EdgeRouterPro-8 config example with v1.9.0
After a lot of searching and trying I [Phil/ALS7] finnaly got a working config
##Features
- IPv4/IPv6 Tunnel via OpenVPN
- dn42 DNS
##How-To
–> still work in Progress
1) you need to create all required fields in the registry –> look at howto/Getting startet page
The data i used are the following:
Own ASN: AS111111
Own IPv4: 172.AA.AA.64/27
Own IPv6: fdBB:BBBB:CCCC::/48
Peer Remote Address: X.X.X.X
Peer Remote Host: X.X.X.Y
Peer Port: 1194
Peer ASN: AS222222
Peer BGP Neighbour IPv4: Z.Z.Z.Z
2) get a peer –> ask nice @irc
3) You need following data from the peer
–tunnel options, secret key –ASN from the peer –ip's
…
###Create IPv4 OpenVPM Interface
start a ssh session to your router
copy vpn key to /config/auth/giveITaName – Create folder if needed
configure
set interface openssh vtun0
set interfaces openvpn vtun0 mode site-to-site
set interfaces openvpn vtun0 local-port 1194
set interfaces openvpn vtun0 remote-port 1194
set interfaces openvpn vtun0 local-address 172.AA.AA.64
set interfaces openvpn vtun0 remote-address X.X.X.X
set interfaces openvpn vtun0 remote-host X.X.X.Y
set interfaces openvpn vtun0 shared-secret-key-file /config/auth/giveITaName
set interfaces openvpn vtun0 openvpn-option "–comp-lzo" //if your peer support compression
commit
save
exit
Now the ipv4 tunnel should be up&running
Check it with:
show interfaces openvpn
show interfaces openvpn detail
show openvpn status site-to-site
Create IPv4 BGP Session
Configure the BGP Neighbor
- You must not use AS before the as numbers !!
configure
set protocols bgp 111111 neighbor Z.Z.Z.Z remote-as 222222
set protocols bgp 111111 neighbor Z.Z.Z.Z soft-reconfiguration inbound
set protocols bgp 111111 neighbor update-source 172.AA.AA.64
commit
save
When commit this configuration you should be able to see a BGP neighbor session start and come up. You can check this with:
show ip bgp summary
Set route to blackhole
*so bgp can announce the route
set protocols static route 172.AA.AA.64/27 blackhole
commit