Hi Team,
I am defining policy based tunnel on vyos 1.4.2 and wondering what is the way to define PSK in 1.4.x version per peer.
Hi Team,
I am defining policy based tunnel on vyos 1.4.2 and wondering what is the way to define PSK in 1.4.x version per peer.
Hi,
there is no VyOS version 1.4.2 (yet), also with a missing config example/diagram it will be hard to tell. Please submit a config snippet that you plan and a topology diagram
Ok - This is my existing config on vyos 1.3
set vpn ipsec esp-group ESP compression 'disable'
set vpn ipsec esp-group ESP lifetime '3600'
set vpn ipsec esp-group ESP mode 'tunnel'
set vpn ipsec esp-group ESP pfs 'enable'
set vpn ipsec esp-group ESP proposal 1 encryption 'aes256'
set vpn ipsec esp-group ESP proposal 1 hash 'sha1'
set vpn ipsec ike-group IKE close-action 'none'
set vpn ipsec ike-group IKE dead-peer-detection action 'restart'
set vpn ipsec ike-group IKE dead-peer-detection interval '15'
set vpn ipsec ike-group IKE dead-peer-detection timeout '30'
set vpn ipsec ike-group IKE ikev2-reauth 'yes'
set vpn ipsec ike-group IKE key-exchange 'ikev2'
set vpn ipsec ike-group IKE lifetime '28800'
set vpn ipsec ike-group IKE proposal 1 dh-group '2'
set vpn ipsec ike-group IKE proposal 1 encryption 'aes256'
set vpn ipsec ike-group IKE proposal 1 hash 'sha1'
set vpn ipsec site-to-site peer xx.xx.xx.xx authentication mode 'pre-shared-secret'
set vpn ipsec site-to-site peer xx.xx.xx.xx authentication pre-shared-secret 'xxxxxxxxxxxxxxx16ma'
set vpn ipsec site-to-site peer xx.xx.xx.xx connection-type 'initiate'
set vpn ipsec site-to-site peer xx.xx.xx.xx ike-group 'IKE'
set vpn ipsec site-to-site peer xx.xx.xx.xx ikev2-reauth 'inherit'
set vpn ipsec site-to-site peer xx.xx.xx.xx local-address 'xx.xx.xx.xx'
set vpn ipsec site-to-site peer xx.xx.xx.xx tunnel 2 allow-nat-networks 'disable'
set vpn ipsec site-to-site peer xx.xx.xx.xx tunnel 2 allow-public-networks 'disable'
set vpn ipsec site-to-site peer xx.xx.xx.xx tunnel 2 esp-group 'ESP'
set vpn ipsec site-to-site peer xx.xx.xx.xx tunnel 2 local prefix '192.168.11.0/24'
set vpn ipsec site-to-site peer xx.xx.xx.xx tunnel 2 remote prefix '192.168.12.0/24'
Now if you see I am specifically interested in
set vpn ipsec site-to-site peer xx.xx.xx.xx authentication mode 'pre-shared-secret'
set vpn ipsec site-to-site peer xx.xx.xx.xx authentication pre-shared-secret 'xxxxxxxxxxxxxxx16ma'
I do not see in vyos 1.4
Any idea if that command or syntaxes have been chnaged?
yes, you need to created it with set ipsec vpn authentication xxx
, here is an example:
# Pre-shared-secret
set vpn ipsec authentication psk vyos id 192.0.2.10
set vpn ipsec authentication psk vyos id 203.0.113.45
set vpn ipsec authentication psk vyos secret MYSECRETKEY
more information about it :
https://docs.vyos.io/en/sagitta/configuration/vpn/ipsec.html
This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.