1250a4e64087d8b06749af025146df87f44d7c91
howto/Edgeos-Config-Example-number-2.md
| ... | ... | @@ -42,28 +42,28 @@ start a ssh session to your router |
| 42 | 42 | |
| 43 | 43 | copy vpn key to /config/auth/giveITaName -- Create folder if needed |
| 44 | 44 | |
| 45 | -configure |
|
| 46 | -set interface openssh vtun0 |
|
| 47 | -set interfaces openvpn vtun0 mode site-to-site |
|
| 48 | -set interfaces openvpn vtun0 local-port 1194 |
|
| 49 | -set interfaces openvpn vtun0 remote-port 1194 |
|
| 50 | -set interfaces openvpn vtun0 local-address 172.AA.AA.64 |
|
| 51 | -set interfaces openvpn vtun0 remote-address X.X.X.X |
|
| 52 | -set interfaces openvpn vtun0 remote-host X.X.X.Y |
|
| 53 | -set interfaces openvpn vtun0 shared-secret-key-file /config/auth/giveITaName |
|
| 54 | - |
|
| 55 | -set interfaces openvpn vtun0 openvpn-option "--comp-lzo" //if your peer support compression |
|
| 56 | -commit |
|
| 57 | -save |
|
| 58 | -exit |
|
| 45 | + configure |
|
| 46 | + set interface openssh vtun0 |
|
| 47 | + set interfaces openvpn vtun0 mode site-to-site |
|
| 48 | + set interfaces openvpn vtun0 local-port 1194 |
|
| 49 | + set interfaces openvpn vtun0 remote-port 1194 |
|
| 50 | + set interfaces openvpn vtun0 local-address 172.AA.AA.64 |
|
| 51 | + set interfaces openvpn vtun0 remote-address X.X.X.X |
|
| 52 | + set interfaces openvpn vtun0 remote-host X.X.X.Y |
|
| 53 | + set interfaces openvpn vtun0 shared-secret-key-file /config/auth/giveITaName |
|
| 54 | + |
|
| 55 | + set interfaces openvpn vtun0 openvpn-option "--comp-lzo" //if your peer support compression |
|
| 56 | + commit |
|
| 57 | + save |
|
| 58 | + exit |
|
| 59 | 59 | |
| 60 | 60 | Now the ipv4 tunnel should be up&running |
| 61 | 61 | |
| 62 | 62 | Check it with: |
| 63 | 63 | |
| 64 | -show interfaces openvpn |
|
| 65 | -show interfaces openvpn detail |
|
| 66 | -show openvpn status site-to-site |
|
| 64 | + show interfaces openvpn |
|
| 65 | + show interfaces openvpn detail |
|
| 66 | + show openvpn status site-to-site |
|
| 67 | 67 | |
| 68 | 68 | ### Create IPv4 BGP Session |
| 69 | 69 | |
| ... | ... | @@ -76,30 +76,35 @@ show openvpn status site-to-site |
| 76 | 76 | * You must not use AS before the as numbers !! |
| 77 | 77 | |
| 78 | 78 | |
| 79 | -configure |
|
| 80 | -set protocols bgp 111111 neighbor Z.Z.Z.Z remote-as 222222 |
|
| 81 | -set protocols bgp 111111 neighbor Z.Z.Z.Z soft-reconfiguration inbound |
|
| 82 | -set protocols bgp 111111 neighbor update-source 172.AA.AA.64 |
|
| 83 | -commit |
|
| 84 | -save |
|
| 79 | + configure |
|
| 80 | + set protocols bgp 111111 neighbor Z.Z.Z.Z remote-as 222222 |
|
| 81 | + set protocols bgp 111111 neighbor Z.Z.Z.Z soft-reconfiguration inbound |
|
| 82 | + set protocols bgp 111111 neighbor update-source 172.AA.AA.64 |
|
| 83 | + commit |
|
| 84 | + save |
|
| 85 | 85 | |
| 86 | 86 | When commit this configuration you should be able to see a BGP neighbor session start and come up. You can check this with: |
| 87 | 87 | |
| 88 | -show ip bgp summary |
|
| 88 | + show ip bgp summary |
|
| 89 | 89 | |
| 90 | -### Set route to blackhole |
|
| 90 | +#### Set route to blackhole |
|
| 91 | 91 | |
| 92 | 92 | * so bgp can announce the route |
| 93 | 93 | |
| 94 | -set protocols static route 172.AA.AA.64/27 blackhole |
|
| 95 | -commit |
|
| 96 | -save |
|
| 94 | + set protocols static route 172.AA.AA.64/27 blackhole |
|
| 95 | + commit |
|
| 96 | + save |
|
| 97 | 97 | |
| 98 | -### Announce prefix to BGP |
|
| 98 | +#### Announce prefix to BGP |
|
| 99 | 99 | |
| 100 | -set protocols bgp 111111 network 172.A.A.64/27 |
|
| 101 | -commit |
|
| 100 | + set protocols bgp 111111 network 172.A.A.64/27 |
|
| 101 | + commit |
|
| 102 | + save |
|
| 103 | + exit |
|
| 102 | 104 | |
| 105 | +You should now be able to see networks being advertised via |
|
| 106 | + |
|
| 107 | + show ip bgp neighbors Z.Z.Z.Z advertised-routes |
|
| 103 | 108 | |
| 104 | 109 | |
| 105 | 110 |