Dynamic Multipoint VPN (DMVPN): Difference between revisions
(introduction) |
(alpine setup) |
||
| Line 9: | Line 9: | ||
A DMVPN is made up two kind of hosts: an '''Hub''' node (also called ''Core'' router) and a '''Leaf''' node (also called ''Edge'' router). We'll start documenting the '''Leaf''' node setup. | A DMVPN is made up two kind of hosts: an '''Hub''' node (also called ''Core'' router) and a '''Leaf''' node (also called ''Edge'' router). We'll start documenting the '''Leaf''' node setup. | ||
The recommended version of Alpine for building a DMVPN should be at minimum 2.4.11. Don't use 2.5.x, or 2.6.0 | {{Tip|The recommended version of Alpine for building a DMVPN should be at minimum 2.4.11. Don't use 2.5.x, or 2.6.0 since it has in-tunnel IP fragmentation issues. Alpine 2.6.1 or later should be also okay}} | ||
{{Note|This document assume that all Alpine installations are run in [[Installation#Basics|diskless mode]] and that the configuration is saved on USB key}} | |||
= Leaf Node = | = Leaf Node = | ||
== Alpine Setup == | |||
We will setup the network interfaces as follows: | |||
bond0.1 = LAN<br> | |||
bond0.2 = DMZ<br> | |||
bond0.10 = ISP1<br> | |||
bond0.11 = ISP2<br> | |||
Boot Alpine in [[Installation#Basics|diskless mode]] and run <code>setup-alpine</code> | |||
{|class="wikitable" | |||
!'''You will be prompted something like this...''' | |||
!'''Suggestion on what you could enter...''' | |||
|- | |||
|<code>Select keyboard layout [none]:</code> | |||
|''Type an appropriate layout for you'' | |||
|- | |||
|<code>Select variant:</code> | |||
|''Type an appropriate layout for you (if prompted)'' | |||
|- | |||
|<code>Enter system hostname (short form, e.g. 'foo') [localhost]:</code> | |||
|''Enter the hostname, e.g.'' '''vpnc''' | |||
|- | |||
|<code>Available interfaces are: eth0<br>Enter '?' for help on bridges, bonding and vlans.<br>Which one do you want to initialize? (or '?' done')</code> | |||
|''Enter'' '''bond0.1''' | |||
|- | |||
|<code>IP address for eth0? (or 'dhcp', 'none', '?') [dhcp]:</code> | |||
|''Enter the IP address of you LAN interface, e.g.'' '''192.168.1.1''' | |||
|- | |||
|<code>Netmask? [255.0.0.0]:</code> | |||
|''Enter an appropriate value, e.g.'' '''255.255.255.0''' | |||
|- | |||
|<code>Gateway? (or 'none') [none]:</code> | |||
|''Press Enter confirming 'none''' | |||
|- | |||
|''Repeat the 4 steps above for interfaces bond0.2, bond0.10 and bond0.11 (optional).<br> If you are adding multiple gateways, don't forget to add a metric value to each ISP interface.'' | |||
|- | |||
|<code>DNS domain name? (e.g. 'bar.com') []:</code> | |||
|''Enter the domain name of your intranet, e.g.,'' '''example.net''' | |||
|- | |||
|<code>DNS nameservers(s)? []:</code> | |||
|'''8.8.8.8 8.8.4.4''' (will change them later) | |||
|- | |||
|<code>Changing password for root<br>New password:</code> | |||
|''Enter a secure password for the console'' | |||
|- | |||
|<code>Retype password:</code> | |||
|''Retype the above password'' | |||
|- | |||
|<code>Which timezone are you in? ('?' for list) [UTC]:</code> | |||
|''Press Enter confirming 'UTC''' | |||
|- | |||
|<code>HTTP/FTP proxy URL? (e.g. 'http://proxy:8080', or 'none') [none]</code> | |||
|''Press Enter confirming 'none''' | |||
|- | |||
|<code>Enter mirror number (1-9) or URL to add (or r/f/e/done) [f]:</code> | |||
|''Select a mirror close to you and press Enter'' | |||
|- | |||
|<code>Which SSH server? ('openssh', 'dropbear' or 'none') [openssh]:</code> | |||
|''Press Enter confirming 'openssh''' | |||
|- | |||
|<code>Which NTP client to run? ('openntpd', 'chrony' or 'none') [chrony]:</code> | |||
|''Press Enter confirming 'chrony''' | |||
|- | |||
|<code>Which disk(s) would you like to use? (or '?' for help or 'none') [none]:</code> | |||
|''Press Enter confirming 'none' or type 'none' if needed'' | |||
|- | |||
|<code>Enter where to store configs ('floppy', 'usb' or 'none') [usb]:</code> | |||
|''Press Enter confirming 'usb''' | |||
|- | |||
|<code>Enter apk cache directory (or '?' or 'none') [/media/usb/cache]:</code> | |||
|''Press Enter confirming '/media/usb/cache''' | |||
|} | |||
Revision as of 08:33, 19 August 2013
 Do not follow instructions here until this notice is removed. |
http://alpinelinux.org/about under Why the Name Alpine? states:
The first open-source implementation of Cisco's DMVPN, called OpenNHRP, was written for Alpine Linux.
So the aim of this document is to be the reference DMVPN setup, with all the networking services needed for the clients that will use the DMVPN (DNS, DHCP, firewall, etc.).
A DMVPN is made up two kind of hosts: an Hub node (also called Core router) and a Leaf node (also called Edge router). We'll start documenting the Leaf node setup.
Tip: The recommended version of Alpine for building a DMVPN should be at minimum 2.4.11. Don't use 2.5.x, or 2.6.0 since it has in-tunnel IP fragmentation issues. Alpine 2.6.1 or later should be also okay
Note: This document assume that all Alpine installations are run in diskless mode and that the configuration is saved on USB key
Leaf Node
Alpine Setup
We will setup the network interfaces as follows:
bond0.1 = LAN
bond0.2 = DMZ
bond0.10 = ISP1
bond0.11 = ISP2
Boot Alpine in diskless mode and run setup-alpine
| You will be prompted something like this... | Suggestion on what you could enter... |
|---|---|
Select keyboard layout [none]:
|
Type an appropriate layout for you |
Select variant:
|
Type an appropriate layout for you (if prompted) |
Enter system hostname (short form, e.g. 'foo') [localhost]:
|
Enter the hostname, e.g. vpnc |
Available interfaces are: eth0
|
Enter bond0.1 |
IP address for eth0? (or 'dhcp', 'none', '?') [dhcp]:
|
Enter the IP address of you LAN interface, e.g. 192.168.1.1 |
Netmask? [255.0.0.0]:
|
Enter an appropriate value, e.g. 255.255.255.0 |
Gateway? (or 'none') [none]:
|
Press Enter confirming 'none' |
| Repeat the 4 steps above for interfaces bond0.2, bond0.10 and bond0.11 (optional). If you are adding multiple gateways, don't forget to add a metric value to each ISP interface. | |
DNS domain name? (e.g. 'bar.com') []:
|
Enter the domain name of your intranet, e.g., example.net |
DNS nameservers(s)? []:
|
8.8.8.8 8.8.4.4 (will change them later) |
Changing password for root
|
Enter a secure password for the console |
Retype password:
|
Retype the above password |
Which timezone are you in? ('?' for list) [UTC]:
|
Press Enter confirming 'UTC' |
HTTP/FTP proxy URL? (e.g. 'http://proxy:8080', or 'none') [none]
|
Press Enter confirming 'none' |
Enter mirror number (1-9) or URL to add (or r/f/e/done) [f]:
|
Select a mirror close to you and press Enter |
Which SSH server? ('openssh', 'dropbear' or 'none') [openssh]:
|
Press Enter confirming 'openssh' |
Which NTP client to run? ('openntpd', 'chrony' or 'none') [chrony]:
|
Press Enter confirming 'chrony' |
Which disk(s) would you like to use? (or '?' for help or 'none') [none]:
|
Press Enter confirming 'none' or type 'none' if needed |
Enter where to store configs ('floppy', 'usb' or 'none') [usb]:
|
Press Enter confirming 'usb' |
Enter apk cache directory (or '?' or 'none') [/media/usb/cache]:
|
Press Enter confirming '/media/usb/cache' |