interfaces { bonding bond0 { description "WAN interface" member { interface eth2 interface eth1 } mode 802.3ad vif 20 { address 192.168.20.1/30 } vif 21 { address 192.168.21.1/30 } } ethernet eth0 { address 10.55.8.131/24 hw-id 00:0c:29:77:b2:d3 } ethernet eth1 { hw-id 00:0c:29:77:b2:dd } ethernet eth2 { hw-id 00:0c:29:77:b2:e7 } ethernet eth3 { address 172.16.10.1/24 description "LAN interface" hw-id 00:0c:29:77:b2:f1 } ethernet eth4 { hw-id 00:0c:29:77:b2:fb } ethernet eth5 { hw-id 00:0c:29:77:b2:05 } ethernet eth6 { hw-id 00:0c:29:77:b2:0f } ethernet eth7 { hw-id 00:0c:29:77:b2:19 } loopback lo { } vti vti10 { address 10.0.0.2/31 } } nat { destination { rule 10 { destination { address 192.168.21.10/24 } inbound-interface vti+ translation { address 172.16.10.10 } } rule 20 { destination { address 192.168.21.11/24 } inbound-interface vti+ translation { address 172.16.10.20 } } } } protocols { static { interface-route 10.0.12.0/24 { next-hop-interface vti10 { } } } } service { ssh { } } system { config-management { commit-revisions 100 } conntrack { modules { ftp h323 nfs pptp sip sqlnet tftp } } console { device ttyS0 { speed 115200 } } host-name R-01 login { user vyos { authentication { encrypted-password $6$AzazUuOLH$C3XO4LEzUjiSa2BSlfu3LY8tsRoR.88Xm7CxKtwyXM4N3u5hV8fpIH0SJq.M4Cab.qeUWaUaiRwU8elCD8H7k/ plaintext-password "" } } } ntp { server time1.vyos.net { } server time2.vyos.net { } server time3.vyos.net { } } sysctl { custom net.ipv4.conf.bond0/20.disable_policy { value 1 } custom net.ipv4.conf.bond0/21.disable_policy { value 1 } } syslog { global { facility all { level info } facility protocols { level debug } } } } vpn { ipsec { esp-group ESP_DEFAULT { compression disable lifetime 3600 mode tunnel pfs dh-group19 proposal 10 { encryption aes256gcm128 hash sha256 } } ike-group IKEv2_DEFAULT { close-action none dead-peer-detection { action hold interval 30 timeout 120 } ikev2-reauth no key-exchange ikev2 lifetime 10800 mobike disable proposal 10 { dh-group 19 encryption aes256gcm128 hash sha256 } } ipsec-interfaces { interface bond0.21 } site-to-site { peer 192.168.21.2 { authentication { id 192.168.21.1 mode pre-shared-secret pre-shared-secret secretkey remote-id 192.168.21.2 } connection-type initiate ike-group IKEv2_DEFAULT ikev2-reauth inherit local-address 192.168.21.1 vti { bind vti10 esp-group ESP_DEFAULT } } } } } // Warning: Do not remove the following line. // vyos-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack@3:conntrack-sync@2:dhcp-relay@2:dhcp-server@6:dhcpv6-server@1:dns-forwarding@3:firewall@5:https@2:interfaces@22:ipoe-server@1:ipsec@5:isis@1:l2tp@3:lldp@1:mdns@1:nat@5:ntp@1:pppoe-server@5:pptp@2:qos@1:quagga@8:rpki@1:salt@1:snmp@2:ssh@2:sstp@3:system@21:vrrp@2:vyos-accel-ppp@2:wanloadbalance@3:webproxy@2:zone-policy@1" // Release version: 1.3.2