Created
June 6, 2014 15:04
-
-
Save alkar/a5a47e8f15e7b94777db to your computer and use it in GitHub Desktop.
Setting up a VyOS EC2 instance to connect two VPCs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
interfaces { | |
vti vti0 { | |
address <CGW_INTERNAL_IP_A>/30 | |
description "VPC Tunnel A" | |
mtu 1436 | |
} | |
vti vti1 { | |
address <CGW_INTERNAL_IP_B>/30 | |
description "VPC Tunnel B" | |
mtu 1436 | |
} | |
} | |
protocols { | |
static { | |
interface-route <VPC-B_CIDR> { | |
next-hop-interface vti0 { | |
} | |
next-hop-interface vti1 { | |
} | |
} | |
} | |
} | |
vpn { | |
ipsec { | |
esp-group AWS { | |
compression disable | |
lifetime 3600 | |
mode tunnel | |
pfs enable | |
proposal 1 { | |
encryption aes128 | |
hash sha1 | |
} | |
} | |
ike-group AWS { | |
dead-peer-detection { | |
action restart | |
interval 15 | |
timeout 30 | |
} | |
lifetime 28800 | |
proposal 1 { | |
dh-group 2 | |
encryption aes128 | |
hash sha1 | |
} | |
} | |
ipsec-interfaces { | |
interface eth0 | |
} | |
site-to-site { | |
peer <AWS_ENDPOINT_A> { | |
authentication { | |
mode pre-shared-secret | |
pre-shared-secret <SECRET_A> | |
} | |
connection-type initiate | |
description "VPN Tunnel A" | |
ike-group AWS | |
local-address <CGW_PRIVATE_IP> | |
vti { | |
bind vti0 | |
esp-group AWS | |
} | |
} | |
peer <AWS_ENDPOINT_B> { | |
authentication { | |
mode pre-shared-secret | |
pre-shared-secret <SECRET_B> | |
} | |
connection-type initiate | |
description "VPN Tunnel B" | |
ike-group AWS | |
local-address <CGW_PRIVATE_IP> | |
vti { | |
bind vti1 | |
esp-group AWS | |
} | |
} | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment