Last active
December 1, 2017 21:59
-
-
Save j3tm0t0/4494955 to your computer and use it in GitHub Desktop.
Vyatta static routing with redundancy VPN configuration for Amazon VPC
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| interfaces { | |
| ethernet eth0 { | |
| address x.x.x.50/30 | |
| duplex auto | |
| hw-id 00:0c:29:8e:f1:58 | |
| smp_affinity auto | |
| speed auto | |
| } | |
| ethernet eth2 { | |
| address 172.31.1.50/16 | |
| duplex auto | |
| hw-id 00:0c:29:8e:f1:6c | |
| smp_affinity auto | |
| speed auto | |
| } | |
| vti vti0 { | |
| address 169.254.252.6/30 | |
| description "VPC tunnel 2" | |
| } | |
| vti vti1 { | |
| address 169.254.252.2/30 | |
| description "VPC tunnel 1" | |
| } | |
| } | |
| load-balancing { | |
| wan { | |
| disable-source-nat | |
| interface-health vti0 { | |
| failure-count 5 | |
| nexthop 169.254.252.5 | |
| success-count 1 | |
| test 10 { | |
| resp-time 5 | |
| target 169.254.252.5 | |
| ttl-limit 1 | |
| type ping | |
| } | |
| } | |
| interface-health vti1 { | |
| failure-count 5 | |
| nexthop 169.254.252.1 | |
| success-count 1 | |
| test 10 { | |
| resp-time 5 | |
| target 169.254.252.1 | |
| ttl-limit 1 | |
| type ping | |
| } | |
| } | |
| rule 10 { | |
| failover | |
| inbound-interface eth2 | |
| interface vti0 { | |
| weight 1 | |
| } | |
| interface vti1 { | |
| weight 1 | |
| } | |
| protocol all | |
| } | |
| } | |
| } | |
| protocols { | |
| static { | |
| route 27.0.1.16/32 { | |
| next-hop x.x.x.49 { | |
| } | |
| } | |
| route 27.0.1.144/32 { | |
| next-hop x.x.x.49 { | |
| } | |
| } | |
| } | |
| } | |
| vpn { | |
| ipsec { | |
| esp-group AWS { | |
| compression disable | |
| lifetime 3600 | |
| mode tunnel | |
| pfs enable | |
| proposal 1 { | |
| encryption aes128 | |
| hash sha1 | |
| } | |
| } | |
| ike-group AWS { | |
| dead-peer-detection { | |
| action restart | |
| interval 15 | |
| timeout 30 | |
| } | |
| lifetime 28800 | |
| proposal 1 { | |
| dh-group 2 | |
| encryption aes128 | |
| hash sha1 | |
| } | |
| } | |
| ipsec-interfaces { | |
| interface eth0 | |
| } | |
| site-to-site { | |
| peer 27.0.1.16 { | |
| authentication { | |
| mode pre-shared-secret | |
| pre-shared-secret PSK1 | |
| } | |
| connection-type initiate | |
| description "VPC tunnel 1" | |
| ike-group AWS | |
| local-address x.x.x.50 | |
| vti { | |
| bind vti1 | |
| esp-group AWS | |
| } | |
| } | |
| peer 27.0.1.144 { | |
| authentication { | |
| mode pre-shared-secret | |
| pre-shared-secret PSK2 | |
| } | |
| connection-type initiate | |
| description "VPC tunnel 2" | |
| ike-group AWS | |
| local-address x.x.x.50 | |
| vti { | |
| bind vti0 | |
| esp-group AWS | |
| } | |
| } | |
| } | |
| } | |
| } | |
This has been a great help, but I'm a little confused on the x.x.x.49 ip. Where is this? I have the tunnels up, but routing is not working.
This is great, thanks for posting it!
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I am veeeeeery glad I found this config as I was struggling to get a redundant VPC configured between EC2 and a Vyatta instance at our company.
Thanks very much!
Kind regards,
John Donath