カテゴリ一覧
最近の更新
メニュー

2016/02/23 EdgeMAX シリーズのファームウェア v1.8.0 がリリースされました。
詳細はこちら をご覧下さい。

「コマンド > configure > vpn」の版間の差分

提供: EdgeOS 日本語Wiki [非公式]
移動: 案内検索
(関連項目)
7行目: 7行目:
  
  
== vpn のパラメーター ==
+
<!--
 +
== よく使いそうなコマンド ==
 +
-->
  
 +
== vpn のパラメーター ==
  
 
=== index ===
 
=== index ===
22行目: 25行目:
  
 
=== vpn ipsec ===
 
=== vpn ipsec ===
 +
* set vpn ''' ipsec '''
 +
*: VPN IP security (IPsec) parameters
 +
** <code>set vpn ipsec ''' auto-firewall-nat-exclude { enable | disable } '''</code>
 +
**: Option to enable/disable auto firewall and NAT exclude (IPv4)
 +
** <code>set vpn ipsec ''' auto-update {30-65535} '''</code>
 +
**: Set auto-update interval for IPsec daemon.
 +
** <code>set vpn ipsec ''' disable-uniqreqids '''</code>
 +
**: Option to disable requirement for unique IDs in the Security Database
 +
** set vpn ipsec ''' esp-group [[パラメーター > IPSec ESP グループ名|{IPSec ESP グループ名}]] '''
 +
**: Name of Encapsulating Security Payload (ESP) group
 +
*** <code>set vpn ipsec esp-group [[パラメーター > IPSec ESP グループ名|{IPSec ESP グループ名}]] ''' compression { enable | disable } '''</code>
 +
***: ESP compression
 +
*** <code>set vpn ipsec esp-group [[パラメーター > IPSec ESP グループ名|{IPSec ESP グループ名}]] ''' lifetime {30-86400} '''</code>
 +
***: ESP lifetime
 +
*** set vpn ipsec esp-group [[パラメーター > IPSec ESP グループ名|{IPSec ESP グループ名}]] ''' mode '''
 +
***: ESP mode
 +
**** <code>set vpn ipsec esp-group [[パラメーター > IPSec ESP グループ名|{IPSec ESP グループ名}]] mode ''' tunnel '''</code>
 +
****: Tunnel mode (default)
 +
**** <code>set vpn ipsec esp-group [[パラメーター > IPSec ESP グループ名|{IPSec ESP グループ名}]] mode ''' transport '''</code>
 +
****: Transport mode
 +
*** <code>set vpn ipsec esp-group [[パラメーター > IPSec ESP グループ名|{IPSec ESP グループ名}]] ''' pfs [[パラメーター > IPSec ESP DH グループ|{IPSec ESP DH グループ}]] '''</code>
 +
***: ESP Perfect Forward Secrecy
 +
*** set vpn ipsec esp-group [[パラメーター > IPSec ESP グループ名|{IPSec ESP グループ名}]] ''' proposal [[パラメーター > IPSec ESP グループ proposal 番号|{(1-65535) : IPSec ESP グループ proposal 番号}]] '''
 +
***: ESP-group proposal [REQUIRED]
 +
**** <code>set vpn ipsec esp-group [[パラメーター > IPSec ESP グループ名|{IPSec ESP グループ名}]] proposal [[パラメーター > IPSec ESP グループ proposal 番号|{(1-65535) : IPSec ESP グループ proposal 番号}]] ''' encryption [[パラメーター > 暗号化アルゴリズム|{暗号化アルゴリズム}]] '''</code>
 +
****: Encryption algorithm
 +
**** <code>set vpn ipsec esp-group [[パラメーター > IPSec ESP グループ名|{IPSec ESP グループ名}]] proposal [[パラメーター > IPSec ESP グループ proposal 番号|{(1-65535) : IPSec ESP グループ proposal 番号}]] ''' hash [[パラメーター > hash アルゴリズム|{hash アルゴリズム}]] '''</code>
 +
****: Hash algorithm
 +
** set vpn ipsec ''' ike-group [[パラメーター > IPSec IKE グループ名|{IPSec IKE グループ名}]] '''
 +
**: Name of Internet Key Exchange (IKE) group
 +
*** set vpn ipsec ike-group [[パラメーター > IPSec IKE グループ名|{IPSec IKE グループ名}]] ''' dead-peer-detection '''
 +
***: Dead Peer Detection (DPD)
 +
**** set vpn ipsec ike-group [[パラメーター > IPSec IKE グループ名|{IPSec IKE グループ名}]] dead-peer-detection ''' action '''
 +
****: Keep-alive failure action
 +
***** <code>set vpn ipsec ike-group [[パラメーター > IPSec IKE グループ名|{IPSec IKE グループ名}]] dead-peer-detection action ''' hold '''</code>
 +
*****: Set action to hold (default)
 +
***** <code>set vpn ipsec ike-group [[パラメーター > IPSec IKE グループ名|{IPSec IKE グループ名}]] dead-peer-detection action ''' clear '''</code>
 +
*****: Set action to clear
 +
***** <code>set vpn ipsec ike-group [[パラメーター > IPSec IKE グループ名|{IPSec IKE グループ名}]] dead-peer-detection action ''' restart '''</code>
 +
*****: Set action to restart
 +
**** <code>set vpn ipsec ike-group [[パラメーター > IPSec IKE グループ名|{IPSec IKE グループ名}]] dead-peer-detection ''' interval {15-86400} '''</code>
 +
****: Keep-alive interval in seconds (default : 30)
 +
**** <code>set vpn ipsec ike-group [[パラメーター > IPSec IKE グループ名|{IPSec IKE グループ名}]] dead-peer-detection ''' timeout {30-86400} '''</code>
 +
****: Keep-alive timeout in seconds (default 120)
 +
*** set vpn ipsec ike-group [[パラメーター > IPSec IKE グループ名|{IPSec IKE グループ名}]] ''' key-exchange '''
 +
***: Key Exchange Version
 +
**** <code>set vpn ipsec ike-group [[パラメーター > IPSec IKE グループ名|{IPSec IKE グループ名}]] key-exchange ''' ikev1 '''</code>
 +
****: Use IKEv1 for Key Exchange [DEFAULT]
 +
**** <code>set vpn ipsec ike-group [[パラメーター > IPSec IKE グループ名|{IPSec IKE グループ名}]] key-exchange ''' ikev2 '''</code>
 +
****: Use IKEv2 for Key Exchange
 +
*** <code>set vpn ipsec ike-group [[パラメーター > IPSec IKE グループ名|{IPSec IKE グループ名}]] ''' lifetime {30-86400} '''</code>
 +
***: IKE lifetime in seconds (default 28800)
 +
*** set vpn ipsec ike-group [[パラメーター > IPSec IKE グループ名|{IPSec IKE グループ名}]] ''' proposal [[パラメーター > IPSec IKE グループ proposal 番号|{(1-65535) : IPSec IKE グループ proposal 番号}]] '''
 +
***: IKE-group proposal [REQUIRED]
 +
**** <code>set vpn ipsec ike-group [[パラメーター > IPSec IKE グループ名|{IPSec IKE グループ名}]] proposal [[パラメーター > IPSec IKE グループ proposal 番号|{(1-65535) : IPSec IKE グループ proposal 番号}]] ''' dh-group [[パラメーター > IPSec ESP DH グループ|{IPSec ESP DH グループ}]] '''</code>
 +
****: Diffie-Hellman (DH) key exchange group
 +
**** <code>set vpn ipsec ike-group [[パラメーター > IPSec IKE グループ名|{IPSec IKE グループ名}]] proposal [[パラメーター > IPSec IKE グループ proposal 番号|{(1-65535) : IPSec IKE グループ proposal 番号}]] ''' encryption [[パラメーター > 暗号化アルゴリズム|{暗号化アルゴリズム}]] '''</code>
 +
****: Encryption algorithm
 +
**** <code>set vpn ipsec ike-group [[パラメーター > IPSec IKE グループ名|{IPSec IKE グループ名}]] proposal [[パラメーター > IPSec IKE グループ proposal 番号|{(1-65535) : IPSec IKE グループ proposal 番号}]] ''' hash [[パラメーター > hash アルゴリズム|{hash アルゴリズム}]] '''</code>
 +
****: Hash algorithm
 +
** <code>set vpn ipsec ''' ipsec-interfaces interface [[パラメーター > hash アルゴリズム|{hash アルゴリズム}]] '''</code>
 +
**: Interface to use for VPN [REQUIRED]
 +
** <code>set vpn ipsec ''' logging log-modes [[パラメーター > IPSec log mode|{IPSec log mode}]] '''</code>
 +
**: IPsec logging
 +
** <code>set vpn ipsec ''' nat-networks allowed-network [[パラメーター > IPv4 アドレス + サブネット|{x.x.x.x/x}]] '''</code>
 +
**: Network Address Translation (NAT) networks to allow
 +
*** <code>set vpn ipsec nat-networks allowed-network [[パラメーター > IPv4 アドレス + サブネット|{x.x.x.x/x}]] ''' exclude [[パラメーター > IPv4 アドレス + サブネット|{x.x.x.x/x}]] '''</code>
 +
***: NAT networks to exclude from allowed-networks
 +
** <code>set vpn ipsec ''' nat-traversal { enable | disable } '''</code>
 +
**: Network Address Translation (NAT) traversal
 +
** set vpn ipsec ''' site-to-site peer [[パラメーター > IPSec peer|{IPSec peer}]] '''
 +
**: Site to site VPN
 +
*** set vpn ipsec site-to-site peer [[パラメーター > IPSec peer|{IPSec peer}]] ''' authentication '''
 +
***: Peer authentication [REQUIRED]
 +
**** <code>set vpn ipsec site-to-site peer [[パラメーター > IPSec peer|{IPSec peer}]] authentication ''' id [[パラメーター > IPSec Peer 認証 ID|{IPSec Peer 認証 ID}]] '''</code>
 +
****: ID for peer authentication
 +
**** set vpn ipsec site-to-site peer [[パラメーター > IPSec peer|{IPSec peer}]] authentication ''' mode '''
 +
****: Authentication mode
 +
**** <code>set vpn ipsec site-to-site peer [[パラメーター > IPSec peer|{IPSec peer}]] authentication mode ''' pre-shared-secret '''</code>
 +
****: Use pre-shared secret key
 +
**** <code>set vpn ipsec site-to-site peer [[パラメーター > IPSec peer|{IPSec peer}]] authentication mode ''' rsa '''</code>
 +
****: Use RSA key
 +
**** <code>set vpn ipsec site-to-site peer [[パラメーター > IPSec peer|{IPSec peer}]] authentication mode ''' x509 '''</code>
 +
****: Use X.509 certificate
 +
**** <code>set vpn ipsec site-to-site peer [[パラメーター > IPSec peer|{IPSec peer}]] authentication ''' pre-shared-secret [[パラメーター > IPSec Peer 認証 事前共有秘密鍵|{IPSec Peer 認証 事前共有秘密鍵}]] '''</code>
 +
****: Pre-shared secret key
 +
**** <code>set vpn ipsec site-to-site peer [[パラメーター > IPSec peer|{IPSec peer}]] authentication ''' remote-id [[パラメーター > IPSec Peer 認証 ID|{IPSec Peer 認証 ID}]] '''</code>
 +
****: ID for remote authentication
 +
**** <code>set vpn ipsec site-to-site peer [[パラメーター > IPSec peer|{IPSec peer}]] authentication ''' rsa-key-name [[パラメーター > IPSec Peer 認証 RSA キー名|{IPSec Peer 認証 RSA キー名}]] '''</code>
 +
****: RSA key name
 +
**** set vpn ipsec site-to-site peer [[パラメーター > IPSec peer|{IPSec peer}]] authentication ''' x509 '''
 +
****: X.509 certificate
 +
***** <code>set vpn ipsec site-to-site peer [[パラメーター > IPSec peer|{IPSec peer}]] authentication x509 ''' ca-cert-file [[パラメーター > path|{path}]] '''</code>
 +
*****: File containing the X.509 certificate for the Certificate Authority (CA)
 +
***** <code>set vpn ipsec site-to-site peer [[パラメーター > IPSec peer|{IPSec peer}]] authentication x509 ''' cert-file [[パラメーター > path|{path}]] '''</code>
 +
*****: File containing the X.509 certificate for this host
 +
***** <code>set vpn ipsec site-to-site peer [[パラメーター > IPSec peer|{IPSec peer}]] authentication x509 ''' crl-file [[パラメーター > path|{path}]] '''</code>
 +
*****: File containing the X.509 Certificate Revocation List (CRL)
 +
***** set vpn ipsec site-to-site peer [[パラメーター > IPSec peer|{IPSec peer}]] authentication x509 ''' key '''
 +
*****: Key file and password to open it
 +
****** <code>set vpn ipsec site-to-site peer [[パラメーター > IPSec peer|{IPSec peer}]] authentication x509 key ''' file [[パラメーター > path|{path}]] '''</code>
 +
******: File containing the private key for the X.509 certificate for this host
 +
****** <code>set vpn ipsec site-to-site peer [[パラメーター > IPSec peer|{IPSec peer}]] authentication x509 key ''' password [[パラメーター > パスワード|{パスワード}]] '''</code>
 +
******: Password that protects the private key
 +
*** set vpn ipsec site-to-site peer [[パラメーター > IPSec peer|{IPSec peer}]] ''' connection-type '''
 +
***: Connection type
 +
**** <code>set vpn ipsec site-to-site peer [[パラメーター > IPSec peer|{IPSec peer}]] connection-type ''' initiate '''</code>
 +
****: This endpoint can initiate or respond to a connection
 +
**** <code>set vpn ipsec site-to-site peer [[パラメーター > IPSec peer|{IPSec peer}]] connection-type ''' respond '''</code>
 +
****: This endpoint will only respond to a connection
 +
*** <code>set vpn ipsec site-to-site peer [[パラメーター > IPSec peer|{IPSec peer}]] ''' default-esp-group [[パラメーター > IPSec ESP グループ名|{IPSec ESP グループ名}]] '''</code>
 +
***: Defult ESP group name
 +
*** <code>set vpn ipsec site-to-site peer [[パラメーター > IPSec peer|{IPSec peer}]] ''' description [[パラメーター > 任意テキスト|{任意テキスト}]] '''</code>
 +
***: VPN peer description
 +
*** <code>set vpn ipsec site-to-site peer [[パラメーター > IPSec peer|{IPSec peer}]] ''' dhcp-interface [[パラメーター > interface|{interface}]] '''</code>
 +
***: DHCP interface to listen on
 +
*** <code>set vpn ipsec site-to-site peer [[パラメーター > IPSec peer|{IPSec peer}]] ''' ike-group [[パラメーター > IPSec IKE グループ名|{IPSec IKE グループ名}]] '''</code>
 +
***: Internet Key Exchange (IKE) group name [REQUIRED]
 +
*** <code>set vpn ipsec site-to-site peer [[パラメーター > IPSec peer|{IPSec peer}]] ''' local-address { [[パラメーター > IPv4/v6 アドレス|IPv4/v6 アドレス]] | any } '''</code>
 +
***: IPv4 or IPv6 address of a local interface to use for VPN
 +
*** set vpn ipsec site-to-site peer [[パラメーター > IPSec peer|{IPSec peer}]] ''' tunnel [[パラメーター > IPSec Peer Tunnel 番号|{(0-4294967295) : IPSec Peer Tunnel 番号}]] '''
 +
***: Peer tunnel [REQUIRED]
 +
**** <code>set vpn ipsec site-to-site peer [[パラメーター > IPSec peer|{IPSec peer}]] tunnel [[パラメーター > IPSec Peer Tunnel 番号|{(0-4294967295) : IPSec Peer Tunnel 番号}]] ''' allow-nat-networks { enable | disable } '''</code>
 +
****: Option to allow NAT networks
 +
**** <code>set vpn ipsec site-to-site peer [[パラメーター > IPSec peer|{IPSec peer}]] tunnel [[パラメーター > IPSec Peer Tunnel 番号|{(0-4294967295) : IPSec Peer Tunnel 番号}]] ''' allow-public-networks { enable | disable } '''</code>
 +
****: Option to allow public networks
 +
**** <code>set vpn ipsec site-to-site peer [[パラメーター > IPSec peer|{IPSec peer}]] tunnel [[パラメーター > IPSec Peer Tunnel 番号|{(0-4294967295) : IPSec Peer Tunnel 番号}]] ''' disable '''</code>
 +
****: Option to disable vpn tunnel
 +
**** <code>set vpn ipsec site-to-site peer [[パラメーター > IPSec peer|{IPSec peer}]] tunnel [[パラメーター > IPSec Peer Tunnel 番号|{(0-4294967295) : IPSec Peer Tunnel 番号}]] ''' esp-group [[パラメーター > IPSec ESP グループ名|{IPSec ESP グループ名}]] '''</code>
 +
****: ESP group name
 +
**** set vpn ipsec site-to-site peer [[パラメーター > IPSec peer|{IPSec peer}]] tunnel [[パラメーター > IPSec Peer Tunnel 番号|{(0-4294967295) : IPSec Peer Tunnel 番号}]] ''' local '''
 +
****: Local parameters for interesting traffic
 +
***** <code>set vpn ipsec site-to-site peer [[パラメーター > IPSec peer|{IPSec peer}]] tunnel [[パラメーター > IPSec Peer Tunnel 番号|{(0-4294967295) : IPSec Peer Tunnel 番号}]] local ''' port [[パラメーター > IPv4 ポート 条件式|{IPv4 ポート 条件式}]] '''</code>
 +
*****: Any TCP or UDP port
 +
***** <code>set vpn ipsec site-to-site peer [[パラメーター > IPSec peer|{IPSec peer}]] tunnel [[パラメーター > IPSec Peer Tunnel 番号|{(0-4294967295) : IPSec Peer Tunnel 番号}]] local ''' prefix [[パラメーター > IPv4 アドレス + サブネット|{x.x.x.x/x}]] '''</code>
 +
*****: Local IPv4 or IPv6 prefix
 +
**** <code>set vpn ipsec site-to-site peer [[パラメーター > IPSec peer|{IPSec peer}]] tunnel [[パラメーター > IPSec Peer Tunnel 番号|{(0-4294967295) : IPSec Peer Tunnel 番号}]] ''' protocol [[パラメーター > IPv4 プロトコル 条件式|{IPv4 プロトコル 条件式}]] '''</code>
 +
****: Protocol to encrypt
 +
**** set vpn ipsec site-to-site peer [[パラメーター > IPSec peer|{IPSec peer}]] tunnel [[パラメーター > IPSec Peer Tunnel 番号|{(0-4294967295) : IPSec Peer Tunnel 番号}]] ''' remote '''
 +
****: Remote parameters for interesting traffic
 +
***** <code>set vpn ipsec site-to-site peer [[パラメーター > IPSec peer|{IPSec peer}]] tunnel [[パラメーター > IPSec Peer Tunnel 番号|{(0-4294967295) : IPSec Peer Tunnel 番号}]] remote ''' port [[パラメーター > IPv4 ポート 条件式|{IPv4 ポート 条件式}]] '''</code>
 +
*****: Any TCP or UDP port
 +
***** <code>set vpn ipsec site-to-site peer [[パラメーター > IPSec peer|{IPSec peer}]] tunnel [[パラメーター > IPSec Peer Tunnel 番号|{(0-4294967295) : IPSec Peer Tunnel 番号}]] remote ''' prefix [[パラメーター > IPv4 アドレス + サブネット|{x.x.x.x/x}]] '''</code>
 +
*****: Local IPv4 or IPv6 prefix
 +
*** set vpn ipsec site-to-site peer [[パラメーター > IPSec peer|{IPSec peer}]] ''' vti '''
 +
***: Virtual tunnel interface [REQUIRED]
 +
**** <code>set vpn ipsec site-to-site peer [[パラメーター > IPSec peer|{IPSec peer}]] vti ''' bind [[パラメーター > interface|{interface/vti}]] '''</code>
 +
****: VTI tunnel interface associated with this configuration [REQUIRED]
 +
**** <code>set vpn ipsec site-to-site peer [[パラメーター > IPSec peer|{IPSec peer}]] vti ''' esp-group [[パラメーター > IPSec ESP グループ名|{IPSec ESP グループ名}]] '''</code>
 +
****: ESP group name [REQUIRED]
 +
 
=== vpn l2tp ===
 
=== vpn l2tp ===
 +
* set vpn ''' l2tp remote-access '''
 +
*: Layer 2 Tunneling Protocol (L2TP) Virtual Private Network (VPN)
 +
** set vpn l2tp remote-access ''' authentication '''
 +
**: Authentication for remote access L2TP VPN
 +
*** set vpn l2tp remote-access authentication ''' local-users username [[パラメーター > ユーザー名|{ユーザー名}]] '''
 +
***: Local user authentication for remote access L2TP VPN
 +
**** <code>set vpn l2tp remote-access authentication local-users username [[パラメーター > ユーザー名|{ユーザー名}]] ''' disable '''</code>
 +
****: Option to disable L2TP remote-access user
 +
**** <code>set vpn l2tp remote-access authentication local-users username [[パラメーター > ユーザー名|{ユーザー名}]] ''' password [[パラメーター > パスワード|{パスワード}]] '''</code>
 +
****: Password for authentication
 +
**** <code>set vpn l2tp remote-access authentication local-users username [[パラメーター > ユーザー名|{ユーザー名}]] ''' static-ip [[パラメーター > IPv4 アドレス|{x.x.x.x}]] '''</code>
 +
****: Static IP address
 +
*** set vpn l2tp remote-access authentication ''' mode '''
 +
***: Authentication mode for remote access L2TP VPN
 +
**** <code>set vpn l2tp remote-access authentication mode ''' local '''</code>
 +
****: Use username/password in the configuration
 +
**** <code>set vpn l2tp remote-access authentication mode ''' radius '''</code>
 +
****: Use Radius server
 +
*** <code>set vpn l2tp remote-access authentication ''' radius-server [[パラメーター > IPv4 アドレス|{x.x.x.x}]] '''</code>
 +
***: IP address of radius server
 +
**** <code>set vpn l2tp remote-access authentication radius-server [[パラメーター > IPv4 アドレス|{x.x.x.x}]] ''' key [[パラメーター > Radius Server アクセスキー|{Radius Server アクセスキー}]] '''</code>
 +
****: Key for accessing the specified server
 +
** set vpn l2tp remote-access ''' client-ip-pool '''
 +
**: Pool of IP address to be assigned to remote clients
 +
*** <code>set vpn l2tp remote-access client-ip-pool ''' start [[パラメーター > IPv4 アドレス|{x.x.x.x}]] '''</code>
 +
***: First IP address in the pool
 +
*** <code>set vpn l2tp remote-access client-ip-pool ''' stop [[パラメーター > IPv4 アドレス|{x.x.x.x}]] '''</code>
 +
***: Last IP address in the pool
 +
** <code>set vpn l2tp remote-access ''' description [[パラメーター > 任意テキスト|{任意テキスト}]] '''</code>
 +
**: Description for L2TP remote-access settings
 +
** <code>set vpn l2tp remote-access ''' dhcp-interface [[パラメーター > interface|{interface}]] '''</code>
 +
**: DHCP interface to listen on
 +
** set vpn l2tp remote-access ''' dns-servers '''
 +
**: Domain Name Service (DNS) server
 +
*** <code>set vpn l2tp remote-access dns-servers ''' server-1 [[パラメーター > IPv4 アドレス|{x.x.x.x}]] '''</code>
 +
***: Primary DNS server
 +
*** <code>set vpn l2tp remote-access dns-servers ''' server-2 [[パラメーター > IPv4 アドレス|{x.x.x.x}]] '''</code>
 +
***: Secondary DNS server
 +
** set vpn l2tp remote-access ''' ipsec-settings '''
 +
**: Internet Protocol Security (IPsec) for remote access L2TP VPN
 +
*** set vpn l2tp remote-access ipsec-settings ''' authentication '''
 +
***: IPsec authentication settings
 +
**** set vpn l2tp remote-access ipsec-settings authentication ''' mode '''
 +
****: Authentication mode for IPsec
 +
***** <code>set vpn l2tp remote-access ipsec-settings authentication mode ''' pre-shared-secret '''</code>
 +
*****: Use pre-shared secret for IPsec authentication
 +
***** <code>set vpn l2tp remote-access ipsec-settings authentication mode ''' x509 '''</code>
 +
*****: Use X.509 certificate for IPsec authentication
 +
**** <code>set vpn l2tp remote-access ipsec-settings authentication ''' pre-shared-secret [[パラメーター > IPSec Peer 認証 事前共有秘密鍵|{IPSec Peer 認証 事前共有秘密鍵}]] '''</code>
 +
****: Pre-shared secret for IPsec
 +
**** set vpn l2tp remote-access ipsec-settings authentication ''' x509 '''
 +
****: X.509 certificate
 +
***** <code>set vpn l2tp remote-access ipsec-settings authentication x509 ''' ca-cert-file [[パラメーター > path|{path}]] '''</code>
 +
*****: File containing the X.509 certificate for the Certificate Authority (CA)
 +
***** <code>set vpn l2tp remote-access ipsec-settings authentication x509 ''' cert-file [[パラメーター > path|{path}]] '''</code>
 +
*****: File containing the X.509 certificate for this host
 +
***** <code>set vpn l2tp remote-access ipsec-settings authentication x509 ''' crl-file [[パラメーター > path|{path}]] '''</code>
 +
*****: File containing the X.509 Certificate Revocation List (CRL)
 +
***** <code>set vpn l2tp remote-access ipsec-settings authentication x509 ''' server-cert-file [[パラメーター > path|{path}]] '''</code>
 +
*****: File containing the X.509 certificate for the remote access VPN server (this host)
 +
***** <code>set vpn l2tp remote-access ipsec-settings authentication x509 ''' server-key-file [[パラメーター > path|{path}]] '''</code>
 +
*****: File containing the private key for the X.509 certificate for the remote access VPN server (this host)
 +
***** <code>set vpn l2tp remote-access ipsec-settings authentication x509 ''' server-key-password [[パラメーター > パスワード|{パスワード}]] '''</code>
 +
*****: Password that protects the private key
 +
*** <code>set vpn l2tp remote-access ipsec-settings ''' ike-lifetime {30-86400} '''</code>
 +
***: IKE lifetime in seconds (default : 3600)
 +
** <code>set vpn l2tp remote-access ''' local-ip [[パラメーター > IPv4 アドレス|{x.x.x.x}]] '''</code>
 +
**: Optional IP address to use on the local side of the tunnel
 +
** <code>set vpn l2tp remote-access ''' mtu {128-16384} '''</code>
 +
**: Maximum Transmission Unit (MTU)
 +
** <code>set vpn l2tp remote-access ''' outside-address [[パラメーター > IPv4 アドレス|{x.x.x.x}]] '''</code>
 +
**: Outside IP address to which VPN clients will connect
 +
** <code>set vpn l2tp remote-access ''' outside-nexthop [[パラメーター > IPv4 アドレス|{x.x.x.x}]] '''</code>
 +
**: Nexthop IP address for reaching the VPN clients
 +
** set vpn l2tp remote-access ''' wins-servers '''
 +
**: Windows Inernet Name Service (WINS) server settings
 +
*** <code>set vpn l2tp remote-access wins-servers ''' server-1 [[パラメーター > IPv4 アドレス|{x.x.x.x}]] '''</code>
 +
***: Primary WINS server
 +
*** <code>set vpn l2tp remote-access wins-servers ''' server-2 [[パラメーター > IPv4 アドレス|{x.x.x.x}]] '''</code>
 +
***: Secondary WINS server
 +
 
=== vpn pptp ===
 
=== vpn pptp ===
 +
* set vpn ''' pptp remote-access '''
 +
*: Point to Point Tunneling Protocol (PPTP) Virtual Private Network (VPN)
 +
** set vpn pptp remote-access ''' authentication '''
 +
**: Authentication for remote access PPTP VPN
 +
*** set vpn pptp remote-access authentication ''' local-users username [[パラメーター > ユーザー名|{ユーザー名}]] '''
 +
***: Local user authentication for remote access PPTP VPN
 +
**** <code>set vpn pptp remote-access authentication local-users username [[パラメーター > ユーザー名|{ユーザー名}]] ''' disable '''</code>
 +
****: Option to disable a PPTP remote-access user
 +
**** <code>set vpn pptp remote-access authentication local-users username [[パラメーター > ユーザー名|{ユーザー名}]] ''' password [[パラメーター > パスワード|{パスワード}]] '''</code>
 +
****: Password for authentication
 +
**** <code>set vpn pptp remote-access authentication local-users username [[パラメーター > ユーザー名|{ユーザー名}]] ''' static-ip [[パラメーター > IPv4 アドレス|{x.x.x.x}]] '''</code>
 +
****: Static IP address
 +
*** set vpn pptp remote-access authentication ''' mode '''
 +
***: Authentication mode for remote access PPTP VPN
 +
**** <code>set vpn pptp remote-access authentication mode ''' local '''</code>
 +
****: Use username/password in the configuration
 +
**** <code>set vpn pptp remote-access authentication mode ''' radius '''</code>
 +
****: Use Radius server
 +
*** <code>set vpn pptp remote-access authentication ''' radius-server [[パラメーター > IPv4 アドレス|{x.x.x.x}]] '''</code>
 +
***: IP address of radius server
 +
**** <code>set vpn pptp remote-access authentication radius-server [[パラメーター > IPv4 アドレス|{x.x.x.x}]] ''' key [[パラメーター > Radius Server アクセスキー|{Radius Server アクセスキー}]] '''</code>
 +
****: Key for accessing the specified server
 +
** set vpn pptp remote-access ''' client-ip-pool '''
 +
**: Pool of client IP address (must be within a /24)
 +
*** <code>set vpn pptp remote-access client-ip-pool ''' start [[パラメーター > IPv4 アドレス|{x.x.x.x}]] '''</code>
 +
***: First IP address in the pool
 +
*** <code>set vpn pptp remote-access client-ip-pool ''' stop [[パラメーター > IPv4 アドレス|{x.x.x.x}]] '''</code>
 +
***: Last IP address in the pool
 +
** <code>set vpn pptp remote-access ''' dhcp-interface [[パラメーター > interface|{interface}]] '''</code>
 +
**: DHCP interface to listen on
 +
** set vpn pptp remote-access ''' dns-servers '''
 +
**: Domain Name Service (DNS) server
 +
*** <code>set vpn pptp remote-access dns-servers ''' server-1 [[パラメーター > IPv4 アドレス|{x.x.x.x}]] '''</code>
 +
***: Primary DNS server
 +
*** <code>set vpn pptp remote-access dns-servers ''' server-2 [[パラメーター > IPv4 アドレス|{x.x.x.x}]] '''</code>
 +
***: Secondary DNS server
 +
** <code>set vpn pptp remote-access ''' local-ip [[パラメーター > IPv4 アドレス|{x.x.x.x}]] '''</code>
 +
**: Optional IP address to use one the local side of the tunnel
 +
** <code>set vpn pptp remote-access ''' mtu {128-16384} '''</code>
 +
**: Maximum Transmission Unit (MTU) (default : 1492)
 +
** <code>set vpn pptp remote-access ''' outside-address [[パラメーター > IPv4 アドレス|{x.x.x.x}]] '''</code>
 +
**: Outside IP address to which VPN clients will connect
 +
** set vpn pptp remote-access ''' wins-servers '''
 +
**: Windows Internet Name Service (WINS) server settings
 +
*** <code>set vpn pptp remote-access wins-servers ''' server-1 [[パラメーター > IPv4 アドレス|{x.x.x.x}]] '''</code>
 +
***: Primary WINS server
 +
*** <code>set vpn pptp remote-access wins-servers ''' server-2 [[パラメーター > IPv4 アドレス|{x.x.x.x}]] '''</code>
 +
***: Secondary WINS server
 +
 
=== vpn rsa-keys ===
 
=== vpn rsa-keys ===
 +
* set vpn ''' rsa-keys '''
 +
*: RSA keys
 +
** <code>set vpn rsa-keys ''' local-key  file [[パラメーター > path|{path}]] '''</code>
 +
**: Local RSA key
 +
** <code>set vpn rsa-keys ''' rsa-key-name [[パラメーター > VPN RSA キー名|{VPN RSA キー名}]] '''</code>
 +
**: Name of remote RSA key
 +
*** <code>set vpn rsa-keys rsa-key-name ''' rsa-key '''</code>
 +
***: Remote RSA key
 +
 +
<!--
 +
== 動作確認 ==
 +
-->
  
  
43行目: 339行目:
 
[[Category:設定編集系コマンド]]
 
[[Category:設定編集系コマンド]]
 
[[Category:設定要素]]
 
[[Category:設定要素]]
[[Category:(管理用:コマンド v1.20)]]
+
[[Category:(管理用:コマンド v1.25)]]
 
[[Category:作成中]]
 
[[Category:作成中]]

2015年12月14日 (月) 16:16時点における版

このページの概要

当ページでは、Configure モード 設定編集系 コマンドで vpn を利用する方法をご紹介します。


解説


vpn のパラメーター

index

  • vpn ipsec
    VPN IP security (IPsec) parameters
  • vpn l2tp
    Layer 2 Tunneling Protocol (L2TP) Virtual Private Network (VPN)
  • vpn pptp
    Point to Point Tunneling Protocol (PPTP) Virtual Private Network (VPN)
  • vpn rsa-keys
    RSA keys


vpn ipsec

vpn l2tp

  • set vpn l2tp remote-access
    Layer 2 Tunneling Protocol (L2TP) Virtual Private Network (VPN)
    • set vpn l2tp remote-access authentication
      Authentication for remote access L2TP VPN
      • set vpn l2tp remote-access authentication local-users username {ユーザー名}
        Local user authentication for remote access L2TP VPN
        • set vpn l2tp remote-access authentication local-users username {ユーザー名} disable
          Option to disable L2TP remote-access user
        • set vpn l2tp remote-access authentication local-users username {ユーザー名} password {パスワード}
          Password for authentication
        • set vpn l2tp remote-access authentication local-users username {ユーザー名} static-ip {x.x.x.x}
          Static IP address
      • set vpn l2tp remote-access authentication mode
        Authentication mode for remote access L2TP VPN
        • set vpn l2tp remote-access authentication mode local
          Use username/password in the configuration
        • set vpn l2tp remote-access authentication mode radius
          Use Radius server
      • set vpn l2tp remote-access authentication radius-server {x.x.x.x}
        IP address of radius server
    • set vpn l2tp remote-access client-ip-pool
      Pool of IP address to be assigned to remote clients
      • set vpn l2tp remote-access client-ip-pool start {x.x.x.x}
        First IP address in the pool
      • set vpn l2tp remote-access client-ip-pool stop {x.x.x.x}
        Last IP address in the pool
    • set vpn l2tp remote-access description {任意テキスト}
      Description for L2TP remote-access settings
    • set vpn l2tp remote-access dhcp-interface {interface}
      DHCP interface to listen on
    • set vpn l2tp remote-access dns-servers
      Domain Name Service (DNS) server
      • set vpn l2tp remote-access dns-servers server-1 {x.x.x.x}
        Primary DNS server
      • set vpn l2tp remote-access dns-servers server-2 {x.x.x.x}
        Secondary DNS server
    • set vpn l2tp remote-access ipsec-settings
      Internet Protocol Security (IPsec) for remote access L2TP VPN
      • set vpn l2tp remote-access ipsec-settings authentication
        IPsec authentication settings
        • set vpn l2tp remote-access ipsec-settings authentication mode
          Authentication mode for IPsec
          • set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret
            Use pre-shared secret for IPsec authentication
          • set vpn l2tp remote-access ipsec-settings authentication mode x509
            Use X.509 certificate for IPsec authentication
        • set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret {IPSec Peer 認証 事前共有秘密鍵}
          Pre-shared secret for IPsec
        • set vpn l2tp remote-access ipsec-settings authentication x509
          X.509 certificate
          • set vpn l2tp remote-access ipsec-settings authentication x509 ca-cert-file {path}
            File containing the X.509 certificate for the Certificate Authority (CA)
          • set vpn l2tp remote-access ipsec-settings authentication x509 cert-file {path}
            File containing the X.509 certificate for this host
          • set vpn l2tp remote-access ipsec-settings authentication x509 crl-file {path}
            File containing the X.509 Certificate Revocation List (CRL)
          • set vpn l2tp remote-access ipsec-settings authentication x509 server-cert-file {path}
            File containing the X.509 certificate for the remote access VPN server (this host)
          • set vpn l2tp remote-access ipsec-settings authentication x509 server-key-file {path}
            File containing the private key for the X.509 certificate for the remote access VPN server (this host)
          • set vpn l2tp remote-access ipsec-settings authentication x509 server-key-password {パスワード}
            Password that protects the private key
      • set vpn l2tp remote-access ipsec-settings ike-lifetime {30-86400}
        IKE lifetime in seconds (default : 3600)
    • set vpn l2tp remote-access local-ip {x.x.x.x}
      Optional IP address to use on the local side of the tunnel
    • set vpn l2tp remote-access mtu {128-16384}
      Maximum Transmission Unit (MTU)
    • set vpn l2tp remote-access outside-address {x.x.x.x}
      Outside IP address to which VPN clients will connect
    • set vpn l2tp remote-access outside-nexthop {x.x.x.x}
      Nexthop IP address for reaching the VPN clients
    • set vpn l2tp remote-access wins-servers
      Windows Inernet Name Service (WINS) server settings
      • set vpn l2tp remote-access wins-servers server-1 {x.x.x.x}
        Primary WINS server
      • set vpn l2tp remote-access wins-servers server-2 {x.x.x.x}
        Secondary WINS server

vpn pptp

  • set vpn pptp remote-access
    Point to Point Tunneling Protocol (PPTP) Virtual Private Network (VPN)
    • set vpn pptp remote-access authentication
      Authentication for remote access PPTP VPN
      • set vpn pptp remote-access authentication local-users username {ユーザー名}
        Local user authentication for remote access PPTP VPN
        • set vpn pptp remote-access authentication local-users username {ユーザー名} disable
          Option to disable a PPTP remote-access user
        • set vpn pptp remote-access authentication local-users username {ユーザー名} password {パスワード}
          Password for authentication
        • set vpn pptp remote-access authentication local-users username {ユーザー名} static-ip {x.x.x.x}
          Static IP address
      • set vpn pptp remote-access authentication mode
        Authentication mode for remote access PPTP VPN
        • set vpn pptp remote-access authentication mode local
          Use username/password in the configuration
        • set vpn pptp remote-access authentication mode radius
          Use Radius server
      • set vpn pptp remote-access authentication radius-server {x.x.x.x}
        IP address of radius server
    • set vpn pptp remote-access client-ip-pool
      Pool of client IP address (must be within a /24)
      • set vpn pptp remote-access client-ip-pool start {x.x.x.x}
        First IP address in the pool
      • set vpn pptp remote-access client-ip-pool stop {x.x.x.x}
        Last IP address in the pool
    • set vpn pptp remote-access dhcp-interface {interface}
      DHCP interface to listen on
    • set vpn pptp remote-access dns-servers
      Domain Name Service (DNS) server
      • set vpn pptp remote-access dns-servers server-1 {x.x.x.x}
        Primary DNS server
      • set vpn pptp remote-access dns-servers server-2 {x.x.x.x}
        Secondary DNS server
    • set vpn pptp remote-access local-ip {x.x.x.x}
      Optional IP address to use one the local side of the tunnel
    • set vpn pptp remote-access mtu {128-16384}
      Maximum Transmission Unit (MTU) (default : 1492)
    • set vpn pptp remote-access outside-address {x.x.x.x}
      Outside IP address to which VPN clients will connect
    • set vpn pptp remote-access wins-servers
      Windows Internet Name Service (WINS) server settings
      • set vpn pptp remote-access wins-servers server-1 {x.x.x.x}
        Primary WINS server
      • set vpn pptp remote-access wins-servers server-2 {x.x.x.x}
        Secondary WINS server

vpn rsa-keys

  • set vpn rsa-keys
    RSA keys
    • set vpn rsa-keys local-key file {path}
      Local RSA key
    • set vpn rsa-keys rsa-key-name {VPN RSA キー名}
      Name of remote RSA key
      • set vpn rsa-keys rsa-key-name rsa-key
        Remote RSA key


関連項目



凡例

「★」は、不明であることを表しています。

注意事項

動作の確認は、EdgeRouter X : ER-X にて行っています。 他のモデルでは、一部動作が異なる可能性があります。

ご意見を共有しましょう