How to configure multiple site-to-site VPN ?


#1

Dear all,

I’m trying to add a second site-to-site VPN to our VyOS but I’m not sure which steps I have to repeat…

I tried to repreat only the ‘vpn ipsec site-to-site’ commands but it doesn’t work so far and I can’t find any documentation or example to follow…

Does someone has some experience that could help me ?

Thanks for your help :slight_smile:

FYI, here are the commands that I repeated from my first VPN site-to-site (just replaced the remote peer address from the first one):

set vpn ipsec site-to-site peer BBB.BBB.BBB.BBB authentication mode pre-shared-secret
set vpn ipsec site-to-site peer BBB.BBB.BBB.BBB authentication pre-shared-secret XXXXXXXXXXXX
set vpn ipsec site-to-site peer BBB.BBB.BBB.BBB default-esp-group ESP
set vpn ipsec site-to-site peer BBB.BBB.BBB.BBB ike-group IKE
set vpn ipsec site-to-site peer BBB.BBB.BBB.BBB local-address AAA.AAA.AAA.AAA
set vpn ipsec site-to-site peer BBB.BBB.BBB.BBB connection-type initiate
set vpn ipsec site-to-site peer BBB.BBB.BBB.BBB tunnel 1 esp-group ESP
set vpn ipsec site-to-site peer BBB.BBB.BBB.BBB tunnel 1 local prefix 10.0.2.0/24
set vpn ipsec site-to-site peer BBB.BBB.BBB.BBB tunnel 1 remote prefix 192.168.100.0/24


#2

Go for DMVPN with OSPF or with VTI that way you will be able to achieve redundancy in VPN else it would not be possible in Vyos as backup peer.


#3

We have solved this problem…please go ahead and try it out. www.wanclouds.net (its on free trial basis)


#4

@apc_be,

Post full config. Without it, it’s a guessing game. like: firewall rules allowing IPSEC (ike natt esp) for site1 aren’t in place for site 2