{"id":7,"date":"2009-10-08T04:55:17","date_gmt":"2009-10-08T08:55:17","guid":{"rendered":"http:\/\/ahmeddirie.com\/?p=7"},"modified":"2016-02-29T10:44:45","modified_gmt":"2016-02-29T15:44:45","slug":"virtualizing-vyatta-on-the-cloud","status":"publish","type":"post","link":"https:\/\/ahmeddirie.com\/blog\/networking\/virtualizing-vyatta-on-the-cloud\/","title":{"rendered":"Virtualizing Vyatta on the cloud"},"content":{"rendered":"

Vyatta is the underdog in the great world of routing. For long, corporations have been tied down on expensive and proprietary hardware. With Vyatta, it runs on standard x86 hardware and can accomplish what a Cisco router can, and attain better performance without the bloated cost.<\/p>\n

<\/p>\n

OK, enough of the sales pitch (they aren\u2019t paying me for this).<\/p>\n

\"vyatta-logo\"<\/p>\n

Vyatta, is an operating system, which has been built on top of Debian (Lenny for the most recent). Much of the linux commands can still be used, once out of Vyatta mode. When setting up Vyatta on your machine, you generally need the boot disk. In the hosted environment industry, you generally do not see Vyatta from the options of OS to choose from during instance creation.<\/p>\n

If I could simply do a [yum install vyatta] or [aptitude install vyatta], I wouldn\u2019t be sweating this bit at all. This posed somewhat of a problem. To my luck, Robert from Vyatta has posted an image of Vyatta for the Amazon EC2.<\/p>\n

(don\u2019t forget to choose the AKI and ARI during instance creation)<\/p>\n

AMI: ami-c5e502ac
\nAKI: aki-a88d6ac1
\nARI: ari-a98d6ac0<\/p>\n

The overall setup here is quite different than the\u00a0Windows\/Dynamips\/Cisco<\/a> setup I tried in the previous post.<\/p>\n

Vyatta Router on a Virtualized Environment<\/strong><\/p>\n

\"vyatta-network\"<\/strong><\/p>\n

I’ve worked with Vyatta before. Basic configurations were quick to get into. They also provide you with documentation that includes configuration steps. Getting VPN going was also quick.<\/p>\n

VPN Configuration<\/strong><\/p>\n

\r\nvpn {\r\n     ipsec {\r\n          esp-group ESP-Name {\r\n               compression disable\r\n               lifetime 3600\r\n               mode tunnel\r\n               pfs enable\r\n               proposal 1 {\r\n                    encryption aes256\r\n                    hash sha1\r\n               }\r\n          }\r\n          ike-group IKE-Name {\r\n               aggressive-mode disable\r\n               lifetime 3600\r\n               proposal 1 {\r\n                    encryption aes256\r\n                    hash sha1\r\n               }\r\n          }\r\n          ipsec-interfaces {\r\n               interface eth0\r\n          }\r\n          site-to-site {\r\n               peer 10.10.1.1 {\r\n                    authentication {\r\n                         mode pre-shared-secret\r\n                         pre-shared-secret Your-Secret\r\n                    }\r\n                    ike-group IKE1\r\n                    local-ip 172.16.1.1\r\n                    tunnel 1 {\r\n                         allow-nat-networks disable\r\n                         allow-public-networks disable\r\n                         esp-group ESP-Name\r\n                         local-subnet 192.168.100.0\/24\r\n                         remote-subnet 192.168.200.0\/24\r\n                    }\r\n               }\r\n          }\r\n     }\r\n<\/pre>\n
Some Errors<\/strong><\/p>\n
I struggled with getting VPN to communicate with the outside world. At times, I would get an error saying that Vyatta was unable to start pluto. I also overlooked opening ports 500 and 4500 on the firewall.<\/p>\n
Resolutions<\/strong><\/p>\n
To start, make sure you open port 500. Just in case the other side requires 4500, also open that port. Amazon lets through the ESP protocol, and you won\u2019t have to worry about it. Finally, when all is said and done, start the VPN process. This is the one command that held me back for over a day.<\/p>\n
clear vpn ipsec-process<\/em><\/p>\n
Voila!<\/p>\n","protected":false},"excerpt":{"rendered":"
Vyatta is the underdog in the great world of routing. For long, corporations have been tied down on expensive and proprietary hardware. With Vyatta, it runs on standard x86 hardware and can accomplish what a Cisco router can, and attain better performance without the bloated cost.<\/p>\n","protected":false},"author":2,"featured_media":2978,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[85],"tags":[87,78,89,88,60,69,484,86,80,84,85,64,16],"_links":{"self":[{"href":"https:\/\/ahmeddirie.com\/blog\/wp-json\/wp\/v2\/posts\/7"}],"collection":[{"href":"https:\/\/ahmeddirie.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ahmeddirie.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ahmeddirie.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/ahmeddirie.com\/blog\/wp-json\/wp\/v2\/comments?post=7"}],"version-history":[{"count":17,"href":"https:\/\/ahmeddirie.com\/blog\/wp-json\/wp\/v2\/posts\/7\/revisions"}],"predecessor-version":[{"id":2979,"href":"https:\/\/ahmeddirie.com\/blog\/wp-json\/wp\/v2\/posts\/7\/revisions\/2979"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ahmeddirie.com\/blog\/wp-json\/wp\/v2\/media\/2978"}],"wp:attachment":[{"href":"https:\/\/ahmeddirie.com\/blog\/wp-json\/wp\/v2\/media?parent=7"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ahmeddirie.com\/blog\/wp-json\/wp\/v2\/categories?post=7"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ahmeddirie.com\/blog\/wp-json\/wp\/v2\/tags?post=7"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}