Copyright 2024 Fsas Technologies Inc

reference
https://www.fujitsu.com/jp/documents/products/network/router/sir/example/internet-vpn/vpn_ipoe_dvpn-guide.pdf

****************************************
 Si-R 1 config
****************************************

ether 1 1 vlan untag 1
ether 1 2 use off
ether 2 1 vlan untag 2-8
lan 0 ipv6 use on
lan 0 ipv6 address 0 auto
lan 0 ipv6 ra mode recv
lan 0 ipv6 ra recv prefix-mode routers
lan 0 ipv6 trafficclass 0 any any any any any any 0
lan 0 ipv6 dhcp service client 
lan 0 ipv6 dhcp client option na off
lan 0 ipv6 in-policy 0 policy-group 0
lan 0 vlan 1
lan 1 ip address 10.1.0.1/24 3
lan 1 vlan 2
remote 0 name PPPoE
remote 0 mtu 1454
remote 0 ap 0 name PPPoE
remote 0 ap 0 datalink bind vlan 1
remote 0 ap 0 ppp auth send id-a@isp pw-a@isp
remote 0 ap 0 keep connect
remote 0 ppp ipcp vjcomp disable
remote 0 ip address local 203.0.113.1 
remote 0 ip route 0 default 1 1
remote 0 ip nat mode multi 203.0.113.1 1 5m
remote 0 ip nat static 0 10.1.0.1 5070 203.0.113.1 5070 17 
remote 0 ip msschange 1414
remote 3 name null
remote 3 ap 0 name null
remote 3 ap 0 datalink type discard
template 0 name dvpn
template 0 idle 20m
template 0 interface pool 10 90
template 0 datalink type ipsec
template 0 combine use dvpn
template 0 ip msschange 1300
template 0 ipv6 use on
template 0 dvpn client 0
template 0 ipsec ike protocol esp
template 0 ipsec ike encrypt aes-cbc-256
template 0 ipsec ike auth hmac-sha512
template 0 ipsec ike pfs modp2048
template 0 ipsec ike newsa responder off 0
template 0 ike shared key text tmp-key
template 0 ike proposal 0 encrypt aes-cbc-256
template 0 ike proposal 0 hash hmac-sha512
template 0 ike proposal 0 pfs modp2048
template 0 tunnel local ra@lan0
template 0 sessionwatch address 10.1.0.1
template 0 sessionwatch interval 1m
dvpn server use on
dvpn server domain fuji
dvpn server auth use on
dvpn client 0 server 0 address 203.0.113.1 5070
dvpn client 0 server 0 auth FUJI-0000 FUJI-0000
dvpn client 0 expire register 10m
dvpn client 0 expire session 30m
dvpn client 0 ua 10.1.0.1
dvpn client 0 domain fuji
dvpn client 0 localnet 0 0.0.0.0/0 on
dvpn client 0 localid FUJI-0000
dvpn client 0 interface lan 0 ra
routemanage ip ecmp mode hash
acl 10 description v6_ESP
acl 10 ipv6 any any 50 any
acl 11 description v6_ISAKMP
acl 11 ipv6 any any 17 any
acl 11 udp 500 500
acl 12 description SIP_Cli
acl 12 ipv6 any any 17 any
acl 12 udp 5070 5070
acl 13 description v6_dhcp
acl 13 ipv6 any any 17 any
acl 13 udp 547 546
acl 14 description v6_icmp
acl 14 ipv6 any any 58 any
acl 15 description v6_DNS
acl 15 ipv6 any any 17 any
acl 15 udp 53 any
acl 16 description v6_IP-in-IP
acl 16 ipv6 any any 4 any
acl 17 description v6_any
acl 17 ipv6 any any any any
policy-group 0 pattern 0 unmatch acl 10
policy-group 0 pattern 1 unmatch acl 11
policy-group 0 pattern 2 unmatch acl 12
policy-group 0 pattern 3 unmatch acl 13
policy-group 0 pattern 4 unmatch acl 14
policy-group 0 pattern 5 unmatch acl 15
policy-group 0 pattern 6 unmatch acl 16
policy-group 0 pattern 7 match acl 17
policy-group 0 interface rmt3
aaa 0 name dvpnserver
aaa 0 user 0 id FUJI-0000
aaa 0 user 0 password FUJI-0000
aaa 0 user 1 id FUJI-0001
aaa 0 user 1 password FUJI-0001
aaa 0 user 2 id FUJI-0002
aaa 0 user 2 password FUJI-0002
aaa 0 user 3 id FUJI-0003
aaa 0 user 3 password FUJI-0003
aaa 0 user 4 id FUJI-0004
aaa 0 user 4 password FUJI-0004
aaa 0 user 5 id FUJI-0005
aaa 0 user 5 password FUJI-0005
syslog facility 23
time auto server 0::0 dhcp
time zone 0900
consoleinfo autologout 15m
telnetinfo autologout 5m
loopback ip address 0 10.1.0.1 
terminal charset SJIS


****************************************
 Si-R 2 config
****************************************

ether 1 1 vlan untag 1
ether 1 2 use off
ether 2 1 vlan untag 2-8
lan 0 ipv6 use on
lan 0 ipv6 address 0 auto
lan 0 ipv6 ra mode recv
lan 0 ipv6 ra recv prefix-mode routers
lan 0 ipv6 trafficclass 0 any any any any any any 0
lan 0 ipv6 dhcp service client 
lan 0 ipv6 dhcp client option na off
lan 0 ipv6 in-policy 0 policy-group 0
lan 0 vlan 1
lan 1 ip address 10.1.1.1/24 3
lan 1 vlan 2
remote 0 name PPPoE
remote 0 mtu 1454
remote 0 ap 0 name PPPoE
remote 0 ap 0 datalink bind vlan 1
remote 0 ap 0 ppp auth send id-b@isp pw-b@isp
remote 0 ap 0 keep connect
remote 0 ppp ipcp vjcomp disable
remote 0 ip route 0 203.0.113.1/32 1 1 
remote 0 ip nat mode multi any 1 5m
remote 0 ip nat static 0 10.1.4.254 5070 any 5070 17
remote 0 ip msschange 1414
remote 1 name dvpn
remote 1 ap 0 name center
remote 1 ap 0 datalink type ipsec
remote 1 ap 0 keep connect
remote 1 ap 0 dvpn client 0
remote 1 ap 0 dvpn remotenet 0 0.0.0.0/0 on
remote 1 ap 0 ipsec type dvpn
remote 1 ap 0 ipsec ike protocol esp
remote 1 ap 0 ipsec ike encrypt aes-cbc-256
remote 1 ap 0 ipsec ike auth hmac-sha512
remote 1 ap 0 ipsec ike pfs modp2048
remote 1 ap 0 ike shared key text sir2-key
remote 1 ap 0 ike proposal 0 encrypt aes-cbc-256
remote 1 ap 0 ike proposal 0 hash hmac-sha512
remote 1 ap 0 ike proposal 0 pfs modp2048
remote 1 ap 0 ike initial connect
remote 1 ap 0 tunnel local ra@lan0
remote 1 ap 0 sessionwatch address 10.1.1.1 10.1.0.1
remote 1 ap 0 sessionwatch interval 20s 1m 40s 5s
remote 1 ap 1 datalink type discard
remote 1 ip route 0 default 1 1
remote 1 ip msschange 1300
remote 1 ip dvpn 0 autoignore
remote 1 ip dvpn 1 invite acl 20 24 0
remote 1 ip dvpn 2 invite acl 21 24 0
remote 1 ip dvpn 3 invite acl 22 24 0
remote 3 name null
remote 3 ap 0 name null
remote 3 ap 0 datalink type discard
template 0 name dvpn
template 0 idle 20m
template 0 interface pool 10 90
template 0 datalink type ipsec
template 0 combine use dvpn
template 0 ip msschange 1300
template 0 ipv6 use on
template 0 dvpn client 0
template 0 ipsec ike protocol esp
template 0 ipsec ike encrypt aes-cbc-256
template 0 ipsec ike auth hmac-sha512
template 0 ipsec ike pfs modp2048
template 0 ipsec ike newsa responder off 0
template 0 ike shared key text tmp-key
template 0 ike proposal 0 encrypt aes-cbc-256
template 0 ike proposal 0 hash hmac-sha512
template 0 ike proposal 0 pfs modp2048
template 0 tunnel local ra@lan0
template 0 sessionwatch address 10.1.1.1
template 0 sessionwatch interval 1m
dvpn client 0 server 0 address 203.0.113.1 5070
dvpn client 0 server 0 auth FUJI-0001 FUJI-0001
dvpn client 0 expire register 10m
dvpn client 0 expire session 30m
dvpn client 0 ua 10.1.1.1
dvpn client 0 domain fuji
dvpn client 0 localnet 0 10.1.1.0/24 on
dvpn client 0 localid FUJI-0001
dvpn client 0 interface lan 0 ra
routemanage ip ecmp mode hash
acl 10 description v6_ESP
acl 10 ipv6 any any 50 any
acl 11 description v6_ISAKMP
acl 11 ipv6 any any 17 any
acl 11 udp 500 500
acl 12 description SIP_Cli
acl 12 ipv6 any any 17 any
acl 12 udp 5070 5070
acl 13 description v6_dhcp
acl 13 ipv6 any any 17 any
acl 13 udp 547 546
acl 14 description v6_icmp
acl 14 ipv6 any any 58 any
acl 15 description v6_DNS
acl 15 ipv6 any any 17 any
acl 15 udp 53 any
acl 16 description v6_IP-in-IP
acl 16 ipv6 any any 4 any
acl 17 description v6_any
acl 17 ipv6 any any any any
acl 20 ip any 192.168.0.0/16 any any
acl 21 ip any 172.16.0.0/12 any any
acl 22 ip any 10.0.0.0/8 any any
policy-group 0 pattern 0 unmatch acl 10
policy-group 0 pattern 1 unmatch acl 11
policy-group 0 pattern 2 unmatch acl 12
policy-group 0 pattern 3 unmatch acl 13
policy-group 0 pattern 4 unmatch acl 14
policy-group 0 pattern 5 unmatch acl 15
policy-group 0 pattern 6 unmatch acl 16
policy-group 0 pattern 7 match acl 17
policy-group 0 interface rmt3
syslog facility 23
time auto server 0::0 dhcp
time zone 0900
consoleinfo autologout 15m
telnetinfo autologout 5m
loopback ip address 0 10.1.1.1 
terminal charset SJIS


****************************************
 Si-R 3 config
****************************************

ether 1 1 vlan untag 1
ether 1 2 use off
ether 2 1 vlan untag 2-8
lan 0 ipv6 use on
lan 0 ipv6 address 0 auto
lan 0 ipv6 ra mode recv
lan 0 ipv6 ra recv prefix-mode routers
lan 0 ipv6 trafficclass 0 any any any any any any 0
lan 0 ipv6 dhcp service client 
lan 0 ipv6 dhcp client option na off
lan 0 ipv6 in-policy 0 policy-group 0
lan 0 vlan 1
lan 1 ip address 10.1.2.1/24 3
lan 1 vlan 2
remote 0 name PPPoE
remote 0 mtu 1454
remote 0 ap 0 name PPPoE
remote 0 ap 0 datalink bind vlan 1
remote 0 ap 0 ppp auth send id-c@isp pw-c@isp
remote 0 ap 0 keep connect
remote 0 ppp ipcp vjcomp disable
remote 0 ip route 0 203.0.113.1/32 1 1
remote 0 ip nat mode multi any 1 5m
remote 0 ip nat static 0 10.1.4.254 5070 any 5070 17
remote 0 ip msschange 1414
remote 1 name dvpn
remote 1 ap 0 name center
remote 1 ap 0 datalink type ipsec
remote 1 ap 0 keep connect
remote 1 ap 0 dvpn client 0
remote 1 ap 0 dvpn remotenet 0 0.0.0.0/0 on
remote 1 ap 0 ipsec type dvpn
remote 1 ap 0 ipsec ike protocol esp
remote 1 ap 0 ipsec ike encrypt aes-cbc-256
remote 1 ap 0 ipsec ike auth hmac-sha512
remote 1 ap 0 ipsec ike pfs modp2048
remote 1 ap 0 ike shared key text sir3-key
remote 1 ap 0 ike proposal 0 encrypt aes-cbc-256
remote 1 ap 0 ike proposal 0 hash hmac-sha512
remote 1 ap 0 ike proposal 0 pfs modp2048
remote 1 ap 0 ike initial connect
remote 1 ap 0 tunnel local ra@lan0
remote 1 ap 0 sessionwatch address 10.1.2.1 10.1.0.1
remote 1 ap 0 sessionwatch interval 20s 1m 40s 5s
remote 1 ap 1 datalink type discard
remote 1 ip route 0 default 1 1
remote 1 ip msschange 1300
remote 1 ip dvpn 0 autoignore
remote 1 ip dvpn 1 invite acl 20 24 0
remote 1 ip dvpn 2 invite acl 21 24 0
remote 1 ip dvpn 3 invite acl 22 24 0
remote 3 name null
remote 3 ap 0 name null
remote 3 ap 0 datalink type discard
template 0 name dvpn
template 0 idle 20m
template 0 interface pool 10 90
template 0 datalink type ipsec
template 0 combine use dvpn
template 0 ip msschange 1300
template 0 ipv6 use on
template 0 dvpn client 0
template 0 ipsec ike protocol esp
template 0 ipsec ike encrypt aes-cbc-256
template 0 ipsec ike auth hmac-sha512
template 0 ipsec ike pfs modp2048
template 0 ipsec ike newsa responder off 0
template 0 ike shared key text tmp-key
template 0 ike proposal 0 encrypt aes-cbc-256
template 0 ike proposal 0 hash hmac-sha512
template 0 ike proposal 0 pfs modp2048
template 0 tunnel local ra@lan0
template 0 sessionwatch address 10.1.2.1
template 0 sessionwatch interval 1m
dvpn client 0 server 0 address 203.0.113.1 5070
dvpn client 0 server 0 auth FUJI-0002 FUJI-0002
dvpn client 0 expire register 10m
dvpn client 0 expire session 30m
dvpn client 0 ua 10.1.2.1
dvpn client 0 domain fuji
dvpn client 0 localnet 0 10.1.2.0/24 on
dvpn client 0 localid FUJI-0002
dvpn client 0 interface lan 0 ra
routemanage ip ecmp mode hash
acl 10 description v6_ESP
acl 10 ipv6 any any 50 any
acl 11 description v6_ISAKMP
acl 11 ipv6 any any 17 any
acl 11 udp 500 500
acl 12 description SIP_Cli
acl 12 ipv6 any any 17 any
acl 12 udp 5070 5070
acl 13 description v6_dhcp
acl 13 ipv6 any any 17 any
acl 13 udp 547 546
acl 14 description v6_icmp
acl 14 ipv6 any any 58 any
acl 15 description v6_DNS
acl 15 ipv6 any any 17 any
acl 15 udp 53 any
acl 16 description v6_IP-in-IP
acl 16 ipv6 any any 4 any
acl 17 description v6_any
acl 17 ipv6 any any any any
acl 20 ip any 192.168.0.0/16 any any
acl 21 ip any 172.16.0.0/12 any any
acl 22 ip any 10.0.0.0/8 any any
policy-group 0 pattern 0 unmatch acl 10
policy-group 0 pattern 1 unmatch acl 11
policy-group 0 pattern 2 unmatch acl 12
policy-group 0 pattern 3 unmatch acl 13
policy-group 0 pattern 4 unmatch acl 14
policy-group 0 pattern 5 unmatch acl 15
policy-group 0 pattern 6 unmatch acl 16
policy-group 0 pattern 7 match acl 17
policy-group 0 interface rmt3
syslog facility 23
time auto server 0::0 dhcp
time zone 0900
consoleinfo autologout 15m
telnetinfo autologout 5m
loopback ip address 0 10.1.2.1 
terminal charset SJIS