Updated Edgeos Config Example number 2 (markdown)

-# EdgeRouterPro-8 config example with v1.9.0

-

-After a lot of searching and trying I [Phil/ALS7] finnaly got a working config

-Also thanx to drathir for his patience and support

-* Basic EdgeOS knowledge is required

-

-1) you need to create all required fields in the registry --> look at howto/Getting startet page

-

-2) get a peer --> ask nice @irc

-

-3) You need following data from the peer

-

---tunnel options, secret key

---ASN from the peer

---ip's

-

-...

-Own ASN: AS111111

-Own IPv4: 172.AA.AA.64/27

-Own IPv6: fdBB:BBBB:CCCC::/48

-Peer OpenVPN Remote Address: X.X.X.X

-Peer OpenVPN Remote Host: X.X.X.Y

-Peer OpenVPN IP for you: fdAA::BBB/64

-Peer OpenVPN IP: fdAA::CC

-Peer OpenVPN Port: 1194

-Peer OpenVPN encryption: aes256

-Peer ASN: AS222222

-Peer BGP Neighbour IPv4: Z.Z.Z.Z

-Peer BGP Neighbour IPv6: fdAA::CC

-### Copy OpenVPN key to the ErPro

-

-copy vpn key to /config/auth/giveITaName

-

- sudo su

- cd /config

- mkdir auth

- cd auth

- cat > giveITaName

-now paste the key in the terminal window, hit return once and kill cat with CTRL+C

-last thing to do is type exit

-### Create IPv4 OpenVPN Interface

-Set up Interface vtunX -- i used vtun0

- configure

- set interface openssh vtun0

- set interfaces openvpn vtun0 mode site-to-site

- set interfaces openvpn vtun0 local-port 1194

- set interfaces openvpn vtun0 remote-port 1194

- set interfaces openvpn vtun0 local-address 172.AA.AA.64

- set interfaces openvpn vtun0 remote-address X.X.X.X

- set interfaces openvpn vtun0 remote-host X.X.X.Y

- set interfaces openvpn vtun0 shared-secret-key-file /config/auth/giveITaName

- set interfaces openvpn vtun0 encryption aes256

- set interfaces openvpn vtun0 openvpn-option "--comp-lzo" //if your peer support compression

-

- commit

- save

- exit

-Check it with:

-

- show interfaces openvpn

- show interfaces openvpn detail

- show openvpn status site-to-site

-

-### Create IPv4 BGP Session

-

-#### Open Firewall

-

-* You need to open the firewall to local for the tunnel Interface on port 179/tcp

-

-#### Configure the BGP Neighbor

-

-* You must not use AS before the as numbers !!

-

-With this step you create the basic bgp session

-

- configure

- set protocols bgp 111111 neighbor Z.Z.Z.Z remote-as 222222

- set protocols bgp 111111 neighbor Z.Z.Z.Z soft-reconfiguration inbound

- set protocols bgp 111111 neighbor update-source 172.AA.AA.64

- commit

- save

-

-When commit this configuration you should be able to see a BGP neighbor session start and come up. You can check this with:

-

- show ip bgp summary

-

-#### Set route to blackhole

-

-so bgp can announce the route

-

- set protocols static route 172.AA.AA.64/27 blackhole

- commit

- save

-

-#### Announce prefix to BGP

-

- set protocols bgp 111111 network 172.A.A.64/27

- commit

- save

- exit

-

-You should now be able to see networks being advertised via

-

- show ip bgp neighbors Z.Z.Z.Z advertised-routes

-

-### Define Nameservers

-

-Now ping to 172.23.0.53 ... thats the nameserver we are using

-If everything is allright it should work

-

-#### NS Config

-Enter the configure mode

- configure

- set service dns forwarding name-server 8.8.8.8

- set service dns forwarding name-server 8.8.4.4

- set service dns forwarding options rebind-domain-ok=/dn42/

- set service dns forwarding options server=/23.172.in-addr.arpa/172.23.0.53

- set service dns forwarding options server=/22.172.in-addr.arpa/172.23.0.53

- set service dns forwarding options server=/dn42/172.23.0.53

- commit

- save

- exit

-Now try to access any .dn42 tld