hashy0917/VyOSとRTX1200でIPSec(Vyos側がレスポンダ).txt

## VyOSとRTX1200でIPSec(Vyos側がレスポンダ).txt
vpn {
    ipsec {
        esp-group ESP-RTX-1 {
            compression disable
            lifetime 3600
            mode tunnel
            pfs enable
            proposal 1 {
                encryption aes128
                hash sha1
            }
        }
        ike-group IKE-RTX-1 {
            ikev2-reauth yes
            key-exchange ikev2
            lifetime 28800
            proposal 1 {
                dh-group 2
                encryption 3des
                hash sha1
            }
        }
        ipsec-interfaces {
            interface eth0
        }
        nat-traversal enable
        site-to-site {
            peer :: {
                authentication {
                    id kotoha
                    mode pre-shared-secret
                    pre-shared-secret ****************
                    remote-id mogami
                }
                connection-type respond
                ike-group IKE-RTX-1
                ikev2-reauth inherit
                local-address ::
                tunnel 1 {
                    allow-nat-networks disable
                    allow-public-networks disable
                    esp-group ESP-RTX-1
                    local {
                        prefix fd63:7c0f:7fcc:0417::/64
                    }
                    remote {
                        prefix fd63:7c0f:7fcc:0765::/64
                    }
                }
            }
        }
    }
}

## 使い方.md

      
    Raw
  

              使い方.md
            
          
    RTX1200側のコンフィグは以下です(Thanks @panakuma)
https://gist.github.com/panakuma/c9db75458afd6356754917d25619a510
	vpn {
	ipsec {
	esp-group ESP-RTX-1 {
	compression disable
	lifetime 3600
	mode tunnel
	pfs enable
	proposal 1 {
	encryption aes128
	hash sha1
	}
	}
	ike-group IKE-RTX-1 {
	ikev2-reauth yes
	key-exchange ikev2
	lifetime 28800
	proposal 1 {
	dh-group 2
	encryption 3des
	hash sha1
	}
	}
	ipsec-interfaces {
	interface eth0
	}
	nat-traversal enable
	site-to-site {
	peer :: {
	authentication {
	id kotoha
	mode pre-shared-secret
	pre-shared-secret ****************
	remote-id mogami
	}
	connection-type respond
	ike-group IKE-RTX-1
	ikev2-reauth inherit
	local-address ::
	tunnel 1 {
	allow-nat-networks disable
	allow-public-networks disable
	esp-group ESP-RTX-1
	local {
	prefix fd63:7c0f:7fcc:0417::/64
	}
	remote {
	prefix fd63:7c0f:7fcc:0765::/64
	}
	}
	}
	}
	}
	}