fl8 Wiki

この文書は読取専用です。文書のソースを閲覧することは可能ですが、変更はできません。もし変更したい場合は管理者に連絡してください。
====== Vyatta Openvpn ======

|Name|eth0|eth1|vtun0|
|vyatta-A|10.10.10.246/24|192.168.10.246/24|172.16.100.246|
|vyatta-B|10.10.20.75/24|192.168.20.75/24|172.16.100.75|

<code>
     +----------+                                    +----------+         +----------+
     |          |                                    |          |         |          |
 eth1|          |eth0                                |          |     eth0|          |eth1
-----+ vyatta-A +-------------  INTERNET ------------+ Natruote +---------+ vyatta-B +-----
     |          |                                    |          |         |          |
     |          |                                    |          |         |          |
     +----+-----+                                    +----+-----+         +----+-----+
</code>

====== インターフェース設定 ======
===== vyatta-A =====
<code>
set system hostname router-A
set interfaces ethernet eth0 address 10.10.10.246/24
set interfaces ethernet eth1 address 192.168.10.246/24
set service nat rule 10 outbound-interface eth0
set service nat rule 10 source address 192.168.10.246/24
set service nat rule 10 type masquerade
</code>


===== vyatta-B =====
<code>
set system hostname router-B
set interfaces ethernet eth0 address 10.10.20.75/24
set interfaces ethernet eth1 address 192.168.20.75/24
set service nat rule 10 outbound-interface eth0
set service nat rule 10 source address 192.168.20.75/24
set service nat rule 10 type masquerade
</code>

====== Generating Pre-Shared Key ======
vyatta-A, vyatta-B ともに同じキーをコピーしておく。
<code>
$ generate openvpn key /config/auth/key.psk
</code>


====== openvpn設定 ======
===== vyatta-A =====
<code>
set interfaces openvpn vtun0
set interfaces openvpn vtun0 mode site-to-site
set interfaces openvpn vtun0 local-address 172.16.100.246
set interfaces openvpn vtun0 remote-address 172.16.100.75
set interfaces openvpn vtun0 shared-secret-key-file /config/auth/key.psk
</code>

===== vyatta-B =====
<code>
set interfaces openvpn vtun0
set interfaces openvpn vtun0 mode site-to-site
set interfaces openvpn vtun0 local-address 172.16.100.75
set interfaces openvpn vtun0 remote-address 172.16.100.246
set interfaces openvpn vtun0 remote-host 10.10.10.246
set interfaces openvpn vtun0 shared-secret-key-file /config/auth/key.psk
</code>


====== static route ======
===== vyatta-A =====
  set protocols static route 192.168.20.0/24 next-hop 172.16.100.75

===== vyatta-B =====
  set protocols static route 192.168.10.0/24 next-hop 172.16.100.246
fl8 Wiki

ユーザ用ツール

サイト用ツール

ページ用ツール
