Vyos Router 1
set interfacees ethernet eth0 address '10.10.91.2/24'
set interfacees ethernet eth1 address '10.10.92.1/24'
set interfacees ethernet eth2 address '10.10.93.1/24'
set interfaces loopback lo
set protocols ospf area 11 network '10.10.91.0/24'
set protocols ospf area 11 network '10.10.92.0/24'
set protocols ospf area 11 network '10.10.93.0/24'
set protocols ospf default information originate always
set protocols ospf default information originate metric '2'
set protocols ospf default information originate metric-type '2'
set protocols ospf interface eth0 network 'point-to-point'
set protocols ospf log-adjacency-changes
set protocols ospf parameters router-id '10.10.91.2'
Fortigate 1
config system interface
edit "port1"
set ip 10.10.50.1 255.255.255.0
set allowaccess ping https ssh http fgfm
set alias "VL50"
next
edit "port2"
set ip 10.10.90.1 255.255.255.0
set allowaccess ping https ssh http
set alias "VL90"
next
edit "port3"
set ip 10.10.91.1 255.255.255.0
set allowaccess ping https ssh http speed-test
set alias "VL91"
next
edit "port4"
set ip 192.168.47.12 255.255.255.224
set allowaccess ping https ssh http
set alias 'MGMT'
edit "p2p"
set ip 10.10.10.1 255.255.255.255
set remote-ip 10.10.10.2 255.255.255.255
config vpn ipsec phase1-interface
edit "p2p"
set type static
set interface "port1"
set comments "VPN: p2p (Created by VPN wizard)"
set remote-gw 10.10.50.2
config vpn ipsec phase2-interface
edit "p2p"
set phase1name "p2p"
set comments "VPN: p2p (Created by VPN wizard)"
set src-name "p2p_local"
set dst-name "p2p_remote"
next
edit "tunnel-id"
set phase1name "p2p"
set src-subnet 10.10.10.1 255.255.255.255
set dst-subnet 10.10.10.2 255.255.255.255
next
edit "OSPF"
set phase1name "p2p"
set src-subnet 10.10.10.1 255.255.255.255
set dst-subnet 224.0.0.5 255.255.255.255
next
edit "OSPF-1"
set phase1name "p2p"
set src-subnet 224.0.0.5 255.255.255.255
set dst-subnet 10.10.10.2 255.255.255.255
next
config router ospf
set abr-type cisco
set auto-cost-ref-bandwidth 1000
set distance-external 110
set distance-inter-area 110
set distance-intra-area 110
set database-overflow disable
set database-overflow-max-lsas 10000
set database-overflow-time-to-recover 300
set default-information-originate disable
set default-information-metric 10
set default-information-metric-type 2
set default-information-route-map ''
set default-metric 10
set distance 110
set rfc1583-compatible disable
set router-id 10.10.91.1
set spf-timers 5 10
set bfd disable
set log-neighbour-changes enable
set distribute-list-in ''
set distribute-route-map-in ''
set restart-mode none
config area
edit 0.0.0.11
set shortcut disable
set authentication none
set type regular
set comments ''
next
edit 0.0.0.0
set shortcut disable
set authentication none
set comments ''
next
end
config ospf-interface
edit "port3"
set comments ''
set interface "port3"
set ip 0.0.0.0
set authentication none
set prefix-length 0
set retransmit-interval 5
set transmit-delay 1
set cost 0
set priority 1
set dead-interval 0
set hello-interval 0
set hello-multiplier 0
set database-filter-out disable
set mtu 0
set mtu-ignore disable
set network-type point-to-point
set bfd global
set status enable
set resync-timeout 40
next
edit "ipsectunnel"
set comments ''
set interface "p2p"
set ip 0.0.0.0
set authentication none
set prefix-length 32
set retransmit-interval 5
set transmit-delay 1
set cost 0
set priority 1
set dead-interval 0
set hello-interval 0
set hello-multiplier 0
set database-filter-out disable
set mtu 0
set mtu-ignore disable
set network-type point-to-point
set bfd global
set status enable
set resync-timeout 40
next
end
config network
edit 3
set prefix 10.10.91.0 255.255.255.0
set area 0.0.0.11
set comments ''
next
edit 2
set prefix 10.10.10.1 255.255.255.255
set area 0.0.0.0
set comments ''
next
end
config redistribute "connected"
set status enable
set metric 0
set routemap ''
set metric-type 2
set tag 0
end
config redistribute "static"
set status enable
set metric 0
set routemap ''
set metric-type 2
set tag 0
end
Vyos Router 2
set interfacees ethernet eth0 address '10.10.81.2/24'
set interfacees ethernet eth1 address '10.10.82.1/24'
set interfacees ethernet eth2 address '10.10.83.1/24'
set interfaces loopback lo
set protocols ospf area 11 network '10.10.81.0/24'
set protocols ospf area 11 network '10.10.82.0/24'
set protocols ospf area 11 network '10.10.83.0/24'
set protocols ospf default information originate always
set protocols ospf default information originate metric '2'
set protocols ospf default information originate metric-type '2'
set protocols ospf interface eth0 network 'point-to-point'
set protocols ospf log-adjacency-changes
set protocols ospf parameters router-id '10.10.81.2'
Fortigate 2
config system interface
edit "port1"
set ip 10.10.50.2 255.255.255.0
set allowaccess ping https ssh http fgfm
set alias "VL50"
next
edit "port2"
set ip 10.10.80.1 255.255.255.0
set allowaccess ping https ssh http
set alias "VL90"
next
edit "port3"
set ip 10.10.81.1 255.255.255.0
set allowaccess ping https ssh http speed-test
set alias "VL91"
next
edit "port4"
set ip 192.168.47.12 255.255.255.224
set allowaccess ping https ssh http
set alias 'MGMT'
edit "p2p"
set ip 10.10.10.1 255.255.255.255
set remote-ip 10.10.10.2 255.255.255.255
config vpn ipsec phase1-interface
edit "p2p"
set type static
set interface "port1"
set comments "VPN: p2p (Created by VPN wizard)"
set remote-gw 10.10.50.2
config vpn ipsec phase2-interface
edit "p2p"
set phase1name "p2p"
set comments "VPN: p2p (Created by VPN wizard)"
set src-name "p2p_local"
set dst-name "p2p_remote"
next
edit "tunnel-id"
set phase1name "p2p"
set src-subnet 10.10.10.2 255.255.255.255
set dst-subnet 10.10.10.1 255.255.255.255
next
edit "OSPF"
set phase1name "p2p"
set src-subnet 10.10.10.2 255.255.255.255
set dst-subnet 224.0.0.5 255.255.255.255
next
edit "OSPF-1"
set phase1name "p2p"
set src-subnet 224.0.0.5 255.255.255.255
set dst-subnet 10.10.10.1 255.255.255.255
next
config router ospf
set abr-type cisco
set auto-cost-ref-bandwidth 1000
set distance-external 110
set distance-inter-area 110
set distance-intra-area 110
set database-overflow disable
set database-overflow-max-lsas 10000
set database-overflow-time-to-recover 300
set default-information-originate disable
set default-information-metric 10
set default-information-metric-type 2
set default-information-route-map ''
set default-metric 10
set distance 110
set rfc1583-compatible disable
set router-id 10.10.81.1
set spf-timers 5 10
set bfd disable
set log-neighbour-changes enable
set distribute-list-in ''
set distribute-route-map-in ''
set restart-mode none
config area
edit 0.0.0.11
set shortcut disable
set authentication none
set type regular
set comments ''
next
edit 0.0.0.0
set shortcut disable
set authentication none
set comments ''
next
end
config ospf-interface
edit "port3"
set comments ''
set interface "port3"
set ip 0.0.0.0
set authentication none
set prefix-length 0
set retransmit-interval 5
set transmit-delay 1
set cost 0
set priority 1
set dead-interval 0
set hello-interval 0
set hello-multiplier 0
set database-filter-out disable
set mtu 0
set mtu-ignore disable
set network-type point-to-point
set bfd global
set status enable
set resync-timeout 40
next
edit "ipsectunnel"
set comments ''
set interface "p2p"
set ip 0.0.0.0
set authentication none
set prefix-length 32
set retransmit-interval 5
set transmit-delay 1
set cost 0
set priority 1
set dead-interval 0
set hello-interval 0
set hello-multiplier 0
set database-filter-out disable
set mtu 0
set mtu-ignore disable
set network-type point-to-point
set bfd global
set status enable
set resync-timeout 40
next
end
config network
edit 3
set prefix 10.10.81.0 255.255.255.0
set area 0.0.0.11
set comments ''
next
edit 2
set prefix 10.10.10.2 255.255.255.255
set area 0.0.0.0
set comments ''
next
end
config redistribute "connected"
set status enable
set metric 0
set routemap ''
set metric-type 2
set tag 0
end
config redistribute "static"
set status enable
set metric 0
set routemap ''
set metric-type 2
set tag 0
end
Here is a quick drawing of what it looks like showing the connected networks and areas
And finally my routing table
