-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathconfig.boot
executable file
·178 lines (176 loc) · 4.24 KB
/
config.boot
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
interfaces {
ethernet eth0 {
address dhcp
duplex auto
hw-id 0a:0c:9b:49:69:0c
smp_affinity auto
speed auto
}
loopback lo {
}
vti vti0 {
address 169.254.255.38/30
description "VPC tunnel 1"
mtu 1436
}
vti vti1 {
address 169.254.255.34/30
description "VPC tunnel 2"
mtu 1436
}
}
protocols {
bgp 65000 {
neighbor 169.254.255.33 {
remote-as 7224
soft-reconfiguration {
inbound
}
timers {
holdtime 30
keepalive 30
}
}
neighbor 169.254.255.37 {
remote-as 7224
soft-reconfiguration {
inbound
}
timers {
holdtime 30
keepalive 30
}
}
network 10.0.0.0/16 {
}
network 10.0.1.0/24 {
}
}
}
service {
ssh {
disable-password-authentication
port 22
}
}
system {
config-management {
commit-revisions 20
}
console {
device ttyS0 {
speed 9600
}
}
host-name VyOS-AMI
login {
user vyos {
authentication {
encrypted-password "*"
public-keys vpc {
key xxxxxx
type ssh-rsa
}
}
level admin
}
}
ntp {
server 0.pool.ntp.org {
}
server 1.pool.ntp.org {
}
server 2.pool.ntp.org {
}
}
package {
auto-sync 1
repository community {
components main
distribution helium
password ""
url http://packages.vyos.net/vyos
username ""
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone UTC
}
vpn {
ipsec {
esp-group AWS {
compression disable
lifetime 3600
mode tunnel
pfs enable
proposal 1 {
encryption aes128
hash sha1
}
}
ike-group AWS {
dead-peer-detection {
action restart
interval 15
timeout 30
}
key-exchange ikev1
lifetime 28800
proposal 1 {
dh-group 2
encryption aes128
hash sha1
}
}
ipsec-interfaces {
interface eth0
}
nat-traversal enable
site-to-site {
peer 207.171.167.234 {
authentication {
id <EIP of this router>
mode pre-shared-secret
pre-shared-secret xxxxx
remote-id 207.171.167.234 # AWS US-East VPN Endpoint 1
}
connection-type initiate
description "VPC tunnel 1"
ike-group AWS
local-address 10.0.1.30 # Private ip of this router
vti {
bind vti0
esp-group AWS
}
}
peer 207.171.167.235 {
authentication {
id <EIP of this router>
mode pre-shared-secret
pre-shared-secret xxxxx
remote-id 207.171.167.235 # AWS US-East VPN Endpoint 2
}
connection-type initiate
description "VPC tunnel 2"
ike-group AWS
local-address 10.0.1.30 # Private ip of this router
vti {
bind vti1
esp-group AWS
}
}
}
}
}
/* Warning: Do not remove the following line. */
/* === vyatta-config-version: "cluster@1:config-management@1:conntrack-sync@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@4:nat@4:qos@1:quagga@2:system@6:vrrp@1:wanloadbalance@3:webgui@1:webproxy@1:zone-policy@1" === */
/* Release version: VyOS 1.1.0 */