\u3068\u3044\u3046\u3053\u3068\u3067\uff0cCisco\uff5eVyOS\u9593\u3067\u3082\u8a66\u3057\u305f\u3002<\/p>\n
\u691c\u8a3c\u3057\u305f\u7d50\u679c\u308f\u304b\u3063\u305f\u3053\u3068\u306f\u4ee5\u4e0b\u306e\u901a\u308a\u3002<\/p>\n
\u30fbVyOS1.1.x\u53f0\u3067\u306fVTI+IKEv2\u3067\u306fVPN\u306f\u5f35\u308c\u306a\u3044\u3002 VyOS\u306eBeta\u7248\u306f\u3053\u3061\u3089\u304b\u3089\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3059\u308b\u3002 \u3053\u308c\u3067\u30aa\u30c3\u30b1\u30fc\u3002 \u3053\u308c\u3067\u30c8\u30f3\u30cd\u30eb\u9593\u306e\u758e\u901a\u304c\u53d6\u308c\u305f\u3002<\/p>\n vyos@VPN1:~$ ping 10.10.10.2 interface vti1 PING 10.10.10.2 (10.10.10.2) from 10.10.10.1 vti1: 56(84) bytes of data. 64 bytes from 10.10.10.2: icmp_seq=1 ttl=255 time=6.92 ms 64 bytes from 10.10.10.2: icmp_seq=2 ttl=255 time=6.86 ms <\/span><\/p>\n \u3061\u306a\u307f\u306bVyOS1.1.8\uff08\u4ee5\u524d\uff09\u306e\u5834\u5408\uff0cshow crypto session \u3084 show vpn ipsec sa \u3067\u30b9\u30c6\u30fc\u30bf\u30b9\u304c\u30a2\u30c3\u30d7\u306b\u306a\u308b\u304c\uff0c\u758e\u901a\u304c\u53d6\u308c\u306a\u3044\u3002VyOS\u5074\u3067\u78ba\u8a8d\u3059\u308b\u3068\u30c8\u30f3\u30cd\u30eb\u30a4\u30f3\u30bf\u30d5\u30a7\u30fc\u30b9\u304cAdmin Down\u72b6\u614b\u3068\u306a\u3063\u3066\u3057\u307e\u3046\u3002\uff08\u539f\u56e0\u4e0d\u660e\uff09<\/p>\n VyOS1.1.x\u7cfb\u306fIKEv2\u306b\u5bfe\u3057\u3066\u306flimited support\u3068\u3044\u3046\u3053\u3068\u3067\uff0c\u4eca\u56de\u306f\u73fe\u6642\u70b9\u3067\u6700\u65b0\u306e\u30d9\u30fc\u30bf\u30d0\u30fc\u30b8\u30e7\u30f3\u3092\u5229\u7528\u3057\u305f\u3002<\/p>\n","protected":false},"excerpt":{"rendered":" \u3068\u3044\u3046\u3053\u3068\u3067\uff0cCisco\uff5eVyOS\u9593\u3067\u3082\u8a66\u3057\u305f\u3002 \u691c\u8a3c\u3057\u305f\u7d50\u679c\u308f\u304b\u3063\u305f\u3053\u3068\u306f\u4ee5\u4e0b\u306e\u901a\u308a\u3002 \u30fbVyOS1.1.x\u53f0\u3067\u306fVTI+IKEv2\u3067\u306fVPN\u306f\u5f35\u308c\u306a\u3044\u3002 \u3044\u3084, \u5f35\u308c\u308b\u3093\u3060\u3051\u3069(Phase2\u307e\u2026 \u7d9a\u304d\u3092\u8aad\u3080 »<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[54,11,42,41,8],"tags":[],"class_list":["post-524","post","type-post","status-publish","format-standard","hentry","category-aws","category-cisco","category-nat","category-vyos","category-8"],"_links":{"self":[{"href":"https:\/\/wp.zassoul.com\/index.php?rest_route=\/wp\/v2\/posts\/524","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wp.zassoul.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wp.zassoul.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wp.zassoul.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/wp.zassoul.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=524"}],"version-history":[{"count":0,"href":"https:\/\/wp.zassoul.com\/index.php?rest_route=\/wp\/v2\/posts\/524\/revisions"}],"wp:attachment":[{"href":"https:\/\/wp.zassoul.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=524"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wp.zassoul.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=524"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wp.zassoul.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=524"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\u3044\u3084, \u5f35\u308c\u308b\u3093\u3060\u3051\u3069(Phase2\u307e\u3067\u4e0a\u304c\u308b\u3093\u3060\u3051\u3069) \u758e\u901a\u304c\u53d6\u308c\u306a\u3044\u3002
\u30fbEC2\u306eElastic IP\u3067\uff0c\u672b\u5c3e\u304c0\u3060\u3068\uff08\u30b5\u30d6\u30cd\u30c3\u30c8\u30bc\u30ed\u3060\u3068\uff09Cisco\u5074\u3067\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30a2\u30c9\u30ec\u30b9\u3068\u3057\u3066\u307f\u306a\u3055\u308c\u308b\u3089\u304f\u3057Phase2\u3067\u5931\u6557\u3059\u308b\u3002\uff08\u305f\u3068\u3048 ip subnet-zero \u304c\u5165\u3063\u3066\u3044\u305f\u3068\u3057\u3066\u3082\uff09
<\u8ffd\u8a18>
\u30fb\u6539\u3081\u3066Cisco\uff5eVyOS\u9593\u306e\u30c8\u30e9\u30d5\u30a3\u30c3\u30af\u3092\u78ba\u8a8d\u3057\u305f\u3089, \u6b63\u5e38\u306b\u30c8\u30e9\u30d5\u30a3\u30c3\u30af\u304c\u6d41\u308c\u3066\u3044\u306a\u3044\u3053\u3068\u306b\u6c17\u304c\u3064\u3044\u305f\u3002VyOS\u304b\u3089\u30bd\u30fc\u30b9IF\u3092VTI\u6307\u5b9a\u3057\u3066\u306ePing\u3067\u306a\u3044\u3068\u30c8\u30e9\u30d5\u30a3\u30c3\u30af\u304c\u30c8\u30f3\u30cd\u30eb\u3092\u901a\u3089\u306a\u3044\u3002Beta\u7248\u306e\u30d0\u30b0\u306a\u306e\u304b\u306a\u3002<\/span>
\u306a\u306e\u3067, \u73fe\u6642\u70b9\u3067\u306fVPN\u306f\u5f35\u308c\u308b\u304c\u307e\u3068\u3082\u306b\u4f7f\u3048\u306a\u3044\u3068\u3044\u3046\u72b6\u6cc1\u3002\u8981\u8abf\u67fb\u3002<\/span><\/p>\n
https:\/\/downloads.vyos.io\/?dir=rolling\/current\/amd64<\/a>
\u4eca\u56de\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u306fvyos-999.201802070337-amd64.iso
\u53c2\u8003\u307e\u3067\u306b\u30a2\u30c3\u30d7\u30b0\u30ec\u30fc\u30c9\u65b9\u6cd5\u3092\u3002
\u672c\u5bb6\u306b\u3084\u308a\u65b9<\/a>\u3042\u308a\u307e\u3059\u304c\u4e00\u5fdc\u3002<\/p>\n$ conf
# set system name-server 8.8.8.8 (Google\u5148\u751f\u30b9\u30df\u30de\u30bb\u30f3\uff09<\/span>
# commit
# exit
$ sudo su
# wget beta\u7248URL
# exit
$ add system image file
$ show system image
The system currently has the following image(s) installed:
1: 999.201802070337- (default boot)
2: 1.1.8 (running image)
$ reboot
<\/pre>\n
\u306a\u304a\uff0c\u8a2d\u5b9a\u306fVTI\u306e\u3068\u304d\u3068\u307b\u307c\u540c\u3058\u3067\u81f3\u3063\u3066\u30b7\u30f3\u30d7\u30eb\u3002<\/p>\nset interfaces vti vti1 address '10.10.10.1\/30'
\uff5e\u9014\u4e2d\u7701\u7565\uff5e
set vpn ipsec esp-group ESP compression 'disable'
set vpn ipsec esp-group ESP lifetime '3600'
set vpn ipsec esp-group ESP mode 'tunnel'
set vpn ipsec esp-group ESP pfs 'dh-group14'
set vpn ipsec esp-group ESP proposal 1 encryption 'aes256'
set vpn ipsec esp-group ESP proposal 1 hash 'sha256'
set vpn ipsec ike-group IKE ikev2-reauth 'no'
set vpn ipsec ike-group IKE key-exchange 'ikev2'
set vpn ipsec ike-group IKE lifetime '3600'
set vpn ipsec ike-group IKE proposal 1 dh-group '14'
set vpn ipsec ike-group IKE proposal 1 encryption 'aes256'
set vpn ipsec ike-group IKE proposal 1 hash 'sha256'
set vpn ipsec ipsec-interfaces interface 'eth0'
set vpn ipsec site-to-site peer B.B.B.B authentication id '10.200.10.20'
set vpn ipsec site-to-site peer B.B.B.B authentication mode 'pre-shared-secret'
set vpn ipsec site-to-site peer B.B.B.B authentication pre-shared-secret 'password'
set vpn ipsec site-to-site peer B.B.B.B authentication remote-id '192.168.1.2'
set vpn ipsec site-to-site peer B.B.B.B connection-type 'initiate'
set vpn ipsec site-to-site peer B.B.B.B default-esp-group 'ESP'
set vpn ipsec site-to-site peer B.B.B.B ike-group 'IKE'
set vpn ipsec site-to-site peer B.B.B.B ikev2-reauth 'inherit'
set vpn ipsec site-to-site peer B.B.B.B local-address '10.200.10.20'
set vpn ipsec site-to-site peer B.B.B.B vti bind 'vti1'
set vpn ipsec site-to-site peer B.B.B.B vti esp-group 'ESP'
<\/pre>\nvyos@VPN2:~$ sh int vti vti1
vti1@NONE:
link\/ipip 10.200.10.20 peer B.B.B.B
inet 10.10.20.1\/30 scope global vti1
valid_lft forever preferred_lft forever
RX: bytes packets errors dropped overrun mcast
0 0 0 0 0 0
TX: bytes packets errors dropped carrier collisions
0 0 0 0 0 0
<\/pointopoint><\/pre>\n