Vyatta NOS documentation

Learn how to install, configure, and operate Vyatta Network Operating System (Vyatta NOS), which helps to drive our virtual networking and physical platforms portfolio.

Configure strongSwan (Fedora/RHEL/Centos site-to-site)

An example of how to configure strongSwan on each peer in the IPsec site-to-site VPN use case.

  1. Edit the text file at /etc/strongswan/swanctl/conf.d/devcloud1.conf: Copy and paste this configuration into the file.
    connections {
      devcloud1 {
        local_addrs = 172.16.0.4
        remote_addrs = 10.10.2.3
        dpd_delay = 60s
        rekey_time = 4h
        proposals = aes128gcm128-sha2_256-ecp256
        version = 2
     
        local {
          auth = pubkey
          certs = /etc/strongswan/ipsec.d/certs/devcloud1.vpn.am.crt
          id = devcloud1.vpn.am
        }
     
        remote {
          auth = pubkey
          id = server.vpn.am
        }
     
        children {
          tunnel-1 {
            local_ts = 0.0.0.0/0
            remote_ts = 0.0.0.0/0
            mark_in = 42
            mark_out = 42
            rekey_time = 1h
            esp_proposals = aes128gcm128-ecp256
            dpd_action = restart
          }
        }
      }
    }
  2. Save your changes to the file.