-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathHA_VRRP+conntrack+NAT_1.3
95 lines (72 loc) · 3.81 KB
/
HA_VRRP+conntrack+NAT_1.3
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
# IPsec between R1 & R2 with R1 as a CA for x509 certs
# Tested in VyOS 1.3.0-epa3
#############################
set system host VyOS-FO-A
#set interface ethernet eth0 address 174.121.83.47/24
#set interface ethernet eth1 address 192.168.1.47/24
set interfaces ethernet eth1 address '169.254.1.1/24'
set interfaces ethernet eth1 description 'LAN'
set interfaces ethernet eth0 address '169.254.0.1/24'
set interfaces ethernet eth0 description 'WAN'
set interfaces ethernet eth3 address '169.254.3.1/24'
set high-availability vrrp group LAN hello-source-address '169.254.1.1'
set high-availability vrrp group LAN interface 'eth1'
set high-availability vrrp group LAN peer-address '169.254.1.2'
set high-availability vrrp group LAN priority '200'
set high-availability vrrp group LAN virtual-address '192.168.1.47/24'
set high-availability vrrp group LAN vrid '101'
set high-availability vrrp group LAN no-preempt
set high-availability vrrp group WAN hello-source-address '169.254.0.1'
set high-availability vrrp group WAN interface 'eth0'
set high-availability vrrp group WAN peer-address '169.254.0.2'
set high-availability vrrp group WAN priority '200'
set high-availability vrrp group WAN virtual-address '174.121.83.47/24'
set high-availability vrrp group WAN vrid '100'
set high-availability vrrp group WAN no-preempt
set high-availability vrrp sync-group SYNCgrp member 'LAN'
set high-availability vrrp sync-group SYNCgrp member 'WAN'
set service conntrack-sync accept-protocol 'tcp'
set service conntrack-sync accept-protocol 'udp'
set service conntrack-sync accept-protocol 'icmp'
set service conntrack-sync failover-mechanism vrrp sync-group 'SYNCgrp'
set service conntrack-sync interface 'eth3'
set service conntrack-sync mcast-group '225.0.0.50'
set service conntrack-sync disable-external-cache
set nat source rule 100 outbound-interface 'eth0'
set nat source rule 100 source address '192.168.1.0/24'
set nat source rule 100 translation address 'masquerade'
#########################################################
set system host VyOS-FO-B
#set interface ethernet eth0 address 174.121.83.47/24
#set interface ethernet eth1 address 192.168.1.47/24
set interfaces ethernet eth1 address '169.254.1.2/24'
set interfaces ethernet eth1 description 'LAN'
set interfaces ethernet eth0 address '169.254.0.2/24'
set interfaces ethernet eth0 description 'WAN'
set interfaces ethernet eth3 address '169.254.3.2/24'
set high-availability vrrp group LAN hello-source-address '169.254.1.2'
set high-availability vrrp group LAN interface 'eth1'
set high-availability vrrp group LAN peer-address '169.254.1.1'
set high-availability vrrp group LAN priority '100'
set high-availability vrrp group LAN virtual-address '192.168.1.47/24'
set high-availability vrrp group LAN vrid '101'
set high-availability vrrp group LAN no-preempt
set high-availability vrrp group WAN hello-source-address '169.254.0.2'
set high-availability vrrp group WAN interface 'eth0'
set high-availability vrrp group WAN peer-address '169.254.0.1'
set high-availability vrrp group WAN priority '100'
set high-availability vrrp group WAN virtual-address '174.121.83.47/24'
set high-availability vrrp group WAN vrid '100'
set high-availability vrrp group WAN no-preempt
set high-availability vrrp sync-group SYNCgrp member 'LAN'
set high-availability vrrp sync-group SYNCgrp member 'WAN'
set service conntrack-sync accept-protocol 'tcp'
set service conntrack-sync accept-protocol 'udp'
set service conntrack-sync accept-protocol 'icmp'
set service conntrack-sync failover-mechanism vrrp sync-group 'SYNCgrp'
set service conntrack-sync interface 'eth3'
set service conntrack-sync mcast-group '225.0.0.50'
set service conntrack-sync disable-external-cache
set nat source rule 100 outbound-interface 'eth0'
set nat source rule 100 source address '192.168.1.0/24'
set nat source rule 100 translation address 'masquerade'