今までPPPoEでつないでいたプロバイダ以外に、住んでいるアパートが用意しているDHCPで取得するプロバイダ回線もあるので、せっかくだからLAN3に繋いでみた。物理回線は同じなのだが(pppoeブリッジ接続が出来ている)、プロバイダが遅かったら落ちたりすることがあるので。
で、二つつないだときの設定。
とりあえず今はhttp及びhttpsを回線A、それ以外を回線Bとしてみたのだが、どうもいろいろ不具合が出るのでなにか他の方法にしないとなあ・・・BGPとかかな?と思っているけれどとりあえず
元に戻すので、設定をこちらにメモっておく。
さーてどうしようかな・・・
# show config
# RTX1100 Rev.8.03.94 (Thu Dec 5 19:06:16 2013)
# Memory 32Mbytes, 3LAN, 1BRI
# Reporting Date: Sep 6 11:57:10 2014
システムの設定: lan3にdhcpで取るマンションの回線を接続:
login password *
administrator password *
security class 1 on on
login timer 1600
ip route default gateway dhcp lan3 filter 1 gateway pp 1 #filter1のプロトコルはlan3経由で、それ以外はpp 1経由で
ipv6 prefix 1 ra-prefix@lan2::/64
ip lan1 address 192.168.25.1/24
ipv6 lan1 address ra-prefix@lan2::1/64
ipv6 lan1 rtadv send 1
ipv6 lan1 mld router version=2
ipv6 lan2 mld host version=2
ip lan3 address dhcp
ip lan3 mtu 1500
ip lan3 intrusion detection in off reject=off
ip lan3 intrusion detection out off reject=off
ip lan3 nat descriptor 2
PPPoE経由の設定:
pp select 1
pp always-on on
pppoe use lan2
pppoe auto connect on
pppoe auto disconnect on
pp auth accept pap chap
pp auth myname username password
ppp lcp mru on 1454
ppp ipcp ipaddress on
ppp ipcp msext on
ip pp mtu 1454
ip pp nat descriptor 1
netvolante-dns use pp server=1 auto
netvolante-dns hostname host pp server=1 myhost.netvolante.jp
pp enable 1
VPNの設定:
pp select anonymous
pp bind tunnel1-tunnel5
pp auth request chap
pp auth username xxxx1 xxxx1
pp auth username xxxx2 xxxx2
pp auth username xxxx3 xxxx3
pp auth username xxxx4 xxxx4
pp auth username xxxx5 xxxxx5
ppp ipcp ipaddress on
ppp ipcp msext on
ip pp remote address pool 192.168.25.60-192.168.25.64
ip pp mtu 1258
pp enable anonymous
tunnel select 1
tunnel encapsulation l2tp
ipsec tunnel 101
ipsec sa policy 101 1 esp aes-cbc sha-hmac
ipsec ike keepalive use 1 off
ipsec ike local address 1 192.168.25.1
ipsec ike nat-traversal 1 on
ipsec ike pre-shared-key 1 text password
ipsec ike remote address 1 any
l2tp tunnel disconnect time off
l2tp keepalive use on 10 3
l2tp keepalive log on
l2tp syslog on
ip tunnel tcp mss limit auto
tunnel enable 1
tunnel select 2
tunnel encapsulation l2tp
ipsec tunnel 102
ipsec sa policy 102 2 esp aes-cbc sha-hmac
ipsec ike local address 2 192.168.25.1
ipsec ike nat-traversal 2 on
ipsec ike pre-shared-key 2 text password
ipsec ike remote address 2 any
l2tp tunnel disconnect time off
l2tp keepalive use on 10 3
l2tp keepalive log on
l2tp syslog on
ip tunnel tcp mss limit auto
tunnel enable 2
tunnel select 3
tunnel encapsulation l2tp
ipsec tunnel 103
ipsec sa policy 103 3 esp aes-cbc sha-hmac
ipsec ike keepalive use 3 off
ipsec ike local address 3 192.168.25.1
ipsec ike nat-traversal 3 on
ipsec ike pre-shared-key 3 text password
ipsec ike remote address 3 any
l2tp tunnel disconnect time off
l2tp keepalive use on 10 3
l2tp keepalive log on
l2tp syslog on
ip tunnel tcp mss limit auto
tunnel enable 3
tunnel select 4
tunnel encapsulation l2tp
ipsec tunnel 104
ipsec sa policy 104 4 esp aes-cbc sha-hmac
ipsec ike keepalive use 4 off
ipsec ike local address 4 192.168.25.1
ipsec ike nat-traversal 4 on
ipsec ike pre-shared-key 4 text password
ipsec ike remote address 4 any
l2tp tunnel disconnect time off
l2tp keepalive use on 10 3
l2tp keepalive log on
l2tp syslog on
ip tunnel tcp mss limit auto
tunnel enable 4
tunnel select 5
tunnel encapsulation l2tp
ipsec tunnel 105
ipsec sa policy 105 5 esp aes-cbc sha-hmac
ipsec ike keepalive use 5 off
ipsec ike local address 5 192.168.25.1
ipsec ike nat-traversal 5 on
ipsec ike pre-shared-key 5 text password
ipsec ike remote address 5 any
l2tp tunnel disconnect time off
l2tp keepalive use on 10 3
l2tp keepalive log on
l2tp syslog on
ip tunnel tcp mss limit auto
経路設定: filter1にwwwとhttpsを追加
ip filter 1 pass * * tcp * www,https
natの設定(PPPoE用):
nat descriptor log on
nat descriptor masquerade ttl hold auto
nat descriptor type 1 masquerade
nat descriptor timer 1 6000
nat descriptor address outer 1 ipcp
nat descriptor address inner 1 auto
nat descriptor masquerade incoming 1 reject
natの設定(DHCP回線用):
nat descriptor type 2 nat-masquerade
nat descriptor timer 2 6000
nat descriptor address outer 2 primary
nat descriptor address inner 2 auto
natの設定(接続が多い時におかしくなるので、それの回避):
nat descriptor timer 1000 protocol=tcp port=50002 90
nat descriptor timer 1000 protocol=udp port=50002 30
nat descriptor masquerade rlogin 1000 on
ipsecの設定 :
ipsec transport 1 101 udp 1701
ipsec transport 2 102 udp 1701
ipsec transport 3 103 udp 1701
ipsec transport 4 104 udp 1701
ipsec transport 5 105 udp 1701
syslogの設定:
syslog host 192.168.25.x
syslog notice off
syslog info off
syslog debug off
dhcpの設定:
dhcp service server
dhcp scope 1 192.168.25.2-192.168.25.50/24
dnsの設定:
dns service recursive
dns server 8.8.8.8 8.8.4.4
dns cache use off
dns private address spoof on
時間設定:
schedule at 1 */* *:00 * ntpdate ntp.nict.jp
l2tpを開始:
l2tp service on
dynamic dnsの設定:
netvolante-dns register timer server=1 3600
uPNP開始:
upnp use on
とりあえず戻すには
ip route default gateway pp 1
とすればOKでした。
で、二つつないだときの設定。
とりあえず今はhttp及びhttpsを回線A、それ以外を回線Bとしてみたのだが、どうもいろいろ不具合が出るのでなにか他の方法にしないとなあ・・・BGPとかかな?と思っているけれどとりあえず
元に戻すので、設定をこちらにメモっておく。
さーてどうしようかな・・・
# show config
# RTX1100 Rev.8.03.94 (Thu Dec 5 19:06:16 2013)
# Memory 32Mbytes, 3LAN, 1BRI
# Reporting Date: Sep 6 11:57:10 2014
システムの設定: lan3にdhcpで取るマンションの回線を接続:
login password *
administrator password *
security class 1 on on
login timer 1600
ip route default gateway dhcp lan3 filter 1 gateway pp 1 #filter1のプロトコルはlan3経由で、それ以外はpp 1経由で
ipv6 prefix 1 ra-prefix@lan2::/64
ip lan1 address 192.168.25.1/24
ipv6 lan1 address ra-prefix@lan2::1/64
ipv6 lan1 rtadv send 1
ipv6 lan1 mld router version=2
ipv6 lan2 mld host version=2
ip lan3 address dhcp
ip lan3 mtu 1500
ip lan3 intrusion detection in off reject=off
ip lan3 intrusion detection out off reject=off
ip lan3 nat descriptor 2
PPPoE経由の設定:
pp select 1
pp always-on on
pppoe use lan2
pppoe auto connect on
pppoe auto disconnect on
pp auth accept pap chap
pp auth myname username password
ppp lcp mru on 1454
ppp ipcp ipaddress on
ppp ipcp msext on
ip pp mtu 1454
ip pp nat descriptor 1
netvolante-dns use pp server=1 auto
netvolante-dns hostname host pp server=1 myhost.netvolante.jp
pp enable 1
VPNの設定:
pp select anonymous
pp bind tunnel1-tunnel5
pp auth request chap
pp auth username xxxx1 xxxx1
pp auth username xxxx2 xxxx2
pp auth username xxxx3 xxxx3
pp auth username xxxx4 xxxx4
pp auth username xxxx5 xxxxx5
ppp ipcp ipaddress on
ppp ipcp msext on
ip pp remote address pool 192.168.25.60-192.168.25.64
ip pp mtu 1258
pp enable anonymous
tunnel select 1
tunnel encapsulation l2tp
ipsec tunnel 101
ipsec sa policy 101 1 esp aes-cbc sha-hmac
ipsec ike keepalive use 1 off
ipsec ike local address 1 192.168.25.1
ipsec ike nat-traversal 1 on
ipsec ike pre-shared-key 1 text password
ipsec ike remote address 1 any
l2tp tunnel disconnect time off
l2tp keepalive use on 10 3
l2tp keepalive log on
l2tp syslog on
ip tunnel tcp mss limit auto
tunnel enable 1
tunnel select 2
tunnel encapsulation l2tp
ipsec tunnel 102
ipsec sa policy 102 2 esp aes-cbc sha-hmac
ipsec ike local address 2 192.168.25.1
ipsec ike nat-traversal 2 on
ipsec ike pre-shared-key 2 text password
ipsec ike remote address 2 any
l2tp tunnel disconnect time off
l2tp keepalive use on 10 3
l2tp keepalive log on
l2tp syslog on
ip tunnel tcp mss limit auto
tunnel enable 2
tunnel select 3
tunnel encapsulation l2tp
ipsec tunnel 103
ipsec sa policy 103 3 esp aes-cbc sha-hmac
ipsec ike keepalive use 3 off
ipsec ike local address 3 192.168.25.1
ipsec ike nat-traversal 3 on
ipsec ike pre-shared-key 3 text password
ipsec ike remote address 3 any
l2tp tunnel disconnect time off
l2tp keepalive use on 10 3
l2tp keepalive log on
l2tp syslog on
ip tunnel tcp mss limit auto
tunnel enable 3
tunnel select 4
tunnel encapsulation l2tp
ipsec tunnel 104
ipsec sa policy 104 4 esp aes-cbc sha-hmac
ipsec ike keepalive use 4 off
ipsec ike local address 4 192.168.25.1
ipsec ike nat-traversal 4 on
ipsec ike pre-shared-key 4 text password
ipsec ike remote address 4 any
l2tp tunnel disconnect time off
l2tp keepalive use on 10 3
l2tp keepalive log on
l2tp syslog on
ip tunnel tcp mss limit auto
tunnel enable 4
tunnel select 5
tunnel encapsulation l2tp
ipsec tunnel 105
ipsec sa policy 105 5 esp aes-cbc sha-hmac
ipsec ike keepalive use 5 off
ipsec ike local address 5 192.168.25.1
ipsec ike nat-traversal 5 on
ipsec ike pre-shared-key 5 text password
ipsec ike remote address 5 any
l2tp tunnel disconnect time off
l2tp keepalive use on 10 3
l2tp keepalive log on
l2tp syslog on
ip tunnel tcp mss limit auto
経路設定: filter1にwwwとhttpsを追加
ip filter 1 pass * * tcp * www,https
natの設定(PPPoE用):
nat descriptor log on
nat descriptor masquerade ttl hold auto
nat descriptor type 1 masquerade
nat descriptor timer 1 6000
nat descriptor address outer 1 ipcp
nat descriptor address inner 1 auto
nat descriptor masquerade incoming 1 reject
natの設定(DHCP回線用):
nat descriptor type 2 nat-masquerade
nat descriptor timer 2 6000
nat descriptor address outer 2 primary
nat descriptor address inner 2 auto
natの設定(接続が多い時におかしくなるので、それの回避):
nat descriptor timer 1000 protocol=tcp port=50002 90
nat descriptor timer 1000 protocol=udp port=50002 30
nat descriptor masquerade rlogin 1000 on
ipsecの設定 :
ipsec transport 1 101 udp 1701
ipsec transport 2 102 udp 1701
ipsec transport 3 103 udp 1701
ipsec transport 4 104 udp 1701
ipsec transport 5 105 udp 1701
syslogの設定:
syslog host 192.168.25.x
syslog notice off
syslog info off
syslog debug off
dhcpの設定:
dhcp service server
dhcp scope 1 192.168.25.2-192.168.25.50/24
dnsの設定:
dns service recursive
dns server 8.8.8.8 8.8.4.4
dns cache use off
dns private address spoof on
時間設定:
schedule at 1 */* *:00 * ntpdate ntp.nict.jp
l2tpを開始:
l2tp service on
dynamic dnsの設定:
netvolante-dns register timer server=1 3600
uPNP開始:
upnp use on
とりあえず戻すには
ip route default gateway pp 1
とすればOKでした。
0 件のコメント:
コメントを投稿