Skip to content

Example: openvpn over openvpn

Alt text

r1

hostname r1
vrf def v1
 rd 1:1
 exit
int eth1
 vrf for v1
 ipv4 addr 1.1.1.1 255.255.255.0
 exit
crypto ipsec ips1
 cipher des
 hash md5
 key 22f9c676f655336c3f3188b8d9cc759903733212ed77231bc38126b6000b043f1f56d07b885f4d00676afd8fea25c88fa917294d8f1e89b84922d5d2556de977beac2f254ba2b67477131f4d4708cb509f4c9f784780465462e502d29183665bbd5eff6bdc27370f05aa1d856b497a1f7ef5f20bad7aff155619a4b09849fab814ee76e7121c2adf85326db4c1cce132200ca3e4d03930f765ba96a8c46f1ab374beb73e79093d60879a8d9585f2feb987d89e65a33ef3857f3b09df80a2403f6c50dc50439e258d61c7dac377514a8d281c10feeea79ae7b063064aec3989b4d867bb24182f7d007ad41284ee6577053dae2cc289dd39e66cd8fe7089b7015f
 exit
crypto ipsec ips2
 cipher des
 hash md5
 key 22f9c676f655336c3f3188b8d9cc759903733212ed77231bc38126b6000b043f1f56d07b885f4d00676afd8fea25c88fa917294d8f1e89b84922d5d2556de977beac2f254ba2b67477131f4d4708cb509f4c9f784780465462e502d29183665bbd5eff6bdc27370f05aa1d856b497a1f7ef5f20bad7aff155619a4b09849fab814ee76e7121c2adf85326db4c1cce132200ca3e4d03930f765ba96a8c46f1ab374beb73e79093d60879a8d9585f2feb987d89e65a33ef3857f3b09df80a2403f6c50dc50439e258d61c7dac377514a8d281c10feeea79ae7b063064aec3989b4d867bb24182f7d007ad41284ee6577053dae2cc289dd39e66cd8fe7089b7015f
 exit
int tun1
 tunnel vrf v1
 tunnel prot ips2
 tunnel mode openvpn
 tunnel source ethernet1
 tunnel destination 1.1.1.2
 vrf for v1
 ipv4 addr 2.2.2.1 255.255.255.0
 exit
int tun2
 tunnel vrf v1
 tunnel prot ips1
 tunnel mode openvpn
 tunnel source tun1
 tunnel destination 2.2.2.2
 vrf for v1
 ipv4 addr 3.3.3.1 255.255.255.0
 ipv6 addr 1234::1 ffff::
 exit

r2

hostname r2
vrf def v1
 rd 1:1
 exit
int eth1
 vrf for v1
 ipv4 addr 1.1.1.2 255.255.255.0
 exit
crypto ipsec ips1
 cipher des
 hash md5
 key 22f9c676f655336c3f3188b8d9cc759903733212ed77231bc38126b6000b043f1f56d07b885f4d00676afd8fea25c88fa917294d8f1e89b84922d5d2556de977beac2f254ba2b67477131f4d4708cb509f4c9f784780465462e502d29183665bbd5eff6bdc27370f05aa1d856b497a1f7ef5f20bad7aff155619a4b09849fab814ee76e7121c2adf85326db4c1cce132200ca3e4d03930f765ba96a8c46f1ab374beb73e79093d60879a8d9585f2feb987d89e65a33ef3857f3b09df80a2403f6c50dc50439e258d61c7dac377514a8d281c10feeea79ae7b063064aec3989b4d867bb24182f7d007ad41284ee6577053dae2cc289dd39e66cd8fe7089b7015f
 exit
crypto ipsec ips2
 cipher des
 hash md5
 key 22f9c676f655336c3f3188b8d9cc759903733212ed77231bc38126b6000b043f1f56d07b885f4d00676afd8fea25c88fa917294d8f1e89b84922d5d2556de977beac2f254ba2b67477131f4d4708cb509f4c9f784780465462e502d29183665bbd5eff6bdc27370f05aa1d856b497a1f7ef5f20bad7aff155619a4b09849fab814ee76e7121c2adf85326db4c1cce132200ca3e4d03930f765ba96a8c46f1ab374beb73e79093d60879a8d9585f2feb987d89e65a33ef3857f3b09df80a2403f6c50dc50439e258d61c7dac377514a8d281c10feeea79ae7b063064aec3989b4d867bb24182f7d007ad41284ee6577053dae2cc289dd39e66cd8fe7089b7015f
 exit
int tun1
 tunnel vrf v1
 tunnel prot ips2
 tunnel mode openvpn
 tunnel source ethernet1
 tunnel destination 1.1.1.1
 vrf for v1
 ipv4 addr 2.2.2.2 255.255.255.0
 exit
int tun2
 tunnel vrf v1
 tunnel prot ips1
 tunnel mode openvpn
 tunnel source tun1
 tunnel destination 2.2.2.1
 vrf for v1
 ipv4 addr 3.3.3.2 255.255.255.0
 ipv6 addr 1234::2 ffff::
 exit
r1 tping 100 5 1.1.1.2 vrf v1
r2 tping 100 5 1.1.1.1 vrf v1
r1 tping 100 5 2.2.2.2 vrf v1
r2 tping 100 5 2.2.2.1 vrf v1
r1 tping 100 5 3.3.3.2 vrf v1
r2 tping 100 5 3.3.3.1 vrf v1
r1 tping 100 5 1234::2 vrf v1
r2 tping 100 5 1234::1 vrf v1
  1. Install ContainerLab as described here
  2. Fetch crypt-openvpn03 file
  3. Launch ContainerLab crypt-openvpn03.yml topology:

   containerlab deploy --topo crypt-openvpn03.yml  
4. Destroy ContainerLab crypt-openvpn03.yml topology:

   containerlab destroy --topo crypt-openvpn03.yml  
5. Copy-paste configuration for each node in the lab topology

  1. Fetch or compile freeRtr rtr.jar file.
    You can grab it here
  2. Fetch crypt-openvpn03.tst file here
  3. Launch crypt-openvpn03.tst test:

   java -jar ../../rtr.jar test tester crypt-openvpn03 path ./ temp ./ wait
4. Destroy freeRtr crypt-openvpn03.tst test:

   Ctrl-C (In freeRtr test window)