VPN設計書
の編集
[
トップ
] [
編集
|
差分
|
バックアップ
|
添付
|
リロード
] [
新規
|
一覧
|
単語検索
|
最終更新
|
ヘルプ
]
-- 雛形とするページ --
12GW
AutoTicketLinkName
Comments/一行日記
DNSサービス
Excel小技メモ
FMV-S8210
FreeBSD
FreeBSDマニュアル
FreeNASマニュアル/02ネットワーク
FreeNASマニュアル/05アクセス
FreeNASマニュアル/09ヘルプ
FreeNAS公開
Gentoo_Linux
Help/Plugin
Help/Plugin/E
Help/Plugin/H
Help/Plugin/K
Help/Plugin/S
Help/Plugin/Y
imgboardR7 掲示板
InterWikiSandBox
Linux入門
MariaDB
MenuBar
PCの掃除と高速化
Perl
PukiWiki/1.4/Manual/Plugin/E-G
PukiWiki/1.4/Manual/Plugin/S-U
Radiko中継サービス
RIP
routeadm
SekikenWiki
Slack
techsup冗長化
Ubuntu
Vyatta
WikiWikiWeb
WindowsServer2008マニュアル
Windows_Moblie
YukiWiki
Zabbix
お名前VPSリプレイス計画
インフラ整備(byo)
ゲーム実況(計画編)
コミュニケーションと自己発見1
コメント/自炊日記
コメントテスト
サーバメモ
スタティックルート
セキュアOS
メッセンジャー経由で感染するウイルスについて
メメタァ
一行日記
事業計画書「HDD」
会計学入門2
作成案/CM001
作成案/CM002
作成案/CM003
倫理と社会1
切り札
初級システムアドミニストレータ
初音ミク
動画エンコード検証
勢い
取得済資格一覧
唐津バーガー
問題提起
地球と環境2
年寄りの冷や水
心理学1
応用インターネット入門2
情報数学
政治学入門2
文化とコミュニケーション1
文化とデザイン2
文学1
日記ログ/2012年
日記ログ/2013年/01月
日記ログ/2013年/02月
日記ログ/2013年/04月
日記ログ/2013年/06月
日記ログ/2013年/08月
日記ログ/2013年/09月
日記ログ/2013年/10月
日記ログ/2013年/11月
日記ログ/2015年/12月
日記ログ/2017年/10月
日記ログ/2023年
機器選定
歴史1
研究会一覧
経営学総論1
経営情報システム1
経営戦略論1
自動化研究会
葉っぱ的生活変更点まとめ
速攻魔法
適当作品集
鍋
雪遊び
...
*目標 [#qfaf9fd5] +家庭内でVPN接続を利用する +移動先3GからVPN接続を利用する +みんなの家と繋ぐ *設計 [#j56a6774] -774宅にVPNサーバ設置 -それぞれのルータに設定 -そんくらい? *サーバOS [#r412fbcc] -Vyos -EdgeOS -Cisco -Yamaha *設定 [#f457853d] ** 福岡(EdgeRouter-X)用 Config [#tae65780] set interfaces vti vti0 mtu '1436' set interfaces loopback lo address '234.0.0.1/32' commit save set interfaces vti vti0 address '192.168.250.234/30' set vpn ipsec site-to-site peer 49.212.160.127 authentication mode 'pre-shared-secret' set vpn ipsec site-to-site peer 49.212.160.127 authentication pre-shared-secret 'Sekiken!' set vpn ipsec site-to-site peer 49.212.160.127 connection-type 'initiate' set vpn ipsec site-to-site peer 49.212.160.127 default-esp-group 'ESP_SAKURA' set vpn ipsec site-to-site peer 49.212.160.127 ike-group 'IKE_SAKURA' set vpn ipsec site-to-site peer 49.212.160.127 ikev2-reauth 'inherit' set vpn ipsec site-to-site peer 49.212.160.127 local-address any set vpn ipsec site-to-site peer 49.212.160.127 vti bind 'vti0' set vpn ipsec site-to-site peer 49.212.160.127 vti esp-group 'ESP_SAKURA' set vpn ipsec esp-group ESP_SAKURA compression 'disable' set vpn ipsec esp-group ESP_SAKURA lifetime '86400' set vpn ipsec esp-group ESP_SAKURA mode 'tunnel' set vpn ipsec esp-group ESP_SAKURA pfs 'dh-group2' set vpn ipsec esp-group ESP_SAKURA proposal 1 encryption 'aes256' set vpn ipsec esp-group ESP_SAKURA proposal 1 hash 'sha256' set vpn ipsec ike-group IKE_SAKURA dead-peer-detection action 'hold' set vpn ipsec ike-group IKE_SAKURA dead-peer-detection interval '30' set vpn ipsec ike-group IKE_SAKURA dead-peer-detection timeout '120' set vpn ipsec ike-group IKE_SAKURA ikev2-reauth 'no' set vpn ipsec ike-group IKE_SAKURA key-exchange 'ikev1' set vpn ipsec ike-group IKE_SAKURA lifetime '10800' set vpn ipsec ike-group IKE_SAKURA proposal 1 dh-group '14' set vpn ipsec ike-group IKE_SAKURA proposal 1 encryption 'aes256' set vpn ipsec ike-group IKE_SAKURA proposal 1 hash 'sha256' set vpn ipsec ipsec-interfaces interface 'eth0' set vpn ipsec logging log-modes 'all' set vpn ipsec nat-networks allowed-network '0.0.0.0/0' set vpn ipsec nat-networks allowed-network '192.168.250.0/24' set vpn ipsec nat-traversal 'enable' set protocols bgp 65234 neighbor 192.168.254.2 password 'Bgp64600!' set protocols bgp 65234 neighbor 192.168.254.2 remote-as '64600' set protocols bgp 65234 neighbor 192.168.254.2 update-source 'lo' set protocols bgp 65234 network '192.168.XX.0/24' ★ EdgeRouter-X がいるLANのネットワークを指定 set protocols bgp 65234 network '192.168.250.0/24' set protocols bgp 65234 parameters confederation identifier '65000' set protocols bgp 65234 parameters confederation peers '64600' commit save ** 東京(Vyos)用 Config [#sd9ef7b3] set interfaces vti vti0 address '192.168.250.230/30' set interfaces vti vti0 mtu '1436' set protocols bgp 65230 neighbor 192.168.250.1 password 'Bgp64600!' set protocols bgp 65230 neighbor 192.168.250.1 remote-as '64600' set protocols bgp 65230 neighbor 192.168.250.1 update-source 'lo' set protocols bgp 65230 network '192.168.50.0/24' set protocols bgp 65230 network '192.168.252.0/24' set protocols bgp 65230 network '192.168.254.0/24' set protocols bgp 65230 parameters confederation identifier '65000' set protocols bgp 65230 parameters confederation peers '64600' set protocols bgp 65230 redistribute static route-map 'Disable-Redist-table-1' set vpn ipsec esp-group ESP_SAKURA compression 'disable' set vpn ipsec esp-group ESP_SAKURA lifetime '86400' set vpn ipsec esp-group ESP_SAKURA mode 'tunnel' set vpn ipsec esp-group ESP_SAKURA pfs 'dh-group2' set vpn ipsec esp-group ESP_SAKURA proposal 1 encryption 'aes256' set vpn ipsec esp-group ESP_SAKURA proposal 1 hash 'sha256' set vpn ipsec ike-group IKE_SAKURA dead-peer-detection action 'hold' set vpn ipsec ike-group IKE_SAKURA dead-peer-detection interval '30' set vpn ipsec ike-group IKE_SAKURA dead-peer-detection timeout '120' set vpn ipsec ike-group IKE_SAKURA ikev2-reauth 'no' set vpn ipsec ike-group IKE_SAKURA key-exchange 'ikev1' set vpn ipsec ike-group IKE_SAKURA lifetime '10800' set vpn ipsec ike-group IKE_SAKURA proposal 1 dh-group '14' set vpn ipsec ike-group IKE_SAKURA proposal 1 encryption 'aes256' set vpn ipsec ike-group IKE_SAKURA proposal 1 hash 'sha256' set vpn ipsec ipsec-interfaces interface 'eth0' set vpn ipsec logging log-modes 'all' set vpn ipsec nat-networks allowed-network '0.0.0.0/0' set vpn ipsec nat-networks allowed-network '192.168.250.0/24' set vpn ipsec nat-networks allowed-network '192.168.252.0/24' set vpn ipsec nat-traversal 'enable' set vpn ipsec site-to-site peer 49.212.160.127 authentication mode 'pre-shared-secret' set vpn ipsec site-to-site peer 49.212.160.127 authentication pre-shared-secret 'Sekiken!' set vpn ipsec site-to-site peer 49.212.160.127 connection-type 'initiate' set vpn ipsec site-to-site peer 49.212.160.127 default-esp-group 'ESP_SAKURA' set vpn ipsec site-to-site peer 49.212.160.127 ike-group 'IKE_SAKURA' set vpn ipsec site-to-site peer 49.212.160.127 ikev2-reauth 'inherit' set vpn ipsec site-to-site peer 49.212.160.127 local-address '192.168.50.230' set vpn ipsec site-to-site peer 49.212.160.127 vti bind 'vti0' set vpn ipsec site-to-site peer 49.212.160.127 vti esp-group 'ESP_SAKURA' [[SekikenWiki]]
タイムスタンプを変更しない
*目標 [#qfaf9fd5] +家庭内でVPN接続を利用する +移動先3GからVPN接続を利用する +みんなの家と繋ぐ *設計 [#j56a6774] -774宅にVPNサーバ設置 -それぞれのルータに設定 -そんくらい? *サーバOS [#r412fbcc] -Vyos -EdgeOS -Cisco -Yamaha *設定 [#f457853d] ** 福岡(EdgeRouter-X)用 Config [#tae65780] set interfaces vti vti0 mtu '1436' set interfaces loopback lo address '234.0.0.1/32' commit save set interfaces vti vti0 address '192.168.250.234/30' set vpn ipsec site-to-site peer 49.212.160.127 authentication mode 'pre-shared-secret' set vpn ipsec site-to-site peer 49.212.160.127 authentication pre-shared-secret 'Sekiken!' set vpn ipsec site-to-site peer 49.212.160.127 connection-type 'initiate' set vpn ipsec site-to-site peer 49.212.160.127 default-esp-group 'ESP_SAKURA' set vpn ipsec site-to-site peer 49.212.160.127 ike-group 'IKE_SAKURA' set vpn ipsec site-to-site peer 49.212.160.127 ikev2-reauth 'inherit' set vpn ipsec site-to-site peer 49.212.160.127 local-address any set vpn ipsec site-to-site peer 49.212.160.127 vti bind 'vti0' set vpn ipsec site-to-site peer 49.212.160.127 vti esp-group 'ESP_SAKURA' set vpn ipsec esp-group ESP_SAKURA compression 'disable' set vpn ipsec esp-group ESP_SAKURA lifetime '86400' set vpn ipsec esp-group ESP_SAKURA mode 'tunnel' set vpn ipsec esp-group ESP_SAKURA pfs 'dh-group2' set vpn ipsec esp-group ESP_SAKURA proposal 1 encryption 'aes256' set vpn ipsec esp-group ESP_SAKURA proposal 1 hash 'sha256' set vpn ipsec ike-group IKE_SAKURA dead-peer-detection action 'hold' set vpn ipsec ike-group IKE_SAKURA dead-peer-detection interval '30' set vpn ipsec ike-group IKE_SAKURA dead-peer-detection timeout '120' set vpn ipsec ike-group IKE_SAKURA ikev2-reauth 'no' set vpn ipsec ike-group IKE_SAKURA key-exchange 'ikev1' set vpn ipsec ike-group IKE_SAKURA lifetime '10800' set vpn ipsec ike-group IKE_SAKURA proposal 1 dh-group '14' set vpn ipsec ike-group IKE_SAKURA proposal 1 encryption 'aes256' set vpn ipsec ike-group IKE_SAKURA proposal 1 hash 'sha256' set vpn ipsec ipsec-interfaces interface 'eth0' set vpn ipsec logging log-modes 'all' set vpn ipsec nat-networks allowed-network '0.0.0.0/0' set vpn ipsec nat-networks allowed-network '192.168.250.0/24' set vpn ipsec nat-traversal 'enable' set protocols bgp 65234 neighbor 192.168.254.2 password 'Bgp64600!' set protocols bgp 65234 neighbor 192.168.254.2 remote-as '64600' set protocols bgp 65234 neighbor 192.168.254.2 update-source 'lo' set protocols bgp 65234 network '192.168.XX.0/24' ★ EdgeRouter-X がいるLANのネットワークを指定 set protocols bgp 65234 network '192.168.250.0/24' set protocols bgp 65234 parameters confederation identifier '65000' set protocols bgp 65234 parameters confederation peers '64600' commit save ** 東京(Vyos)用 Config [#sd9ef7b3] set interfaces vti vti0 address '192.168.250.230/30' set interfaces vti vti0 mtu '1436' set protocols bgp 65230 neighbor 192.168.250.1 password 'Bgp64600!' set protocols bgp 65230 neighbor 192.168.250.1 remote-as '64600' set protocols bgp 65230 neighbor 192.168.250.1 update-source 'lo' set protocols bgp 65230 network '192.168.50.0/24' set protocols bgp 65230 network '192.168.252.0/24' set protocols bgp 65230 network '192.168.254.0/24' set protocols bgp 65230 parameters confederation identifier '65000' set protocols bgp 65230 parameters confederation peers '64600' set protocols bgp 65230 redistribute static route-map 'Disable-Redist-table-1' set vpn ipsec esp-group ESP_SAKURA compression 'disable' set vpn ipsec esp-group ESP_SAKURA lifetime '86400' set vpn ipsec esp-group ESP_SAKURA mode 'tunnel' set vpn ipsec esp-group ESP_SAKURA pfs 'dh-group2' set vpn ipsec esp-group ESP_SAKURA proposal 1 encryption 'aes256' set vpn ipsec esp-group ESP_SAKURA proposal 1 hash 'sha256' set vpn ipsec ike-group IKE_SAKURA dead-peer-detection action 'hold' set vpn ipsec ike-group IKE_SAKURA dead-peer-detection interval '30' set vpn ipsec ike-group IKE_SAKURA dead-peer-detection timeout '120' set vpn ipsec ike-group IKE_SAKURA ikev2-reauth 'no' set vpn ipsec ike-group IKE_SAKURA key-exchange 'ikev1' set vpn ipsec ike-group IKE_SAKURA lifetime '10800' set vpn ipsec ike-group IKE_SAKURA proposal 1 dh-group '14' set vpn ipsec ike-group IKE_SAKURA proposal 1 encryption 'aes256' set vpn ipsec ike-group IKE_SAKURA proposal 1 hash 'sha256' set vpn ipsec ipsec-interfaces interface 'eth0' set vpn ipsec logging log-modes 'all' set vpn ipsec nat-networks allowed-network '0.0.0.0/0' set vpn ipsec nat-networks allowed-network '192.168.250.0/24' set vpn ipsec nat-networks allowed-network '192.168.252.0/24' set vpn ipsec nat-traversal 'enable' set vpn ipsec site-to-site peer 49.212.160.127 authentication mode 'pre-shared-secret' set vpn ipsec site-to-site peer 49.212.160.127 authentication pre-shared-secret 'Sekiken!' set vpn ipsec site-to-site peer 49.212.160.127 connection-type 'initiate' set vpn ipsec site-to-site peer 49.212.160.127 default-esp-group 'ESP_SAKURA' set vpn ipsec site-to-site peer 49.212.160.127 ike-group 'IKE_SAKURA' set vpn ipsec site-to-site peer 49.212.160.127 ikev2-reauth 'inherit' set vpn ipsec site-to-site peer 49.212.160.127 local-address '192.168.50.230' set vpn ipsec site-to-site peer 49.212.160.127 vti bind 'vti0' set vpn ipsec site-to-site peer 49.212.160.127 vti esp-group 'ESP_SAKURA' [[SekikenWiki]]
テキスト整形のルールを表示する
![[PukiWiki]](image/pukiwiki.png "[PukiWiki]")
