VyOS IPSEC AWS VPC

From Michael's Information Zone
Revision as of 12:49, 5 April 2018 by Michael.mast (talk | contribs) (→‎Steps)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Purpose

To create an IPSEC tunnel between a VyOS EC2 instance and remote hosts. In this example we will be connecting to a PFSense box. Then two more tunnels will be established for GRE use.

Steps

  • Make sure to set your banner
set system login banner pre-login "\n\nTHIS SYSTEM IS PROPERTY OF <Company name here>,\nUNNAUTHORIZED USE IS PROHIBITED!\n\n"
set system login banner post-login "\n\nYou are being monitored\n\n"
  • Create IPSEC profile
set vpn ipsec esp-group esp01 mode transport
set vpn ipsec esp-group esp01 pfs dh-group14
set vpn ipsec esp-group esp01 proposal 1 encryption aes256
set vpn ipsec esp-group esp01 proposal 1 hash sha256
set vpn ipsec ike-group ike01 dead-peer-detection action restart
set vpn ipsec ike-group ike01 proposal 1 dh-group 14
set vpn ipsec ike-group ike01 proposal 1 encryption aes256
set vpn ipsec ike-group ike01 proposal 1 hash sha256
set vpn ipsec ike-group ike01 key-exchange ikev2
set vpn ipsec site-to-site peer <peer IP or URL> authentication id <public IP>
set vpn ipsec site-to-site peer <peer IP or URL> authentication mode pre-shared-secret 
set vpn ipsec site-to-site peer <peer IP or URL> authentication pre-shared-secret <enter secret here>
set vpn ipsec site-to-site peer <peer IP or URL> connection-type initiate
set vpn ipsec site-to-site peer <peer IP or URL> ike-group ike01
set vpn ipsec site-to-site peer <peer IP or URL> local-address <private IP>