Your SlideShare is downloading. ×
04 Feb, 2014

SAKURA Internet Research Center
Senior Researcher / Naoto MATSUMOTO
Configure IPv4/v6 Outer Tunnel
$ show version
Version:
VC6.6R1 (VyattaCore 6.6R1)
VR-1

IPv4 over IPv6 Tunnel

192.168.168...
Configure Inner IKE/ESP

VR-2

set vpn ipsec esp-group ESP lifetime 1800
set vpn ipsec esp-group ESP mode tunnel
set vpn i...
Configure Inner IPSec Tunnel

10.99.99.1/24 vti0
192.168.168.1/24 tun0

192.168.168.2/24 tun0
10.99.99.2/24 vti0

IPv4 ove...
Configure Inner BGP Networking

10.10.10.1/24 eth1
10.99.99.1/24 vti0

10.10.10.0/24

set interfaces ethernet eth1 address...
Configure Inner TCP-MSS

10.10.10.1/24 eth1

10.10.10.0/24

IPv4 over IPv6 Tunnel

IPv4 with IPSec Tunnel

VR-1

VR-2

10....
Debug Tunnels

eth0 (Outer)

vti0 (Inner)
Thanks for your interest.

SAKURA Internet Research Center.
Upcoming SlideShare
Loading in...5
×

IPv4 over IPv6 Tunneling with IPSec [DRAFT]

1,059

Published on

IPv4 over IPv6 Tunneling with IPSec [DRAFT]

04 Feb, 2014
SAKURA Internet Research Center
Senior Researcher / Naoto MATSUMOTO

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,059
On Slideshare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
0
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Transcript of "IPv4 over IPv6 Tunneling with IPSec [DRAFT]"

  1. 1. 04 Feb, 2014 SAKURA Internet Research Center Senior Researcher / Naoto MATSUMOTO
  2. 2. Configure IPv4/v6 Outer Tunnel $ show version Version: VC6.6R1 (VyattaCore 6.6R1) VR-1 IPv4 over IPv6 Tunnel 192.168.168.1/24 tun0 2001:db8::1/64 eth0 set system host-name VR-1 set interfaces ethernet eth0 address 2001:db8::1/64 set interfaces tunnel tun0 address 192.168.168.1/30 set interfaces tunnel tun0 encapsulation ipip6 set interfaces tunnel tun0 local-ip 2001:db8::1 set interfaces tunnel tun0 remote-ip 2001:db8::2 $ show version Version: VC6.6R1 (VyattaCore 6.6R1) 2001:db8::2/64 eth0 192.168.168.2/24 tun0 VR-2 set system host-name VR-2 set interfaces ethernet eth0 address 2001:db8::2/64 set interfaces tunnel tun0 address 192.168.168.2/30 set interfaces tunnel tun0 encapsulation ipip6 set interfaces tunnel tun0 local-ip 2001:db8::2 set interfaces tunnel tun0 remote-ip 2001:db8::1
  3. 3. Configure Inner IKE/ESP VR-2 set vpn ipsec esp-group ESP lifetime 1800 set vpn ipsec esp-group ESP mode tunnel set vpn ipsec esp-group ESP proposal 1 encryption aes256 set vpn ipsec esp-group ESP proposal 1 hash sha1 set vpn ipsec ike-group IKE lifetime 3600 set vpn ipsec ike-group IKE proposal 1 encryption aes256 set vpn ipsec ike-group IKE proposal 1 hash sha1 set vpn ipsec ipsec-interfaces interface eth0 IPv4 over IPv6 Tunnel VR-1 set vpn ipsec esp-group ESP lifetime 1800 set vpn ipsec esp-group ESP mode tunnel set vpn ipsec esp-group ESP proposal 1 encryption aes256 set vpn ipsec esp-group ESP proposal 1 hash sha1 set vpn ipsec ike-group IKE lifetime 3600 set vpn ipsec ike-group IKE proposal 1 encryption aes256 set vpn ipsec ike-group IKE proposal 1 hash sha1 set vpn ipsec ipsec-interfaces interface eth0
  4. 4. Configure Inner IPSec Tunnel 10.99.99.1/24 vti0 192.168.168.1/24 tun0 192.168.168.2/24 tun0 10.99.99.2/24 vti0 IPv4 over IPv6 Tunnel IPv4 with IPSec Tunnel VR-1 VR-2 set interfaces vti vti0 address 10.99.99.1/24 edit vpn ipsec site-to-site peer 192.168.168.2 set authentication mode pre-shared-secret set authentication pre-shared-secret SeCrEt set ike-group IKE set local-address 192.168.168.1 set vti bind vti0 set vti esp-group ESP exit set interfaces vti vti0 address 10.99.99.2/24 edit vpn ipsec site-to-site peer 192.168.168.1 set authentication mode pre-shared-secret set authentication pre-shared-secret SeCrEt set ike-group IKE set local-address 192.168.168.2 set vti bind vti0 set vti esp-group ESP exit
  5. 5. Configure Inner BGP Networking 10.10.10.1/24 eth1 10.99.99.1/24 vti0 10.10.10.0/24 set interfaces ethernet eth1 address 10.10.10.1/24 10.99.99.2/24 vti0 10.20.20.2/24 eth1 set interfaces ethernet eth1 address 10.20.20.2/24 IPv4 over IPv6 Tunnel set protocols bgp 65001 neighbor 10.99.99.2 remote-as 65002 set protocols bgp 65001 network 10.10.10.0/24 VR-2 IPv4 with IPSec Tunnel VR-1 10.20.20.0/24 set protocols bgp 65002 neighbor 10.99.99.1 remote-as 65001 set protocols bgp 65002 network 10.20.20.0/24
  6. 6. Configure Inner TCP-MSS 10.10.10.1/24 eth1 10.10.10.0/24 IPv4 over IPv6 Tunnel IPv4 with IPSec Tunnel VR-1 VR-2 10.20.20.2/24 eth1 10.20.20.0/24 edit policy route TCP-MSS1390-ETH1 set rule 1 destination address 10.20.20.0/24 set rule 1 source address 10.10.10.0/24 set rule 1 protocol tcp set rule 1 set tcp-mss 1390 set rule 1 tcp flags SYN exit set interfaces ethernet eth1 policy route TCP-MSS1390-ETH1 commit save exit reboot edit policy route TCP-MSS1390-ETH1 set rule 1 destination address 10.10.10.0/24 set rule 1 source address 10.20.20.0/24 set rule 1 protocol tcp set rule 1 set tcp-mss 1390 set rule 1 tcp flags SYN exit set interfaces ethernet eth1 policy route TCP-MSS1390-ETH1 commit save exit reboot
  7. 7. Debug Tunnels eth0 (Outer) vti0 (Inner)
  8. 8. Thanks for your interest. SAKURA Internet Research Center.

×