L2TP/IPSEC PSK Vyatta

  Firewall

Configuracion de Vyatta para uso de vpn L2TP/IPSEC PSK, el escenario donde configuraremos nuestra vpn es el siguiente:

 

 

CLIENTE REMOTO ————–NUBE ————— FIREWALL -> LAN DE USUARIOS

IP DINAMICA                                                               10.10.10.86           192.168.5.0/24

 

 

set interfaces ethernet eth0 address ‘dhcp’
set interfaces ethernet eth0 description ‘WAN’
set interfaces ethernet eth0 duplex ‘auto’
set interfaces ethernet eth0 hw-id ’00:50:56:ad:fe:de’
set interfaces ethernet eth0 smp_affinity ‘auto’
set interfaces ethernet eth0 speed ‘auto’
set interfaces ethernet eth1 address ‘192.168.5.1/24’
set interfaces ethernet eth1 description ‘LAN’
set interfaces ethernet eth1 duplex ‘auto’
set interfaces ethernet eth1 hw-id ’00:50:56:ad:6b:f2′
set interfaces ethernet eth1 smp_affinity ‘auto’
set interfaces ethernet eth1 speed ‘auto’
set interfaces loopback ‘lo’
set nat ‘source’
set service dhcp-server disabled ‘false’
set service dhcp-server shared-network-name LAN-POOL authoritative ‘disable’
set service dhcp-server shared-network-name LAN-POOL subnet 192.168.5.0/24 default-router ‘192.168.5.1’
set service dhcp-server shared-network-name LAN-POOL subnet 192.168.5.0/24 dns-server ‘8.8.8.8’
set service dhcp-server shared-network-name LAN-POOL subnet 192.168.5.0/24 lease ‘86400’
set service dhcp-server shared-network-name LAN-POOL subnet 192.168.5.0/24 start 192.168.5.10 stop ‘192.168.5.20’
set service ssh port ’22’
set system config-management commit-revisions ’20’
set system console device ttyS0 speed ‘9600’
set system gateway-address ‘10.10.10.1’
set system host-name ‘vyatta’
set system login banner pre-login ‘PROHIBIDO ACCESO NO AUTORIZADO’
set system login user vyatta authentication encrypted-password ‘$1$8lcjojQQ$SdNLzFWHjfz.sYNiij4ws/’
set system login user vyatta level ‘admin’
set system ntp server ‘hora.rediris.es’
set system package auto-sync ‘1’
set system package repository community components ‘main’
set system package repository community distribution ‘stable’
set system package repository community password »
set system package repository community url ‘http://packages.vyatta.com/vyatta’
set system package repository community username »
set system syslog global facility all level ‘notice’
set system syslog global facility protocols level ‘debug’
set system time-zone ‘Europe/Madrid’
set vpn ipsec ipsec-interfaces interface ‘eth0’
set vpn ipsec nat-networks allowed-network ‘192.168.5.0/24’
set vpn ipsec nat-traversal ‘enable’
set vpn l2tp remote-access authentication local-users username vruiz password ‘rastatu’
set vpn l2tp remote-access authentication mode ‘local’
set vpn l2tp remote-access client-ip-pool start ‘10.10.4.10’
set vpn l2tp remote-access client-ip-pool stop ‘10.10.4.13’
set vpn l2tp remote-access ipsec-settings authentication mode ‘pre-shared-secret’
set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret ‘p@ssword01’
set vpn l2tp remote-access ipsec-settings ike-lifetime ‘3600’
set vpn l2tp remote-access outside-address ‘10.10.10.86’
set vpn l2tp remote-access outside-nexthop ‘10.10.10.1’