| Name | eth0 | eth1 | vtun0 |
| vyatta-A | 10.10.10.246/24 | 192.168.10.246/24 | 172.16.100.246 |
| vyatta-B | 10.10.20.75/24 | 192.168.20.75/24 | 172.16.100.75 |
+----------+ +----------+ +----------+
| | | | | |
eth1| |eth0 | | eth0| |eth1
-----+ vyatta-A +------------- INTERNET ------------+ Natruote +---------+ vyatta-B +-----
| | | | | |
| | | | | |
+----+-----+ +----+-----+ +----+-----+
set system hostname router-A set interfaces ethernet eth0 address 10.10.10.246/24 set interfaces ethernet eth1 address 192.168.10.246/24 set service nat rule 10 outbound-interface eth0 set service nat rule 10 source address 192.168.10.246/24 set service nat rule 10 type masquerade
set system hostname router-B set interfaces ethernet eth0 address 10.10.20.75/24 set interfaces ethernet eth1 address 192.168.20.75/24 set service nat rule 10 outbound-interface eth0 set service nat rule 10 source address 192.168.20.75/24 set service nat rule 10 type masquerade
vyatta-A, vyatta-B ともに同じキーをコピーしておく。
$ generate openvpn key /config/auth/key.psk
set interfaces openvpn vtun0 set interfaces openvpn vtun0 mode site-to-site set interfaces openvpn vtun0 local-address 172.16.100.246 set interfaces openvpn vtun0 remote-address 172.16.100.75 set interfaces openvpn vtun0 shared-secret-key-file /config/auth/key.psk
set interfaces openvpn vtun0 set interfaces openvpn vtun0 mode site-to-site set interfaces openvpn vtun0 local-address 172.16.100.75 set interfaces openvpn vtun0 remote-address 172.16.100.246 set interfaces openvpn vtun0 remote-host 10.10.10.246 set interfaces openvpn vtun0 shared-secret-key-file /config/auth/key.psk
set protocols static route 192.168.20.0/24 next-hop 172.16.100.75
set protocols static route 192.168.10.0/24 next-hop 172.16.100.246