Good day all,
I’m trying to figure out how to connect my old(ish) Edgerouter X & a virtual Vyos 1.4 machine.
Here’s the configuration on both end :
EdgeRouter
esp-group maison-rtr-esp {
compression disable
lifetime 1800
mode tunnel
pfs enable
proposal 1 {
encryption aes256
hash sha256
}
}
ike-group maison-rtr-ike {
ikev2-reauth no
key-exchange ikev1
lifetime 3600
proposal 1 {
encryption aes256
hash sha256
}
}
ipsec-interfaces {
interface eth0.100
}
site-to-site {
peer XX.XX.XX.XX {
authentication {
mode pre-shared-secret
pre-shared-secret thats secret
}
connection-type respond
ike-group maison-rtr-ike
local-address YY.YY.YY.YY
tunnel 0 {
allow-nat-networks disable
esp-group maison-rtr-esp
local {
prefix 10.47.0.0/16
}
remote {
prefix 10.46.0.0/16
}
}
}
}
Vyos 1.4
esp-group cloud-rtr-esp {
lifetime 1800
mode tunnel
pfs enable
proposal 1 {
encryption aes256
hash sha256
}
}
ike-group cloud-rtr-ike {
key-exchange ikev1
lifetime 3600
proposal 1 {
encryption aes256
hash sha256
}
}
interface eth0
log {
level 2
}
site-to-site {
peer maison {
authentication {
mode pre-shared-secret
pre-shared-secret also a secret
}
connection-type initiate
default-esp-group cloud-rtr-esp
ike-group cloud-rtr-ike
local-address XX.XX.XX.XX
remote-address YY.YY.YY.YY
tunnel 0 {
esp-group cloud-rtr-esp
local {
prefix 10.46.0.0/16
}
remote {
prefix 10.47.0.0/16
}
}
}
}
Hopefully, I didn’t leave anything personal in here.
When trying to setup the IKE for the ipsec, I am greeted with this in the logs of the 1.4 router :
IDir 'YY.YY.YY.YY' does not match to 'maison'
Seems it doesn’t like that my peer isn’t named after an IP, but you cannot name peers with IP in Vyos 1.4 any more, as far as I know.
If anyone has an idea as to why it’s angry at me (and probably rightfully so)…
Cheers,
Taledo