Hi All im new in Vyos,
I already conf the vpn site to site between vyos and fortigate but i cant ping from vyos to fortigate and vice verse.
vyos site a*****
firewall {
name INSIDE-OUT {
rule 12 {
action accept
destination {
address 192.168.0.231/32
}
source {
address 192.168.100.0/24
}
}
}
}
interfaces {
ethernet eth0 {
address 192.168.100.100/24
description INSIDE
hw-id 50:3e:aa:0d:bd:41
}
ethernet eth1 {
address 197.249.23.164/21
description OUTSIDE
hw-id b0:83:fe:8a:f5:15
:…skipping…
firewall {
name INSIDE-OUT {
rule 12 {
action accept
destination {
address 192.168.0.231/32
}
source {
address 192.168.100.0/24
}
}
}
}
interfaces {
ethernet eth0 {
address 192.168.100.100/24
description INSIDE
hw-id 50:3e:aa:0d:bd:41
}
ethernet eth1 {
address 197.249.23.164/21
description OUTSIDE
hw-id b0:83:fe:8a:f5:15
}
loopback lo {
}
vti vti0 {
address 172.16.0.1/30
}
}
nat {
source {
rule 10 {
outbound-interface eth1
source {
address 192.168.100.0/24
}
translation {
address masquerade
}
}
rule 11 {
destination {
address 192.168.0.231/24
}
exclude
outbound-interface eth1
source {
address 192.168.100.0/24
}
}
rule 100 {
outbound-interface eth1
source {
address 192.168.100.0/24
}
translation {
address 197.249.23.164/21
}
}
}
}
protocols {
static {
interface-route 192.168.0.231/32 {
next-hop-interface vti0 {
distance 3
}
}
route 0.0.0.0/0 {
next-hop 197.249.23.254 {
distance 1
}
}
}
}
service {
dhcp-server {
shared-network-name dhcpexample {
authoritative
subnet 192.168.100.0/24 {
default-router 192.168.100.100
dns-server 192.168.100.100
dns-server 8.8.8.8
lease 86400
range 0 {
start 192.168.100.12
stop 192.168.100.199
}
}
}
}
dns {
}
https {
}
ssh {
port 22
}
}
system {
config-management {
commit-revisions 100
}
console {
device ttyS0 {
speed 115200
}
}
host-name vyos
login {
user admin {
authentication {
encrypted-password ****************
plaintext-password ****************
}
}
user vyos {
authentication {
encrypted-password ****************
plaintext-password ****************
}
}
}
name-server 197.249.0.243
name-server 197.249.0.244
ntp {
server 0.pool.ntp.org {
}
server 1.pool.ntp.org {
}
server 2.pool.ntp.org {
}
}
syslog {
global {
facility all {
level info
}
facility protocols {
level debug
}
}
}
}
vpn {
ipsec {
esp-group bdq-sede-esp {
compression disable
lifetime 86400
mode tunnel
pfs enable
proposal 1 {
encryption 3des
hash sha1
}
proposal 2 {
encryption 3des
hash sha1
}
}
ike-group bdq-sede-ike {
ikev2-reauth no
key-exchange ikev1
lifetime 3600
proposal 1 {
encryption 3des
hash sha1
}
}
ipsec-interfaces {
interface eth1
}
site-to-site {
peer 196.22.54.82 {
authentication {
mode pre-shared-secret
pre-shared-secret ****************
}
ike-group bdq-sede-ike
local-address 197.249.23.164
tunnel 0 {
allow-nat-networks disable
allow-public-networks disable
esp-group bdq-sede-esp
local {
prefix 192.168.100.0/24
}
remote {
prefix 192.168.0.231/32
}
}
}
}
}
}
Log VPN***********************
sh vpn ike sa
Peer ID / IP Local ID / IP
196.22.54.82 197.249.23.164
State IKEVer Encrypt Hash D-H Group NAT-T A-Time L-Time
----- ------ ------- ---- --------- ----- ------ ------
up IKEv1 3des sha1_96 2(MODP_1024) no 1320 3600
On fortigate everthing is under control.
Please i need you help, I can no longer think I’m 3 days suffering from this error