====== Vyatta Openvpn ======
|Name|eth0|eth1|vtun0|
|vyatta-A|10.10.10.246/24|192.168.10.246/24|172.16.100.246|
|vyatta-B|10.10.20.75/24|192.168.20.75/24|172.16.100.75|
+----------+ +----------+ +----------+
| | | | | |
eth1| |eth0 | | eth0| |eth1
-----+ vyatta-A +------------- INTERNET ------------+ Natruote +---------+ vyatta-B +-----
| | | | | |
| | | | | |
+----+-----+ +----+-----+ +----+-----+
====== インターフェース設定 ======
===== vyatta-A =====
set system hostname router-A
set interfaces ethernet eth0 address 10.10.10.246/24
set interfaces ethernet eth1 address 192.168.10.246/24
set service nat rule 10 outbound-interface eth0
set service nat rule 10 source address 192.168.10.246/24
set service nat rule 10 type masquerade
===== vyatta-B =====
set system hostname router-B
set interfaces ethernet eth0 address 10.10.20.75/24
set interfaces ethernet eth1 address 192.168.20.75/24
set service nat rule 10 outbound-interface eth0
set service nat rule 10 source address 192.168.20.75/24
set service nat rule 10 type masquerade
====== Generating Pre-Shared Key ======
vyatta-A, vyatta-B ともに同じキーをコピーしておく。
$ generate openvpn key /config/auth/key.psk
====== openvpn設定 ======
===== vyatta-A =====
set interfaces openvpn vtun0
set interfaces openvpn vtun0 mode site-to-site
set interfaces openvpn vtun0 local-address 172.16.100.246
set interfaces openvpn vtun0 remote-address 172.16.100.75
set interfaces openvpn vtun0 shared-secret-key-file /config/auth/key.psk
===== vyatta-B =====
set interfaces openvpn vtun0
set interfaces openvpn vtun0 mode site-to-site
set interfaces openvpn vtun0 local-address 172.16.100.75
set interfaces openvpn vtun0 remote-address 172.16.100.246
set interfaces openvpn vtun0 remote-host 10.10.10.246
set interfaces openvpn vtun0 shared-secret-key-file /config/auth/key.psk
====== static route ======
===== vyatta-A =====
set protocols static route 192.168.20.0/24 next-hop 172.16.100.75
===== vyatta-B =====
set protocols static route 192.168.10.0/24 next-hop 172.16.100.246