IPsec RA VPN client (Vyatta NOS)
An example configuration for the Vyatta NOS IPsec RA VPN client.
Example configuration with IKEv2
set interfaces dataplane dp0s0 address 172.16.0.8/24
set security vpn ike make-before-break
set security vpn ipsec esp-group ESP1 proposal 1 encryption aes128gcm128
set security vpn ipsec esp-group ESP1 proposal 1 hash null
set security vpn ipsec ike-group IKE1 dead-peer-detection action clear
set security vpn ipsec ike-group IKE1 dead-peer-detection interval 60
set security vpn ipsec ike-group IKE1 ike-version 2
set security vpn ipsec ike-group IKE1 proposal 1 dh-group 19
set security vpn ipsec ike-group IKE1 proposal 1 encryption aes128gcm128
set security vpn ipsec ike-group IKE1 proposal 1 hash sha2_512
set security vpn ipsec remote-access-client profile CORPORATE authentication mode x509
set security vpn ipsec remote-access-client profile CORPORATE authentication x509 cert-file /config/auth/devcloud2.vpn.am.crt
set security vpn ipsec remote-access-client profile CORPORATE authentication x509 key file /config/auth/devcloud2.vpn.am.key
set security vpn ipsec remote-access-client profile CORPORATE backoff reconnect base 1
setTsecurity vpn ipsec remote-access-client profile CORPORATE backoff reconnect delay 20
set security vpn ipsec remote-access-client profile CORPORATE backoff servers base 1
set security vpn ipsec remote-access-client profile CORPORATE backoff servers delay 20
set security vpn ipsec remote-access-client profile CORPORATE esp-group ESP1
set security vpn ipsec remote-access-client profile CORPORATE ike-group IKE1
set security vpn ipsec remote-access-client profile CORPORATE server 10.10.2.3
set security vpn ipsec remote-access-client profile CORPORATE tunnel 1 local network 10.200.0.0/24
set security vpn ipsec remote-access-client profile CORPORATE tunnel 1 remote network 10.90.9.0/24
set security vpn x509 ca-certs /config/auth/root-ca.crt
This example configuration will result in an IPsec SA traffic selector installation like this:
(local) 10.200.0.0/24 === (remote) 10.90.9.0/24