VyOS IPSEC AWS VPC
Purpose
To create an IPSEC tunnel between a VyOS EC2 instance and remote hosts. In this example we will be connecting to a PFSense box. Then two more tunnels will be established for GRE use.
Steps
- Make sure to set your banner
set system login banner pre-login "\n\nTHIS SYSTEM IS PROPERTY OF <Company name here>,\nUNNAUTHORIZED USE IS PROHIBITED!\n\n" set system login banner post-login "\n\nYou are being monitored\n\n"
- Create IPSEC profile
set vpn ipsec esp-group esp01 mode transport set vpn ipsec esp-group esp01 pfs dh-group14 set vpn ipsec esp-group esp01 proposal 1 encryption aes256 set vpn ipsec esp-group esp01 proposal 1 hash sha256 set vpn ipsec ike-group ike01 dead-peer-detection action restart set vpn ipsec ike-group ike01 proposal 1 dh-group 14 set vpn ipsec ike-group ike01 proposal 1 encryption aes256 set vpn ipsec ike-group ike01 proposal 1 hash sha256 set vpn ipsec ike-group ike01 key-exchange ikev2 set vpn ipsec site-to-site peer <peer IP or URL> authentication id <public IP> set vpn ipsec site-to-site peer <peer IP or URL> authentication mode pre-shared-secret set vpn ipsec site-to-site peer <peer IP or URL> authentication pre-shared-secret <enter secret here> set vpn ipsec site-to-site peer <peer IP or URL> connection-type initiate set vpn ipsec site-to-site peer <peer IP or URL> ike-group ike01 set vpn ipsec site-to-site peer <peer IP or URL> local-address <private IP>