VPN設計書
をテンプレートにして作成
[
トップ
] [
新規
|
一覧
|
単語検索
|
最終更新
|
ヘルプ
]
開始行:
*目標 [#qfaf9fd5]
+家庭内でVPN接続を利用する
+移動先3GからVPN接続を利用する
+みんなの家と繋ぐ
*設計 [#j56a6774]
-774宅にVPNサーバ設置
-それぞれのルータに設定
-そんくらい?
*サーバOS [#r412fbcc]
-Vyos
-EdgeOS
-Cisco
-Yamaha
*設定 [#f457853d]
** 福岡(EdgeRouter-X)用 Config [#tae65780]
set interfaces vti vti0 mtu '1436'
set interfaces loopback lo address '234.0.0.1/32'
commit
save
set interfaces vti vti0 address '192.168.250.234/30'
set vpn ipsec site-to-site peer 49.212.160.127 authentic...
set vpn ipsec site-to-site peer 49.212.160.127 authentic...
set vpn ipsec site-to-site peer 49.212.160.127 connectio...
set vpn ipsec site-to-site peer 49.212.160.127 default-e...
set vpn ipsec site-to-site peer 49.212.160.127 ike-group...
set vpn ipsec site-to-site peer 49.212.160.127 ikev2-rea...
set vpn ipsec site-to-site peer 49.212.160.127 local-add...
set vpn ipsec site-to-site peer 49.212.160.127 vti bind ...
set vpn ipsec site-to-site peer 49.212.160.127 vti esp-g...
set vpn ipsec esp-group ESP_SAKURA compression 'disable'
set vpn ipsec esp-group ESP_SAKURA lifetime '86400'
set vpn ipsec esp-group ESP_SAKURA mode 'tunnel'
set vpn ipsec esp-group ESP_SAKURA pfs 'dh-group2'
set vpn ipsec esp-group ESP_SAKURA proposal 1 encryption...
set vpn ipsec esp-group ESP_SAKURA proposal 1 hash 'sha2...
set vpn ipsec ike-group IKE_SAKURA dead-peer-detection a...
set vpn ipsec ike-group IKE_SAKURA dead-peer-detection i...
set vpn ipsec ike-group IKE_SAKURA dead-peer-detection t...
set vpn ipsec ike-group IKE_SAKURA ikev2-reauth 'no'
set vpn ipsec ike-group IKE_SAKURA key-exchange 'ikev1'
set vpn ipsec ike-group IKE_SAKURA lifetime '10800'
set vpn ipsec ike-group IKE_SAKURA proposal 1 dh-group '...
set vpn ipsec ike-group IKE_SAKURA proposal 1 encryption...
set vpn ipsec ike-group IKE_SAKURA proposal 1 hash 'sha2...
set vpn ipsec ipsec-interfaces interface 'eth0'
set vpn ipsec logging log-modes 'all'
set vpn ipsec nat-networks allowed-network '0.0.0.0/0'
set vpn ipsec nat-networks allowed-network '192.168.250....
set vpn ipsec nat-traversal 'enable'
set protocols bgp 65234 neighbor 192.168.254.2 password ...
set protocols bgp 65234 neighbor 192.168.254.2 remote-as...
set protocols bgp 65234 neighbor 192.168.254.2 update-so...
set protocols bgp 65234 network '192.168.XX.0/24' ★ Ed...
set protocols bgp 65234 network '192.168.250.0/24'
set protocols bgp 65234 parameters confederation identif...
set protocols bgp 65234 parameters confederation peers '...
commit
save
** 東京(Vyos)用 Config [#sd9ef7b3]
set interfaces vti vti0 address '192.168.250.230/30'
set interfaces vti vti0 mtu '1436'
set protocols bgp 65230 neighbor 192.168.250.1 password ...
set protocols bgp 65230 neighbor 192.168.250.1 remote-as...
set protocols bgp 65230 neighbor 192.168.250.1 update-so...
set protocols bgp 65230 network '192.168.50.0/24'
set protocols bgp 65230 network '192.168.252.0/24'
set protocols bgp 65230 network '192.168.254.0/24'
set protocols bgp 65230 parameters confederation identif...
set protocols bgp 65230 parameters confederation peers '...
set protocols bgp 65230 redistribute static route-map 'D...
set vpn ipsec esp-group ESP_SAKURA compression 'disable'
set vpn ipsec esp-group ESP_SAKURA lifetime '86400'
set vpn ipsec esp-group ESP_SAKURA mode 'tunnel'
set vpn ipsec esp-group ESP_SAKURA pfs 'dh-group2'
set vpn ipsec esp-group ESP_SAKURA proposal 1 encryption...
set vpn ipsec esp-group ESP_SAKURA proposal 1 hash 'sha2...
set vpn ipsec ike-group IKE_SAKURA dead-peer-detection a...
set vpn ipsec ike-group IKE_SAKURA dead-peer-detection i...
set vpn ipsec ike-group IKE_SAKURA dead-peer-detection t...
set vpn ipsec ike-group IKE_SAKURA ikev2-reauth 'no'
set vpn ipsec ike-group IKE_SAKURA key-exchange 'ikev1'
set vpn ipsec ike-group IKE_SAKURA lifetime '10800'
set vpn ipsec ike-group IKE_SAKURA proposal 1 dh-group '...
set vpn ipsec ike-group IKE_SAKURA proposal 1 encryption...
set vpn ipsec ike-group IKE_SAKURA proposal 1 hash 'sha2...
set vpn ipsec ipsec-interfaces interface 'eth0'
set vpn ipsec logging log-modes 'all'
set vpn ipsec nat-networks allowed-network '0.0.0.0/0'
set vpn ipsec nat-networks allowed-network '192.168.250....
set vpn ipsec nat-networks allowed-network '192.168.252....
set vpn ipsec nat-traversal 'enable'
set vpn ipsec site-to-site peer 49.212.160.127 authentic...
set vpn ipsec site-to-site peer 49.212.160.127 authentic...
set vpn ipsec site-to-site peer 49.212.160.127 connectio...
set vpn ipsec site-to-site peer 49.212.160.127 default-e...
set vpn ipsec site-to-site peer 49.212.160.127 ike-group...
set vpn ipsec site-to-site peer 49.212.160.127 ikev2-rea...
set vpn ipsec site-to-site peer 49.212.160.127 local-add...
set vpn ipsec site-to-site peer 49.212.160.127 vti bind ...
set vpn ipsec site-to-site peer 49.212.160.127 vti esp-g...
[[SekikenWiki]]
終了行:
*目標 [#qfaf9fd5]
+家庭内でVPN接続を利用する
+移動先3GからVPN接続を利用する
+みんなの家と繋ぐ
*設計 [#j56a6774]
-774宅にVPNサーバ設置
-それぞれのルータに設定
-そんくらい?
*サーバOS [#r412fbcc]
-Vyos
-EdgeOS
-Cisco
-Yamaha
*設定 [#f457853d]
** 福岡(EdgeRouter-X)用 Config [#tae65780]
set interfaces vti vti0 mtu '1436'
set interfaces loopback lo address '234.0.0.1/32'
commit
save
set interfaces vti vti0 address '192.168.250.234/30'
set vpn ipsec site-to-site peer 49.212.160.127 authentic...
set vpn ipsec site-to-site peer 49.212.160.127 authentic...
set vpn ipsec site-to-site peer 49.212.160.127 connectio...
set vpn ipsec site-to-site peer 49.212.160.127 default-e...
set vpn ipsec site-to-site peer 49.212.160.127 ike-group...
set vpn ipsec site-to-site peer 49.212.160.127 ikev2-rea...
set vpn ipsec site-to-site peer 49.212.160.127 local-add...
set vpn ipsec site-to-site peer 49.212.160.127 vti bind ...
set vpn ipsec site-to-site peer 49.212.160.127 vti esp-g...
set vpn ipsec esp-group ESP_SAKURA compression 'disable'
set vpn ipsec esp-group ESP_SAKURA lifetime '86400'
set vpn ipsec esp-group ESP_SAKURA mode 'tunnel'
set vpn ipsec esp-group ESP_SAKURA pfs 'dh-group2'
set vpn ipsec esp-group ESP_SAKURA proposal 1 encryption...
set vpn ipsec esp-group ESP_SAKURA proposal 1 hash 'sha2...
set vpn ipsec ike-group IKE_SAKURA dead-peer-detection a...
set vpn ipsec ike-group IKE_SAKURA dead-peer-detection i...
set vpn ipsec ike-group IKE_SAKURA dead-peer-detection t...
set vpn ipsec ike-group IKE_SAKURA ikev2-reauth 'no'
set vpn ipsec ike-group IKE_SAKURA key-exchange 'ikev1'
set vpn ipsec ike-group IKE_SAKURA lifetime '10800'
set vpn ipsec ike-group IKE_SAKURA proposal 1 dh-group '...
set vpn ipsec ike-group IKE_SAKURA proposal 1 encryption...
set vpn ipsec ike-group IKE_SAKURA proposal 1 hash 'sha2...
set vpn ipsec ipsec-interfaces interface 'eth0'
set vpn ipsec logging log-modes 'all'
set vpn ipsec nat-networks allowed-network '0.0.0.0/0'
set vpn ipsec nat-networks allowed-network '192.168.250....
set vpn ipsec nat-traversal 'enable'
set protocols bgp 65234 neighbor 192.168.254.2 password ...
set protocols bgp 65234 neighbor 192.168.254.2 remote-as...
set protocols bgp 65234 neighbor 192.168.254.2 update-so...
set protocols bgp 65234 network '192.168.XX.0/24' ★ Ed...
set protocols bgp 65234 network '192.168.250.0/24'
set protocols bgp 65234 parameters confederation identif...
set protocols bgp 65234 parameters confederation peers '...
commit
save
** 東京(Vyos)用 Config [#sd9ef7b3]
set interfaces vti vti0 address '192.168.250.230/30'
set interfaces vti vti0 mtu '1436'
set protocols bgp 65230 neighbor 192.168.250.1 password ...
set protocols bgp 65230 neighbor 192.168.250.1 remote-as...
set protocols bgp 65230 neighbor 192.168.250.1 update-so...
set protocols bgp 65230 network '192.168.50.0/24'
set protocols bgp 65230 network '192.168.252.0/24'
set protocols bgp 65230 network '192.168.254.0/24'
set protocols bgp 65230 parameters confederation identif...
set protocols bgp 65230 parameters confederation peers '...
set protocols bgp 65230 redistribute static route-map 'D...
set vpn ipsec esp-group ESP_SAKURA compression 'disable'
set vpn ipsec esp-group ESP_SAKURA lifetime '86400'
set vpn ipsec esp-group ESP_SAKURA mode 'tunnel'
set vpn ipsec esp-group ESP_SAKURA pfs 'dh-group2'
set vpn ipsec esp-group ESP_SAKURA proposal 1 encryption...
set vpn ipsec esp-group ESP_SAKURA proposal 1 hash 'sha2...
set vpn ipsec ike-group IKE_SAKURA dead-peer-detection a...
set vpn ipsec ike-group IKE_SAKURA dead-peer-detection i...
set vpn ipsec ike-group IKE_SAKURA dead-peer-detection t...
set vpn ipsec ike-group IKE_SAKURA ikev2-reauth 'no'
set vpn ipsec ike-group IKE_SAKURA key-exchange 'ikev1'
set vpn ipsec ike-group IKE_SAKURA lifetime '10800'
set vpn ipsec ike-group IKE_SAKURA proposal 1 dh-group '...
set vpn ipsec ike-group IKE_SAKURA proposal 1 encryption...
set vpn ipsec ike-group IKE_SAKURA proposal 1 hash 'sha2...
set vpn ipsec ipsec-interfaces interface 'eth0'
set vpn ipsec logging log-modes 'all'
set vpn ipsec nat-networks allowed-network '0.0.0.0/0'
set vpn ipsec nat-networks allowed-network '192.168.250....
set vpn ipsec nat-networks allowed-network '192.168.252....
set vpn ipsec nat-traversal 'enable'
set vpn ipsec site-to-site peer 49.212.160.127 authentic...
set vpn ipsec site-to-site peer 49.212.160.127 authentic...
set vpn ipsec site-to-site peer 49.212.160.127 connectio...
set vpn ipsec site-to-site peer 49.212.160.127 default-e...
set vpn ipsec site-to-site peer 49.212.160.127 ike-group...
set vpn ipsec site-to-site peer 49.212.160.127 ikev2-rea...
set vpn ipsec site-to-site peer 49.212.160.127 local-add...
set vpn ipsec site-to-site peer 49.212.160.127 vti bind ...
set vpn ipsec site-to-site peer 49.212.160.127 vti esp-g...
[[SekikenWiki]]
ページ名:
![[PukiWiki]](image/pukiwiki.png "[PukiWiki]")
