0
The tutorial discusses configuration of site-to-site VPN on VyOS using preshared-key. Static key configuration offers the simplest setup, and is ideal for point-to-point VPNs or proof-of-concept testing. The advantages of using static key are simple setup and no X509 PKI (Public Key Infrastructure) to maintain. The disadvantages are limited scalability - one client, one server setup and the lack of perfect forward secrecy - key compromise results in a total disclosure of previous sessions. Also, a secret key must exist in plain-text form on each VPN peer and it must be exchanged using a pre-existing secure channel.
Our lab consists of two remote sites (Picture 1). The router running network OS - VyOS is presented on each side, connecting computers PC and PC2 to to a particular LAN network. The both VyOS routers are configured forOpenVPN site-to-site mode and the routers also perform NAT (PAT) and firewall services.
Picture 1 - Network Topology
1. VyOS Site1 Configuration
1.1 Hostname, IP addresses, SSH
vyos@vyos:~$ configure
vyos@vyos# set system host-name Site1
yos@vyos# commit
vyos@vyos# save
vyos@Site1# set interfaces ethernet eth1 address 10.0.0.254/24
vyos@Site1# set interfaces ethernet eth0 address 11.0.2.1/24
vyos@Site1# set service ssh
vyos@Site1# commit
Continue reading
