VPN設計書の変更点

追加された行はこの色です。
削除された行はこの色です。
VPN設計書へ行く。
VPN設計書の差分を削除
*目標 [#qfaf9fd5]
+家庭内でVPN接続を利用する
+移動先3GからVPN接続を利用する
+みんなの家と繋ぐ

*設計 [#j56a6774]
-774宅にVPNサーバ設置
-それぞれのルータに設定
-そんくらい？

*サーバOS [#r412fbcc]
-Vyos
-EdgeOS
-Cisco
-Yamaha

*設定 [#f457853d]
** 福岡(EdgeRouter-X)用 Config [#tae65780]
 
 set interfaces vti vti0 mtu '1436'
 set interfaces loopback lo address '234.0.0.1/32'
 commit
 save
 
 set interfaces vti vti0 address '192.168.250.234/30'
 
 set vpn ipsec site-to-site peer 49.212.160.127 authentication mode 'pre-shared-secret'
 set vpn ipsec site-to-site peer 49.212.160.127 authentication pre-shared-secret 'Sekiken!'
 set vpn ipsec site-to-site peer 49.212.160.127 connection-type 'initiate'
 set vpn ipsec site-to-site peer 49.212.160.127 default-esp-group 'ESP_SAKURA'
 set vpn ipsec site-to-site peer 49.212.160.127 ike-group 'IKE_SAKURA'
 set vpn ipsec site-to-site peer 49.212.160.127 ikev2-reauth 'inherit'
 set vpn ipsec site-to-site peer 49.212.160.127 local-address any
 set vpn ipsec site-to-site peer 49.212.160.127 vti bind 'vti0'
 set vpn ipsec site-to-site peer 49.212.160.127 vti esp-group 'ESP_SAKURA'
 
 set vpn ipsec esp-group ESP_SAKURA compression 'disable'
 set vpn ipsec esp-group ESP_SAKURA lifetime '86400'
 set vpn ipsec esp-group ESP_SAKURA mode 'tunnel'
 set vpn ipsec esp-group ESP_SAKURA pfs 'dh-group2'
 set vpn ipsec esp-group ESP_SAKURA proposal 1 encryption 'aes256'
 set vpn ipsec esp-group ESP_SAKURA proposal 1 hash 'sha256'
 
 set vpn ipsec ike-group IKE_SAKURA dead-peer-detection action 'hold'
 set vpn ipsec ike-group IKE_SAKURA dead-peer-detection interval '30'
 set vpn ipsec ike-group IKE_SAKURA dead-peer-detection timeout '120'
 set vpn ipsec ike-group IKE_SAKURA ikev2-reauth 'no'
 set vpn ipsec ike-group IKE_SAKURA key-exchange 'ikev1'
 set vpn ipsec ike-group IKE_SAKURA lifetime '10800'
 set vpn ipsec ike-group IKE_SAKURA proposal 1 dh-group '14'
 set vpn ipsec ike-group IKE_SAKURA proposal 1 encryption 'aes256'
 set vpn ipsec ike-group IKE_SAKURA proposal 1 hash 'sha256'
 set vpn ipsec ipsec-interfaces interface 'eth0'
 set vpn ipsec logging log-modes 'all'
 set vpn ipsec nat-networks allowed-network '0.0.0.0/0'
 set vpn ipsec nat-networks allowed-network '192.168.250.0/24'
 set vpn ipsec nat-traversal 'enable'
 
 set protocols bgp 65234 neighbor 192.168.254.2 password 'Bgp64600!'
 set protocols bgp 65234 neighbor 192.168.254.2 remote-as '64600'
 set protocols bgp 65234 neighbor 192.168.254.2 update-source 'lo'
 set protocols bgp 65234 network '192.168.XX.0/24'   ★ EdgeRouter-X がいるLANのネットワークを指定
 set protocols bgp 65234 network '192.168.250.0/24'
 set protocols bgp 65234 parameters confederation identifier '65000'
 set protocols bgp 65234 parameters confederation peers '64600'
 
 
 commit
 save

** 東京(Vyos)用 Config [#sd9ef7b3]
 
 set interfaces vti vti0 address '192.168.250.230/30'
 set interfaces vti vti0 mtu '1436'
 
 set protocols bgp 65230 neighbor 192.168.254.2 password 'Bgp64600!'
 set protocols bgp 65230 neighbor 192.168.254.2 remote-as '64600'
 set protocols bgp 65230 neighbor 192.168.254.2 update-source 'lo'
 set protocols bgp 65230 neighbor 192.168.250.1 password 'Bgp64600!'
 set protocols bgp 65230 neighbor 192.168.250.1 remote-as '64600'
 set protocols bgp 65230 neighbor 192.168.250.1 update-source 'lo'
 set protocols bgp 65230 network '192.168.50.0/24'
 set protocols bgp 65230 network '192.168.252.0/24'
 set protocols bgp 65230 network '192.168.254.0/24'
 set protocols bgp 65230 parameters confederation identifier '65000'
 set protocols bgp 65230 parameters confederation peers '64600'
 set protocols bgp 65230 redistribute static route-map 'Disable-Redist-table-1'
 
 set vpn ipsec esp-group ESP_SAKURA compression 'disable'
 set vpn ipsec esp-group ESP_SAKURA lifetime '86400'
 set vpn ipsec esp-group ESP_SAKURA mode 'tunnel'
 set vpn ipsec esp-group ESP_SAKURA pfs 'dh-group2'
 set vpn ipsec esp-group ESP_SAKURA proposal 1 encryption 'aes256'
 set vpn ipsec esp-group ESP_SAKURA proposal 1 hash 'sha256'
 
 set vpn ipsec ike-group IKE_SAKURA dead-peer-detection action 'hold'
 set vpn ipsec ike-group IKE_SAKURA dead-peer-detection interval '30'
 set vpn ipsec ike-group IKE_SAKURA dead-peer-detection timeout '120'
 set vpn ipsec ike-group IKE_SAKURA ikev2-reauth 'no'
 set vpn ipsec ike-group IKE_SAKURA key-exchange 'ikev1'
 set vpn ipsec ike-group IKE_SAKURA lifetime '10800'
 set vpn ipsec ike-group IKE_SAKURA proposal 1 dh-group '14'
 set vpn ipsec ike-group IKE_SAKURA proposal 1 encryption 'aes256'
 set vpn ipsec ike-group IKE_SAKURA proposal 1 hash 'sha256'
 
 set vpn ipsec ipsec-interfaces interface 'eth0'
 set vpn ipsec logging log-modes 'all'
 set vpn ipsec nat-networks allowed-network '0.0.0.0/0'
 set vpn ipsec nat-networks allowed-network '192.168.250.0/24'
 set vpn ipsec nat-networks allowed-network '192.168.252.0/24'
 set vpn ipsec nat-traversal 'enable'
 
 set vpn ipsec site-to-site peer 49.212.160.127 authentication mode 'pre-shared-secret'
 set vpn ipsec site-to-site peer 49.212.160.127 authentication pre-shared-secret 'Sekiken!'
 set vpn ipsec site-to-site peer 49.212.160.127 connection-type 'initiate'
 set vpn ipsec site-to-site peer 49.212.160.127 default-esp-group 'ESP_SAKURA'
 set vpn ipsec site-to-site peer 49.212.160.127 ike-group 'IKE_SAKURA'
 set vpn ipsec site-to-site peer 49.212.160.127 ikev2-reauth 'inherit'
 set vpn ipsec site-to-site peer 49.212.160.127 local-address '192.168.50.230'
 set vpn ipsec site-to-site peer 49.212.160.127 vti bind 'vti0'
 set vpn ipsec site-to-site peer 49.212.160.127 vti esp-group 'ESP_SAKURA'



[[SekikenWiki]]
VPN設計書 の変更点

VPN設計書の変更点
