKE-1W
    local-address 192.0.2.1
    tunnel 1 {
        local {
            prefix 192.168.40.0/24
        }
        remote {
            prefix 192.168.60.0/24
        }
    }

View data plane interface dp0p1p2 address configuration. local-address is set to this address.

vyatta@WEST# show interfaces dataplane dp0p1p2 address address 192.0.2.1/27