vyos

1. =~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2021.11.15 10:22:46 =~=~=~=~=~=~=~=~=~=~=~=
2. show configuration
3.  
4. interfaces {
5. ethernet eth0 {
6. address 103.10.24.2/25
7. duplex auto
8. hw-id 00:50:56:53:af:c4
9. speed auto
10. traffic-policy {
11. out EGRESS_QOS
12. }
13. }
14. ethernet eth1 {
15. address 10.62.1.60/26
16. hw-id 00:50:56:53:3c:64
17. }
18. ethernet eth2 {
19. address 202.13.132.53/30
20. hw-id 00:50:56:53:2e:55
21. traffic-policy {
22. out INGRESS_QOS
23. }
24. }
25. ethernet eth3 {
26. address 103.11.26.12/31
27. description 3CLINK
28. hw-id 00:50:56:53:15:54
29. }
30. loopback lo {
31. }
32. wireguard wg01 {
33. address 122.16.100.1/24
34. peer Mat {
35. allowed-ips 122.16.100.3/32
36. persistent-keepalive 15
37. :
38. pubkey ****************
39. }
40. port 4000
41. }
42. }
43. nat {
44. source {
45. rule 101 {
46. outbound-interface eth1
47. source {
48. address 122.16.100.0/24
49. }
50. translation {
51. address masquerade
52. }
53. }
54. }
55. }
56. policy {
57. access-list 100 {
58. rule 50 {
59. action permit
60. destination {
61. any
62. }
63. source {
64. inverse-mask 0.0.1.255
65. network 103.150.24.0
66. }
67. }
68. }
69. prefix-list AS25332-IN {
70. rule 10 {
71. action permit
72. prefix 0.0.0.0/0
73. }
74. }
75. prefix-list AS25332-OUT {
76. rule 10 {
77. action permit
78. prefix 103.150.24.0/23
79. }
80. }
81. :
82. prefix-list AS141235-IN {
83. rule 10 {
84. action permit
85. prefix 0.0.0.0/0
86. }
87. }
88. prefix-list AS141235-OUT {
89. rule 10 {
90. action permit
91. prefix 103.150.24.0/23
92. }
93. }
94. route-map AS25332-IN {
95. rule 10 {
96. action permit
97. match {
98. ip {
99. address {
100. prefix-list AS25332-IN
101. }
102. }
103. }
104. }
105. rule 20 {
106. action deny
107. }
108. }
109. route-map AS25332-OUT {
110. rule 10 {
111. action permit
112. match {
113. ip {
114. address {
115. prefix-list AS25332-OUT
116. }
117. }
118. }
119. }
120. rule 20 {
121. action deny
122. }
123. }
124. route-map AS141235-IN {
125. :
126. rule 10 {
127. action permit
128. match {
129. ip {
130. address {
131. prefix-list AS141235-IN
132. }
133. }
134. }
135. }
136. rule 20 {
137. action deny
138. }
139. }
140. route-map AS141235-OUT {
141. rule 10 {
142. action permit
143. match {
144. ip {
145. address {
146. prefix-list AS141235-OUT
147. }
148. }
149. }
150. }
151. rule 20 {
152. action deny
153. }
154. }
155. route-map OSPFFILTER {
156. rule 100 {
157. action deny
158. match {
159. ip {
160. address {
161. access-list 100
162. }
163. }
164. }
165. }
166. rule 500 {
167. action permit
168. }
169. :
170. }
171. }
172. protocols {
173. bgp 142631 {
174. address-family {
175. ipv4-unicast {
176. network 103.150.24.0/23 {
177. }
178. }
179. }
180. neighbor 103.151.26.16 {
181. address-family {
182. ipv4-unicast {
183. route-map {
184. export AS141235-OUT
185. }
186. soft-reconfiguration {
187. inbound
188. }
189. }
190. }
191. password ****************
192. remote-as 140635
193. }
194. neighbor 202.123.132.52 {
195. address-family {
196. ipv4-unicast {
197. route-map {
198. export AS25332-OUT
199. }
200. soft-reconfiguration {
201. inbound
202. }
203. }
204. }
205. remote-as 24332
206. }
207. parameters {
208. router-id 202.123.132.53
209. }
210. }
211. ospf {
212. area 0 {
213. :
214. area-type {
215. normal
216. }
217. network 103.150.24.0/25
218. }
219. default-information {
220. originate {
221. metric-type 2
222. }
223. }
224. neighbor 103.150.24.1 {
225. poll-interval 60
226. priority 0
227. }
228. neighbor 103.150.24.3 {
229. poll-interval 60
230. priority 0
231. }
232. parameters {
233. abr-type cisco
234. router-id 103.150.24.2
235. }
236. redistribute {
237. connected {
238. metric-type 2
239. }
240. static {
241. metric-type 2
242. route-map OSPFFILTER
243. }
244. }
245. }
246. static {
247. route 0.0.0.0/0 {
248. next-hop 202.123.132.52 {
249. interface eth2
250. }
251. }
252. route 103.150.24.0/23 {
253. blackhole {
254. distance 254
255. }
256. }
257. :
258. route 103.223.252.0/22 {
259. next-hop 202.123.132.52 {
260. }
261. }
262. route 135.5.156.0/22 {
263. next-hop 202.123.132.52 {
264. }
265. }
266. }
267. }
268. service {
269. snmp {
270. community xxxxxxxxxx {
271. authorization ro
272. }
273. }
274. ssh {
275. port 2222
276. }
277. }
278. system {
279. config-management {
280. }
281. host-name MA-BR2
282. login {
283. user vyos {
284. authentication {
285. encrypted-password ****************
286. plaintext-password ****************
287. }
288. }
289. }
290. name-server 202.62.52.201
291. name-server 1.1.1.1
292. ntp {
293. server 0.pool.ntp.org {
294. }
295. server 1.pool.ntp.org {
296. }
297. :
298. server 2.pool.ntp.org {
299. }
300. }
301. syslog {
302. global {
303. facility all {
304. level debug
305. }
306. facility protocols {
307. level debug
308. }
309. }
310. host 10.63.3.12 {
311. facility all {
312. level all
313. protocol udp
314. }
315. port 514
316. }
317. }
318. time-zone Asia/Bangkok
319. }
320. vpn {
321. :
322. ipsec {
323. esp-group central-rtr-esp {
324. compression disable
325. lifetime 10300
326. mode tunnel
327. pfs disable
328. proposal 1 {
329. encryption aes256
330. hash sha1
331. }
332. proposal 2 {
333. encryption aes256
334. hash sha1
335. }
336. }
337. ike-group central-rtr-ike {
338. close-action none
339. ikev2-reauth no
340. key-exchange ikev1
341. lifetime 3600
342. proposal 1 {
343. dh-group 2
344. encryption aes256
345. hash sha1
346. }
347. }
348. ipsec-interfaces {
349. interface eth0
350. }
351. site-to-site {
352. peer 35.204.155.41 {
353. authentication {
354. mode pre-shared-secret
355. pre-shared-secret ****************
356. }
357. connection-type initiate
358. ike-group central-rtr-ike
359. ikev2-reauth inherit
360. local-address 103.150.24.2
361. tunnel 0 {
362. allow-nat-networks disable
363. allow-public-networks enable
364. esp-group central-rtr-esp
365. :
366. local {
367. prefix 103.150.24.26/32
368. }
369. remote {
370. prefix 35.204.35.200/32
371. }
372. }
373. }
374. }
375. }
376. }
377.