set firewall group address-group 3306ers address 'xxx.xxx.122.173'
set firewall group address-group 3306ers address 'xxx.xxx.69.180'
set firewall group address-group bitbucket_src address 'xxx.xxx.54.113'
set firewall group address-group bitbucket_src address 'xxx.xxx.25.90'
set firewall group address-group bitbucket_src address 'xxx.xxx.119.183'
set firewall group address-group bitbucket_src address 'xxx.xxx.25.177'
set firewall group address-group bitbucket_src address 'xxx.xxx.175.212'
set firewall group address-group bitbucket_src address 'xxx.xxx.90.98'
set firewall group address-group bitbucket_src address 'xxx.xxx.195.162'
set firewall group address-group bitbucket_src address 'xxx.xxx.14.55'
set firewall group address-group bitbucket_src address 'xxx.xxx.96.37'
set firewall group address-group bitbucket_src address 'xxx.xxx.156.209'
set firewall group address-group bitbucket_src address 'xxx.xxx.168.212'
set firewall group address-group bitbucket_src address 'xxx.xxx.219.63'
set firewall group address-group bitbucket_src address 'xxx.xxx.178.254'
set firewall group address-group bitbucket_src address 'xxx.xxx.177.10'
set firewall group address-group bitbucket_src address 'xxx.xxx.18.129'
set firewall group address-group bitbucket_src address 'xxx.xxx.235.48'
set firewall group address-group bitbucket_src address 'xxx.xxx.96.243'
set firewall group address-group bitbucket_src address 'xxx.xxx.3.254'
set firewall group address-group bitbucket_src address 'xxx.xxx.205.191'
set firewall group address-group bitbucket_src address 'xxx.xxx.127.226'
set firewall group address-group bitbucket_src address 'xxx.xxx.45.64'
set firewall group address-group bitbucket_src address 'xxx.xxx.151.112'
set firewall group address-group bitbucket_src address 'xxx.xxx.184.192'
set firewall group address-group bitbucket_src address 'xxx.xxx.137.240'
set firewall name OUTSIDE-IN default-action 'drop'
set firewall name OUTSIDE-IN rule 10 action 'accept'
set firewall name OUTSIDE-IN rule 10 state established 'enable'
set firewall name OUTSIDE-IN rule 10 state related 'enable'
set firewall name OUTSIDE-IN rule 51 action 'accept'
set firewall name OUTSIDE-IN rule 51 description 'allow access to vpn00:1443'
set firewall name OUTSIDE-IN rule 51 destination address 'xxx.xxx.10.17'
set firewall name OUTSIDE-IN rule 51 destination port '1443'
set firewall name OUTSIDE-IN rule 51 protocol 'tcp'
set firewall name OUTSIDE-IN rule 51 state new 'enable'
set firewall name OUTSIDE-IN rule 52 action 'accept'
set firewall name OUTSIDE-IN rule 52 destination address 'xxx.xxx.14.30'
set firewall name OUTSIDE-IN rule 52 destination port '22'
set firewall name OUTSIDE-IN rule 52 protocol 'tcp'
set firewall name OUTSIDE-IN rule 52 source group address-group 'bitbucket_src'
set firewall name OUTSIDE-IN rule 52 state new 'enable'
set firewall name OUTSIDE-IN rule 53 action 'accept'
set firewall name OUTSIDE-IN rule 53 destination address 'xxx.xxx.14.26'
set firewall name OUTSIDE-IN rule 53 destination port '80'
set firewall name OUTSIDE-IN rule 53 protocol 'tcp'
set firewall name OUTSIDE-IN rule 53 source group
set firewall name OUTSIDE-IN rule 53 state new 'enable'
set firewall name OUTSIDE-IN rule 54 action 'accept'
set firewall name OUTSIDE-IN rule 54 destination address 'xxx.xxx.14.26'
set firewall name OUTSIDE-IN rule 54 destination port '443'
set firewall name OUTSIDE-IN rule 54 protocol 'tcp'
set firewall name OUTSIDE-IN rule 54 source group
set firewall name OUTSIDE-IN rule 54 state new 'enable'
set firewall name OUTSIDE-IN rule 55 action 'accept'
set firewall name OUTSIDE-IN rule 55 destination address 'xxx.xxx.14.40'
set firewall name OUTSIDE-IN rule 55 destination port '3306'
set firewall name OUTSIDE-IN rule 55 protocol 'tcp'
set firewall name OUTSIDE-IN rule 55 source group address-group '3306ers'
set firewall name OUTSIDE-IN rule 55 state new 'enable'
set firewall name OUTSIDE-LOCAL default-action 'drop'
set firewall name OUTSIDE-LOCAL rule 10 action 'accept'
set firewall name OUTSIDE-LOCAL rule 10 state established 'enable'
set firewall name OUTSIDE-LOCAL rule 10 state related 'enable'
set firewall name OUTSIDE-LOCAL rule 20 action 'accept'
set firewall name OUTSIDE-LOCAL rule 20 icmp type-name 'echo-request'
set firewall name OUTSIDE-LOCAL rule 20 protocol 'icmp'
set firewall name OUTSIDE-LOCAL rule 20 state new 'enable'
set firewall name OUTSIDE-LOCAL rule 31 action 'accept'
set firewall name OUTSIDE-LOCAL rule 31 destination port '22'
set firewall name OUTSIDE-LOCAL rule 31 protocol 'tcp'
set firewall name OUTSIDE-LOCAL rule 31 state new 'enable'
set firewall name OUTSIDE-LOCAL rule 32 action 'accept'
set firewall name OUTSIDE-LOCAL rule 32 source address 'xxx.xxx.0.0/16'
set high-availability vrrp group public address xxx.xxx.69.219/27
set high-availability vrrp group public hello-source-address 'xxx.xxx.69.216'
set high-availability vrrp group public interface 'eth0'
set high-availability vrrp group public no-preempt
set high-availability vrrp group public peer-address 'xxx.xxx.69.217'
set high-availability vrrp group public priority '200'
set high-availability vrrp group public vrid '100'
set interfaces ethernet eth0 address 'xxx.xxx.69.216/27'
set interfaces ethernet eth0 description 'WAN'
set interfaces ethernet eth0 firewall in name 'OUTSIDE-IN'
set interfaces ethernet eth0 firewall local name 'OUTSIDE-LOCAL'
set interfaces ethernet eth0 hw-id 'xx:xx:xx:xx:xx:b5'
set interfaces ethernet eth1 address 'xxx.xxx.10.1/23'
set interfaces ethernet eth1 description 'admin subnet'
set interfaces ethernet eth1 hw-id 'xx:xx:xx:xx:xx:70'
set interfaces ethernet eth2 address 'xxx.xxx.12.1/23'
set interfaces ethernet eth2 address 'xxx.xxx.16.1/23'
set interfaces ethernet eth2 description 'test subnet'
set interfaces ethernet eth2 hw-id 'xx:xx:xx:xx:xx:b9'
set interfaces ethernet eth3 address 'xxx.xxx.14.1/23'
set interfaces ethernet eth3 address 'xxx.xxx.18.1/23'
set interfaces ethernet eth3 description 'production subnet'
set interfaces ethernet eth3 hw-id 'xx:xx:xx:xx:xx:1b'
set interfaces ethernet eth4 hw-id 'xx:xx:xx:xx:xx:8c'
set interfaces ethernet eth5 address 'xxx.xxx.20.1/23'
set interfaces ethernet eth5 address 'xxx.xxx.22.1/23'
set interfaces ethernet eth5 description 'staging subnet'
set interfaces ethernet eth5 hw-id 'xx:xx:xx:xx:xx:bd'
set interfaces loopback lo
set interfaces vti vti0 address 'xxx.xxx.17.189/30'
set interfaces vti vti0 description 'For vyos VPN tunnel'
set interfaces vti vti01 address 'xxx.xxx.18.201/30'
set interfaces vti vti01 description 'vti to equinix edge01'
set interfaces vti vti02 address 'xxx.xxx.95.178/30'
set interfaces vti vti02 description 'aws transit VPC tunnel 1'
set interfaces vti vti02 mtu '1436'
set interfaces vti vti03 address 'xxx.xxx.183.250/30'
set interfaces vti vti03 description 'aws transit VPC tunnel 2'
set interfaces vti vti03 mtu '1436'
set nat destination rule 51 description 'openvpn portforward to vpn00:1443'
set nat destination rule 51 destination port '1443'
set nat destination rule 51 inbound-interface 'eth0'
set nat destination rule 51 protocol 'tcp'
set nat destination rule 51 translation address 'xxx.xxx.10.17'
set nat destination rule 51 translation port '1443'
set nat destination rule 52 description 'ssh portforward to devops00.prod:2223'
set nat destination rule 52 destination port '2223'
set nat destination rule 52 inbound-interface 'eth0'
set nat destination rule 52 protocol 'tcp'
set nat destination rule 52 translation address 'xxx.xxx.14.30'
set nat destination rule 52 translation port '22'
set nat destination rule 53 description 'https portforward to lb00.prod:80'
set nat destination rule 53 destination port '80'
set nat destination rule 53 inbound-interface 'eth0'
set nat destination rule 53 protocol 'tcp'
set nat destination rule 53 translation address 'xxx.xxx.14.26'
set nat destination rule 54 description 'https portforward to lb00.prod:443'
set nat destination rule 54 destination port '443'
set nat destination rule 54 inbound-interface 'eth0'
set nat destination rule 54 protocol 'tcp'
set nat destination rule 54 translation address 'xxx.xxx.14.26'
set nat destination rule 55 description 'mysql portforward to db00.prod:3306'
set nat destination rule 55 destination port '3306'
set nat destination rule 55 inbound-interface 'eth0'
set nat destination rule 55 protocol 'tcp'
set nat destination rule 55 translation address 'xxx.xxx.14.40'
set nat destination rule 121 description 'Wireguard sinaowolabi portforward to onboard00:51821'
set nat destination rule 121 destination port '51821'
set nat destination rule 121 inbound-interface 'eth0'
set nat destination rule 121 protocol 'udp'
set nat destination rule 121 translation address 'xxx.xxx.10.201'
set nat source rule 49 destination address 'xxx.xxx.0.0/16'
set nat source rule 49 exclude
set nat source rule 49 outbound-interface 'vti0'
set nat source rule 49 source address 'xxx.xxx.0.0/16'
set nat source rule 50 outbound-interface 'eth0'
set nat source rule 50 source address 'xxx.xxx.0.0/16'
set nat source rule 50 translation address 'masquerade'
set policy prefix-list AWS_64512-IN rule 10 action 'permit'
set policy prefix-list AWS_64512-IN rule 10 prefix 'xxx.xxx.0.0/16'
set policy prefix-list AWS_64512-IN rule 20 action 'permit'
set policy prefix-list AWS_64512-IN rule 20 prefix 'xxx.xxx.0.0/16'
set policy prefix-list AWS_64512-OUT rule 10 action 'permit'
set policy prefix-list AWS_64512-OUT rule 10 prefix 'xxx.xxx.0.0/16'
set policy route-map CONNECT rule 10 action 'permit'
set policy route-map CONNECT rule 10 match interface 'vti0'
set protocols bgp local-as '65003'
set protocols bgp neighbor xxx.xxx.95.177 address-family ipv4-unicast maximum-prefix '50'
set protocols bgp neighbor xxx.xxx.95.177 address-family ipv4-unicast nexthop-self
set protocols bgp neighbor xxx.xxx.95.177 address-family ipv4-unicast prefix-list export 'AWS_64512-OUT'
set protocols bgp neighbor xxx.xxx.95.177 address-family ipv4-unicast prefix-list import 'AWS_64512-IN'
set protocols bgp neighbor xxx.xxx.95.177 address-family ipv4-unicast soft-reconfiguration inbound
set protocols bgp neighbor xxx.xxx.95.177 capability dynamic
set protocols bgp neighbor xxx.xxx.95.177 description 'BGP Dspyder-AWS 1'
set protocols bgp neighbor xxx.xxx.95.177 disable-connected-check
set protocols bgp neighbor xxx.xxx.95.177 ebgp-multihop '2'
set protocols bgp neighbor xxx.xxx.95.177 remote-as '64512'
set protocols bgp neighbor xxx.xxx.95.177 timers holdtime '30'
set protocols bgp neighbor xxx.xxx.95.177 timers keepalive '10'
set protocols bgp neighbor xxx.xxx.95.177 update-source 'xxx.xxx.95.178'
set protocols bgp neighbor xxx.xxx.183.249 address-family ipv4-unicast maximum-prefix '50'
set protocols bgp neighbor xxx.xxx.183.249 address-family ipv4-unicast nexthop-self
set protocols bgp neighbor xxx.xxx.183.249 address-family ipv4-unicast prefix-list export 'AWS_64512-OUT'
set protocols bgp neighbor xxx.xxx.183.249 address-family ipv4-unicast prefix-list import 'AWS_64512-IN'
set protocols bgp neighbor xxx.xxx.183.249 address-family ipv4-unicast soft-reconfiguration inbound
set protocols bgp neighbor xxx.xxx.183.249 capability dynamic
set protocols bgp neighbor xxx.xxx.183.249 description 'BGP Dspyder-AWS 2'
set protocols bgp neighbor xxx.xxx.183.249 disable-connected-check
set protocols bgp neighbor xxx.xxx.183.249 ebgp-multihop '2'
set protocols bgp neighbor xxx.xxx.183.249 remote-as '64512'
set protocols bgp neighbor xxx.xxx.183.249 timers holdtime '30'
set protocols bgp neighbor xxx.xxx.183.249 timers keepalive '10'
set protocols bgp neighbor xxx.xxx.183.249 update-source 'xxx.xxx.183.250'
set protocols bgp parameters router-id 'xxx.xxx.2.2'
set protocols ospf area xxx.xxx.0.0 network 'xxx.xxx.0.0/16'
set protocols ospf area xxx.xxx.0.0 network 'xxx.xxx.0.0/16'
set protocols ospf area xxx.xxx.0.0 network 'xxx.xxx.17.188/30'
set protocols ospf default-information originate always
set protocols ospf default-information originate metric '10'
set protocols ospf default-information originate metric-type '2'
set protocols ospf log-adjacency-changes
set protocols ospf parameters router-id 'xxx.xxx.69.216'
set protocols ospf redistribute connected metric-type '2'
set protocols ospf redistribute connected route-map 'CONNECT'
set protocols static route xxx.xxx.0.0/0 next-hop xxx.xxx.69.193
set protocols static route xxx.xxx.0.0/16 interface vti01
set protocols static route xxx.xxx.0.0/16 interface vti01
set protocols static route xxx.xxx.0.0/16 interface vti01
set protocols static route xxx.xxx.0.0/16 interface vti01
set protocols static route xxx.xxx.0.0/16 interface vti0
set protocols static route xxx.xxx.4.9/32 interface vti01
set protocols static route xxx.xxx.4.162/32 interface vti01
set protocols static route xxx.xxx.3.162/32 interface vti01
set protocols static route xxx.xxx.3.215/32 interface vti01
set service dhcp-server shared-network-name xxxxxx authoritative
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/23 default-router 'xxx.xxx.10.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/23 domain-name xxxxxx
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/23 domain-search xxxxxx
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/23 domain-search xxxxxx
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/23 lease '86400'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/23 name-server 'xxx.xxx.10.3'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/23 name-server 'xxx.xxx.10.4'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/23 name-server 'xxx.xxx.10.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/23 range 0 start 'xxx.xxx.10.5'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/23 range 0 stop 'xxx.xxx.10.200'
set service dhcp-server shared-network-name xxxxxx authoritative
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.14.0/23 default-router 'xxx.xxx.14.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.14.0/23 domain-name xxxxxx
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.14.0/23 domain-search xxxxxx
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.14.0/23 domain-search xxxxxx
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.14.0/23 lease '86400'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.14.0/23 name-server 'xxx.xxx.10.3'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.14.0/23 name-server 'xxx.xxx.10.4'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.14.0/23 name-server 'xxx.xxx.14.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.14.0/23 range 0 start 'xxx.xxx.14.5'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.14.0/23 range 0 stop 'xxx.xxx.14.200'
set service dhcp-server shared-network-name xxxxxx authoritative
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.20.0/23 default-router 'xxx.xxx.20.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.20.0/23 domain-name xxxxxx
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.20.0/23 domain-search xxxxxx
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.20.0/23 domain-search xxxxxx
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.20.0/23 lease '86400'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.20.0/23 name-server 'xxx.xxx.10.4'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.20.0/23 name-server 'xxx.xxx.10.3'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.20.0/23 name-server 'xxx.xxx.20.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.20.0/23 range 0 start 'xxx.xxx.20.5'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.20.0/23 range 0 stop 'xxx.xxx.20.200'
set service dhcp-server shared-network-name xxxxxx authoritative
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.12.0/23 default-router 'xxx.xxx.12.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.12.0/23 domain-name xxxxxx
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.12.0/23 domain-search xxxxxx
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.12.0/23 lease '86400'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.12.0/23 name-server 'xxx.xxx.10.3'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.12.0/23 name-server 'xxx.xxx.10.4'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.12.0/23 name-server 'xxx.xxx.12.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.12.0/23 range 0 start 'xxx.xxx.12.5'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.12.0/23 range 0 stop 'xxx.xxx.12.200'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.12.0/23 static-mapping xxxxxx ip-address 'xxx.xxx.12.23'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.12.0/23 static-mapping xxxxxx mac-address 'xx:xx:xx:xx:xx:23'
set service dns forwarding allow-from 'xxx.xxx.0.0/16'
set service dns forwarding cache-size '0'
set service dns forwarding domain prod.isec.internal server 'xxx.xxx.10.4'
set service dns forwarding domain prod.isec.internal server 'xxx.xxx.10.3'
set service dns forwarding domain staging.isec.internal server 'xxx.xxx.10.4'
set service dns forwarding domain staging.isec.internal server 'xxx.xxx.10.3'
set service dns forwarding domain test.isec.internal server 'xxx.xxx.10.3'
set service dns forwarding domain test.isec.internal server 'xxx.xxx.10.4'
set service dns forwarding listen-address 'xxx.xxx.10.1'
set service dns forwarding listen-address 'xxx.xxx.12.1'
set service dns forwarding listen-address 'xxx.xxx.14.1'
set service dns forwarding listen-address 'xxx.xxx.20.1'
set service dns forwarding system
set service ssh disable-password-authentication
set service ssh port '22'
set system config-management commit-archive location xxxxxx
set system config-management commit-revisions '100'
set system conntrack modules ftp
set system conntrack modules h323
set system conntrack modules nfs
set system conntrack modules pptp
set system conntrack modules sip
set system conntrack modules sqlnet
set system conntrack modules tftp
set system console device ttyS0 speed '115200'
set system host-name xxxxxx
set system login user xxxxxx authentication encrypted-password xxxxxx
set system login user xxxxxx authentication public-keys xxxx@xxx.xxx key xxxxxx
set system login user xxxxxx authentication public-keys xxxx@xxx.xxx type ssh-xxx
set system login user xxxxxx authentication public-keys xxxx@xxx.xxx key xxxxxx
set system login user xxxxxx authentication public-keys xxxx@xxx.xxx type ssh-xxx
set system login user xxxxxx authentication encrypted-password xxxxxx
set system login user xxxxxx authentication plaintext-password xxxxxx
set system login user xxxxxx authentication public-keys xxxx@xxx.xxx key xxxxxx
set system login user xxxxxx authentication public-keys xxxx@xxx.xxx type ssh-xxx
set system login user xxxxxx authentication public-keys xxxx@xxx.xxx key xxxxxx
set system login user xxxxxx authentication public-keys xxxx@xxx.xxx type ssh-xxx
set system name-server 'xxx.xxx.9.9'
set system name-server 'xxx.xxx.1.1'
set system name-server 'xxx.xxx.8.8'
set system ntp server xxxxx.tld
set system ntp server xxxxx.tld
set system ntp server xxxxx.tld
set system static-host-mapping host-name xxxxxx inet 'xxx.xxx.10.3'
set system static-host-mapping host-name xxxxxx inet 'xxx.xxx.10.4'
set system static-host-mapping host-name xxxxxx inet 'xxx.xxx.10.3'
set system static-host-mapping host-name xxxxxx inet 'xxx.xxx.10.4'
set system static-host-mapping host-name xxxxxx inet 'xxx.xxx.14.40'
set system static-host-mapping host-name xxxxxx inet 'xxx.xxx.20.21'
set system static-host-mapping host-name xxxxxx inet 'xxx.xxx.12.36'
set system static-host-mapping host-name xxxxxx inet 'xxx.xxx.14.19'
set system static-host-mapping host-name xxxxxx inet 'xxx.xxx.12.12'
set system static-host-mapping host-name xxxxxx inet 'xxx.xxx.10.202'
set system static-host-mapping host-name xxxxxx inet 'xxx.xxx.10.202'
set system static-host-mapping host-name xxxxxx inet 'xxx.xxx.10.201'
set system static-host-mapping host-name xxxxxx inet 'xxx.xxx.10.201'
set system static-host-mapping host-name xxxxxx inet 'xxx.xxx.10.203'
set system static-host-mapping host-name xxxxxx inet 'xxx.xxx.10.203'
set system static-host-mapping host-name xxxxxx inet 'xxx.xxx.12.23'
set system syslog global facility all level 'info'
set system syslog global facility protocols level 'debug'
set system task-scheduler task check-vpn-dspyderinfra1 executable arguments 'xxx.xxx.17.190 Dsypderinfra1 xxx.xxx.69.217'
set system task-scheduler task check-vpn-dspyderinfra1 executable path '/config/scripts/test-connection'
set system task-scheduler task check-vpn-dspyderinfra1 interval '1m'
set system task-scheduler task check-vpn-equinix executable arguments 'xxx.xxx.18.202 IsecEquinix xxx.xxx.81.62'
set system task-scheduler task check-vpn-equinix executable path '/config/scripts/test-connection'
set system task-scheduler task check-vpn-equinix interval '1m'
set system task-scheduler task restart-vpn-service crontab-spec '30 3 * * *'
set system task-scheduler task restart-vpn-service executable path '/config/scripts/restart-vpn'
set vpn ipsec esp-group dspyder-aws-transit-1 compression 'disable'
set vpn ipsec esp-group dspyder-aws-transit-1 lifetime '3600'
set vpn ipsec esp-group dspyder-aws-transit-1 mode 'tunnel'
set vpn ipsec esp-group dspyder-aws-transit-1 pfs 'enable'
set vpn ipsec esp-group dspyder-aws-transit-1 proposal 1 encryption 'aes128'
set vpn ipsec esp-group dspyder-aws-transit-1 proposal 1 hash 'sha1'
set vpn ipsec esp-group dspyder-aws-transit-2 compression 'disable'
set vpn ipsec esp-group dspyder-aws-transit-2 lifetime '3600'
set vpn ipsec esp-group dspyder-aws-transit-2 mode 'tunnel'
set vpn ipsec esp-group dspyder-aws-transit-2 pfs 'enable'
set vpn ipsec esp-group dspyder-aws-transit-2 proposal 1 encryption 'aes128'
set vpn ipsec esp-group dspyder-aws-transit-2 proposal 1 hash 'sha1'
set vpn ipsec esp-group esp-vyos1 compression 'disable'
set vpn ipsec esp-group esp-vyos1 lifetime '3600'
set vpn ipsec esp-group esp-vyos1 mode 'tunnel'
set vpn ipsec esp-group esp-vyos1 pfs 'dh-group19'
set vpn ipsec esp-group esp-vyos1 proposal 10 encryption 'aes256gcm96'
set vpn ipsec esp-group esp-vyos1 proposal 10 hash 'sha256'
set vpn ipsec esp-group esp-eq-to-dspy compression 'disable'
set vpn ipsec esp-group esp-eq-to-dspy lifetime '28800'
set vpn ipsec esp-group esp-eq-to-dspy mode 'tunnel'
set vpn ipsec esp-group esp-eq-to-dspy pfs 'dh-group19'
set vpn ipsec esp-group esp-eq-to-dspy proposal 1 encryption 'aes256'
set vpn ipsec esp-group esp-eq-to-dspy proposal 1 hash 'sha256'
set vpn ipsec ike-group dspyder-aws-transit-1 dead-peer-detection action 'restart'
set vpn ipsec ike-group dspyder-aws-transit-1 dead-peer-detection interval '15'
set vpn ipsec ike-group dspyder-aws-transit-1 dead-peer-detection timeout '30'
set vpn ipsec ike-group dspyder-aws-transit-1 lifetime '28800'
set vpn ipsec ike-group dspyder-aws-transit-1 proposal 1 dh-group '2'
set vpn ipsec ike-group dspyder-aws-transit-1 proposal 1 encryption 'aes128'
set vpn ipsec ike-group dspyder-aws-transit-1 proposal 1 hash 'sha1'
set vpn ipsec ike-group dspyder-aws-transit-2 dead-peer-detection action 'restart'
set vpn ipsec ike-group dspyder-aws-transit-2 dead-peer-detection interval '15'
set vpn ipsec ike-group dspyder-aws-transit-2 dead-peer-detection timeout '30'
set vpn ipsec ike-group dspyder-aws-transit-2 lifetime '28800'
set vpn ipsec ike-group dspyder-aws-transit-2 proposal 1 dh-group '2'
set vpn ipsec ike-group dspyder-aws-transit-2 proposal 1 encryption 'aes128'
set vpn ipsec ike-group dspyder-aws-transit-2 proposal 1 hash 'sha1'
set vpn ipsec ike-group ike-vyos1 dead-peer-detection action 'restart'
set vpn ipsec ike-group ike-vyos1 dead-peer-detection interval '30'
set vpn ipsec ike-group ike-vyos1 dead-peer-detection timeout '120'
set vpn ipsec ike-group ike-vyos1 ikev2-reauth 'no'
set vpn ipsec ike-group ike-vyos1 key-exchange 'ikev2'
set vpn ipsec ike-group ike-vyos1 lifetime '10800'
set vpn ipsec ike-group ike-vyos1 mobike 'disable'
set vpn ipsec ike-group ike-vyos1 proposal 10 dh-group '19'
set vpn ipsec ike-group ike-vyos1 proposal 10 encryption 'aes256gcm96'
set vpn ipsec ike-group ike-vyos1 proposal 10 hash 'sha256'
set vpn ipsec ike-group ike-eq-to-dspy dead-peer-detection action 'restart'
set vpn ipsec ike-group ike-eq-to-dspy dead-peer-detection interval '30'
set vpn ipsec ike-group ike-eq-to-dspy dead-peer-detection timeout '120'
set vpn ipsec ike-group ike-eq-to-dspy ikev2-reauth 'no'
set vpn ipsec ike-group ike-eq-to-dspy key-exchange 'ikev2'
set vpn ipsec ike-group ike-eq-to-dspy lifetime '3600'
set vpn ipsec ike-group ike-eq-to-dspy mobike 'disable'
set vpn ipsec ike-group ike-eq-to-dspy proposal 1 dh-group '19'
set vpn ipsec ike-group ike-eq-to-dspy proposal 1 encryption 'aes256'
set vpn ipsec ike-group ike-eq-to-dspy proposal 1 hash 'sha256'
set vpn ipsec interface 'eth0'
set vpn ipsec site-to-site peer xxxxx.tld authentication mode 'pre-shared-secret'
set vpn ipsec site-to-site peer xxxxx.tld authentication pre-shared-secret xxxxxx
set vpn ipsec site-to-site peer xxxxx.tld description 'dspyder AWS transit VPC tunnel 1'
set vpn ipsec site-to-site peer xxxxx.tld ike-group 'dspyder-aws-transit-1'
set vpn ipsec site-to-site peer xxxxx.tld local-address 'xxx.xxx.69.216'
set vpn ipsec site-to-site peer xxxxx.tld vti bind 'vti02'
set vpn ipsec site-to-site peer xxxxx.tld vti esp-group 'dspyder-aws-transit-1'
set vpn ipsec site-to-site peer xxxxx.tld authentication mode 'pre-shared-secret'
set vpn ipsec site-to-site peer xxxxx.tld authentication pre-shared-secret xxxxxx
set vpn ipsec site-to-site peer xxxxx.tld description 'dspyder AWS transit VPC tunnel 2'
set vpn ipsec site-to-site peer xxxxx.tld ike-group 'dspyder-aws-transit-2'
set vpn ipsec site-to-site peer xxxxx.tld local-address 'xxx.xxx.69.216'
set vpn ipsec site-to-site peer xxxxx.tld vti bind 'vti03'
set vpn ipsec site-to-site peer xxxxx.tld vti esp-group 'dspyder-aws-transit-2'
set vpn ipsec site-to-site peer xxxxx.tld authentication id 'xxx.xxx.69.216'
set vpn ipsec site-to-site peer xxxxx.tld authentication mode 'pre-shared-secret'
set vpn ipsec site-to-site peer xxxxx.tld authentication pre-shared-secret xxxxxx
set vpn ipsec site-to-site peer xxxxx.tld authentication remote-id 'xxx.xxx.69.217'
set vpn ipsec site-to-site peer xxxxx.tld connection-type 'initiate'
set vpn ipsec site-to-site peer xxxxx.tld default-esp-group 'esp-vyos1'
set vpn ipsec site-to-site peer xxxxx.tld ike-group 'ike-vyos1'
set vpn ipsec site-to-site peer xxxxx.tld ikev2-reauth 'inherit'
set vpn ipsec site-to-site peer xxxxx.tld local-address 'xxx.xxx.69.216'
set vpn ipsec site-to-site peer xxxxx.tld vti bind 'vti0'
set vpn ipsec site-to-site peer xxxxx.tld vti esp-group 'esp-vyos1'
set vpn ipsec site-to-site peer xxxxx.tld authentication mode 'pre-shared-secret'
set vpn ipsec site-to-site peer xxxxx.tld authentication pre-shared-secret xxxxxx
set vpn ipsec site-to-site peer xxxxx.tld connection-type 'initiate'
set vpn ipsec site-to-site peer xxxxx.tld default-esp-group 'esp-eq-to-dspy'
set vpn ipsec site-to-site peer xxxxx.tld ike-group 'ike-eq-to-dspy'
set vpn ipsec site-to-site peer xxxxx.tld ikev2-reauth 'no'
set vpn ipsec site-to-site peer xxxxx.tld local-address 'xxx.xxx.69.216'
set vpn ipsec site-to-site peer xxxxx.tld vti bind 'vti01'
set vpn ipsec site-to-site peer xxxxx.tld vti esp-group 'esp-eq-to-dspy'