r1: set interfaces ethernet eth0 address 192.168.12.1/24 set protocols static route 0.0.0.0/0 next-hop 192.168.12.2

r2: set nat source rule 100 description “to internet” set nat source rule 100 source address 192.168.12.0/24 #nat set nat source rule 100 outbound-interface eth0 set nat source rule 100 translation address masquerade

#set nat source rule 10 outbound-interface ’eth0' #set nat source rule 10 source address ‘192.168.1.0/24’ #set nat source rule 10 translation address ‘masquerade’

r3:

set interfaces ethernet eth0 address 192.168.23.3/24 set interfaces ethernet eth1 address 192.168.34.3/24 #nat set nat source rule 100 description “to internet” set nat source rule 100 source address 192.168.34.0/24 set nat source rule 100 outbound-interface eth0 set nat source rule 100 translation address masquerade

r4: set interfaces ethernet eth0 address 192.168.34.4/24 set protocols static route 0.0.0.0/0 next-hop 192.168.34.4

R2: set vpn ipsec ike-group VyOS-ike ikev2-reauth ’no' set vpn ipsec ike-group VyOS-ike key-exchange ‘ikev1’ set vpn ipsec ike-group VyOS-ike lifetime ‘86400’ set vpn ipsec ike-group VyOS-ike proposal 1 dh-group ‘2’ set vpn ipsec ike-group VyOS-ike proposal 1 encryption ‘3des’ set vpn ipsec ike-group VyOS-ike proposal 1 hash ‘md5’

set vpn ipsec ike-group VyOS-ike dead-peer-detection interval ‘15’ set vpn ipsec ike-group VyOS-ike dead-peer-detection timeout ‘30’

set vpn ipsec esp-group VyOS-esp compression ‘disable’ set vpn ipsec esp-group VyOS-esp lifetime ‘3600’ set vpn ipsec esp-group VyOS-esp mode ’tunnel' set vpn ipsec esp-group VyOS-esp pfs ‘disable’ set vpn ipsec esp-group VyOS-esp proposal 1 encryption ‘3des’ set vpn ipsec esp-group VyOS-esp proposal 1 hash ‘md5’

set vpn ipsec ipsec-interfaces interface ’eth0'

set vpn ipsec site-to-site peer 192.168.23.3 authentication mode ‘pre-shared-secret’ set vpn ipsec site-to-site peer 192.168.23.3 authentication pre-shared-secret ‘cisco’ set vpn ipsec site-to-site peer 192.168.23.3 connection-type ‘initiate’ set vpn ipsec site-to-site peer 192.168.23.3 default-esp-group ‘VyOS-esp’ set vpn ipsec site-to-site peer 192.168.23.3 ike-group ‘VyOS-ike’ set vpn ipsec site-to-site peer 192.168.23.3 ikev2-reauth ‘inherit’ set vpn ipsec site-to-site peer 192.168.23.3 local-address ‘192.168.23.2’ set vpn ipsec site-to-site peer 192.168.23.3 tunnel 0 local prefix ‘192.168.12.0/24’ set vpn ipsec site-to-site peer 192.168.23.3 tunnel 0 remote prefix ‘192.168.34.0/24’

set nat source rule 5 destination address ‘192.168.34.0/24’ set nat source rule 5 ’exclude' set nat source rule 5 outbound-interface ’eth0' set nat source rule 5 source address ‘192.168.12.0/24’

R3: set vpn ipsec ike-group VyOS-ike ikev2-reauth ’no' set vpn ipsec ike-group VyOS-ike key-exchange ‘ikev1’ set vpn ipsec ike-group VyOS-ike lifetime ‘86400’ set vpn ipsec ike-group VyOS-ike proposal 1 dh-group ‘2’ set vpn ipsec ike-group VyOS-ike proposal 1 encryption ‘3des’ set vpn ipsec ike-group VyOS-ike proposal 1 hash ‘md5’

set vpn ipsec ike-group VyOS-ike dead-peer-detection interval ‘15’ set vpn ipsec ike-group VyOS-ike dead-peer-detection timeout ‘30’

set vpn ipsec esp-group VyOS-esp compression ‘disable’ set vpn ipsec esp-group VyOS-esp lifetime ‘3600’ set vpn ipsec esp-group VyOS-esp mode ’tunnel' set vpn ipsec esp-group VyOS-esp pfs ‘disable’ set vpn ipsec esp-group VyOS-esp proposal 1 encryption ‘3des’ set vpn ipsec esp-group VyOS-esp proposal 1 hash ‘md5’

set vpn ipsec ipsec-interfaces interface ’eth0'

set vpn ipsec site-to-site peer 192.168.23.2 authentication mode ‘pre-shared-secret’ set vpn ipsec site-to-site peer 192.168.23.2 authentication pre-shared-secret ‘cisco’ set vpn ipsec site-to-site peer 192.168.23.2 connection-type ‘initiate’ set vpn ipsec site-to-site peer 192.168.23.2 default-esp-group ‘VyOS-esp’ set vpn ipsec site-to-site peer 192.168.23.2 ike-group ‘VyOS-ike’ set vpn ipsec site-to-site peer 192.168.23.2 ikev2-reauth ‘inherit’ set vpn ipsec site-to-site peer 192.168.23.2 local-address ‘192.168.23.3’ set vpn ipsec site-to-site peer 192.168.23.2 tunnel 0 local prefix ‘192.168.34.0/24’ set vpn ipsec site-to-site peer 192.168.23.2 tunnel 0 remote prefix ‘192.168.12.0/24’

set nat source rule 5 destination address ‘192.168.12.0/24’ set nat source rule 5 ’exclude' set nat source rule 5 outbound-interface ’eth0' set nat source rule 5 source address ‘192.168.34.0/24’