#
# Oracle Cloud Infrastructure と VPN(IPsec) 接続するルーターの設定 : コマンド設定
#

#
# ルーターの設定(2)
#

#
# ゲートウェイの設定
#
ip route (VCNのLAN側ネットワークアドレス) gateway tunnel 1 hide gateway tunnel 2 hide

#
# VPN(IPsec)の設定1
#
tunnel select 1
description tunnel OCI-VPN1
ipsec tunnel 1
ipsec sa policy 1 1 esp aes256-cbc sha256-hmac
ipsec ike duration ipsec-sa 1 3600
ipsec ike duration isakmp-sa 1 28800
ipsec ike encryption 1 aes256-cbc
ipsec ike group 1 modp1536
ipsec ike hash 1 sha256
ipsec ike keepalive log 1 off
ipsec ike keepalive use 1 on dpd
ipsec ike local address 1 (ルーターの固定グローバルIPアドレス)
ipsec ike local id 1 0.0.0.0/0
ipsec ike nat-traversal 1 on
ipsec ike pfs 1 on
ipsec ike pre-shared-key 1 text (DRGの1つ目の事前共有鍵)
ipsec ike remote address 1 (DRGの1つ目のグローバルIPアドレス)
ipsec ike remote id 1 0.0.0.0/0
tunnel enable 1

#
# VPN(IPsec)の設定2
#
tunnel select 2
description tunnel OCI-VPN2
ipsec tunnel 2
ipsec sa policy 2 2 esp aes256-cbc sha256-hmac
ipsec ike duration ipsec-sa 2 3600
ipsec ike duration isakmp-sa 2 28800
ipsec ike encryption 2 aes256-cbc
ipsec ike group 2 modp1536
ipsec ike hash 2 sha256
ipsec ike keepalive log 2 off
ipsec ike keepalive use 2 on dpd
ipsec ike local address 2 (ルーターの固定グローバルIPアドレス)
ipsec ike local id 2 0.0.0.0/0
ipsec ike nat-traversal 2 on
ipsec ike pfs 2 on
ipsec ike pre-shared-key 2 text (DRGの2つ目の事前共有鍵)
ipsec ike remote address 2 (DRGの2つ目のグローバルIPアドレス)
ipsec ike remote id 2 0.0.0.0/0
tunnel enable 2

#
# VPN(IPsec)の設定
#（共通項目）
#
ipsec auto refresh on