Vyatta NOS documentation

Learn how to install, configure, and operate Vyatta Network Operating System (Vyatta NOS), which helps to drive our virtual networking and physical platforms portfolio.

Configure WEST

Creating a site-to-site connection to a peer with a dynamic IP address defines configuration changes for a new site-to-site connection to EAST. The main change is the IP address specification of the peer. This is set to 0.0.0.0 to represent “any” IP address. Because the IP address of the peer is unknown, WEST will not initiate connections to the peer. It will only receive connections from the peer.

To configure this connection, perform the following steps on WEST in configuration mode.

Table 1. Creating a site-to-site connection to a peer with a dynamic IP address
Step Command

Delete the previous configuration.

vyatta@WEST# delete security vpn ipsec site-to-site peer 192.0.2.33

Create the node for EAST and set the authentication mode.

vyatta@WEST# set security vpn ipsec site-to-site peer 0.0.0.0 authentication mode pre-shared-secret

Navigate to the node for the peer for easier editing.

vyatta@WEST# edit security vpn ipsec site-to-site peer 0.0.0.0

[edit security vpn ipsec site-to-site peer 0.0.0.0]

Provide the string that will be used to generate encryption keys.

vyatta@WEST# set authentication pre-shared-secret test_key_1

[edit security vpn ipsec site-to-site peer 0.0.0.0]

Specify the default ESP group for all tunnels.

vyatta@WEST# set default-esp-group ESP-1W

[edit security vpn ipsec site-to-site peer 0.0.0.0]

Specify the IKE group.

vyatta@WEST# set ike-group IKE-1W

[edit security vpn ipsec site-to-site peer 0.0.0.0]

Identify the IP address on this vRouter to be used for this connection.

vyatta@WEST# set local-address 192.0.2.1

[edit security vpn ipsec site-to-site peer 0.0.0.0]

Create a tunnel configuration, and provide the local subnet for this tunnel.

vyatta@WEST# set tunnel 1 local prefix 192.168.40.0/24

[edit security vpn ipsec site-to-site peer 0.0.0.0]

Provide the remote subnet for the tunnel.

vyatta@WEST# set tunnel 1 remote prefix 192.168.60.0/24

[edit security vpn ipsec site-to-site peer 0.0.0.0]

Return to the top of the configuration tree.

vyatta@WEST# top

Commit the configuration.

vyatta@WEST# commit

View the configuration for the site-to-site connection.

vyatta@WEST# show security vpn ipsec site-to-site peer 0.0.0.0

    authentication
        mode pre-shared-secret
        pre-shared-secret test_key_1
    }
    default-esp-group ESP-1W
    ike-group IKE-1W
    local-address 192.0.2.1
    tunnel 1 {
        local {
            prefix 192.168.40.0/24
        }
        remote {
            prefix 192.168.60.0/24
        }
    }

View data plane interface dp0p1p2 address configuration. local-address is set to this address.

vyatta@WEST# show interfaces dataplane dp0p1p2 address

 address 192.0.2.1/27