#
# IPsecを使用したVPN拠点間接続(IPv6 IPoE) : コマンド設定
#

#
# 拠点1 ルーター(1) (ひかり電話契約なし)
#

#
# ゲートウェイの設定
#
ip route 192.168.102.0/24 gateway tunnel 1

#
# LANインターフェースの設定 (LAN1ポートを使用)
#
ip lan1 address 192.168.101.1/24

#
# WANインターフェースの設定 (LAN2ポートを使用)
#
ipv6 prefix 1 ra-prefix@lan2::/64
ipv6 lan1 address ra-prefix@lan2::1/64
ipv6 lan1 rtadv send 1 o_flag=on
ipv6 lan1 dhcp service server
ipv6 lan2 secure filter in 1010 1011 1012 1013 1040 1041 1042
ipv6 lan2 secure filter out 3000 dynamic 100 101 102 103 104 105 118 119
ipv6 lan2 dhcp service client ir=on
ngn type lan2 ntt
netvolante-dns hostname host lan1 server=1 (ネットボランチDNSホストアドレス) ipv6 address

#
# VPN(IPsec)の設定
#
tunnel select 1
ipsec tunnel 1
ipsec sa policy 1 1 esp aes-cbc sha-hmac
ipsec ike keepalive log 1 off
ipsec ike keepalive use 1 on heartbeat 10 6
ipsec ike nat-traversal 1 on
ipsec ike pre-shared-key 1 text (拠点2との事前共有鍵)
ipsec ike remote address 1 (拠点2のネットボランチDNSホストアドレス)
ip tunnel tcp mss limit auto
tunnel enable 1
ipsec auto refresh on

#
# フィルターの設定
#
ipv6 filter 1010 pass * * icmp6 * *
ipv6 filter 1011 pass * * tcp * ident
ipv6 filter 1012 pass * * udp * 546
ipv6 filter 1013 pass * * 4
ipv6 filter 1040 pass * * udp * 500
ipv6 filter 1041 pass * * esp
ipv6 filter 1042 pass * * udp * 4500
ipv6 filter 3000 pass * * * * *
ipv6 filter dynamic 100 * * ftp
ipv6 filter dynamic 101 * * domain
ipv6 filter dynamic 102 * * www
ipv6 filter dynamic 103 * * smtp
ipv6 filter dynamic 104 * * pop3
ipv6 filter dynamic 105 * * submission
ipv6 filter dynamic 118 * * tcp
ipv6 filter dynamic 119 * * udp

#
# DHCPの設定
#
dhcp service server
dhcp server rfc2131 compliant except remain-silent
dhcp scope 1 192.168.101.2-192.168.101.191/24

#
# DNSの設定
#
dns host lan1
dns server dhcp lan2