完成図
環境
回線:コミュファ光ホーム1G タイプC契約
HGW:Aterm WH862A
ルータ: NEC IX2215
事前準備
予めNECのクラウドサービス、NW-meisterには会員登録をしてください。
下記nabeyaki様の記事を参考にしてONUの設定を行いました。ONUのLAN1ポートからIX2215のGE0にLANケーブルで繋いでいます。
最終的なコンフィグ
このコンフィグはISPから降ってくるipv4,ipv6のDNSまで確認しました。
192.168.0.0/24での単一セグメントで使っています、VLAN切りたい方は別の記事を参照してください。
VPNはWindows11にて接続確認までは行いました(24/08/13)。
! NEC Portable Internetwork Core Operating System Software
! IX Series IX2215 (magellan-sec) Software, Version 10.9.11, RELEASE SOFTWARE
! Compiled Dec 15-Fri-2023 13:35:51 JST #2
! Last updated Aug 12-Mon-2024 11:12:33 JST
!
hostname 1F-RT
timezone +09 00
!
logging buffered 131072
logging subsystem all warn
logging timestamp datetime
!
username admin password hash hogehoge administrator
!
!
ids ip type all action discard
ids logging-interval 10
!
!
ip ufs-cache enable
ip route default GigaEthernet0.1
ip dhcp enable
ip access-list web-http-acl permit ip src any dest 192.168.0.254/32
ip access-list web_vpnlist permit ip src any dest any
!
!
ipv6 ufs-cache enable
ipv6 route default GigaEthernet0.1
ipv6 dhcp enable
ipv6 access-list block-list deny ip src any dest any
ipv6 access-list dhcpv6-list permit udp src any sport any dest any dport eq 546
ipv6 access-list dhcpv6-list permit udp src any sport any dest any dport eq 547
ipv6 access-list icmpv6-list permit icmp src any dest any
ipv6 access-list permit-list permit ip src any dest any
ipv6 access-list dynamic dflt-list access permit-list
!
ike nat-traversal
!
ike proposal web_l2tp_ikeprop1 encryption aes-256 hash sha group 1024-bit
ike proposal web_l2tp_ikeprop2 encryption aes hash sha group 2048-bit
ike proposal web_l2tp_ikeprop3 encryption aes hash sha group 1024-bit
ike proposal web_l2tp_ikeprop4 encryption 3des hash sha group 1024-bit
!
ike policy web_l2tp_ikepolicy peer any key hogehoge web_l2tp_ikeprop1,web_l2tp_ikeprop2,web_l2tp_ikeprop3,web_l2tp_ikeprop4
!
ipsec autokey-proposal web_l2tp_secprop1 esp-aes-256 esp-sha
ipsec autokey-proposal web_l2tp_secprop2 esp-aes esp-sha
ipsec autokey-proposal web_l2tp_secprop3 esp-3des esp-sha
!
ipsec dynamic-map web_l2tp_secpolicy web_vpnlist web_l2tp_secprop1,web_l2tp_secprop2,web_l2tp_secprop3
!
!
!
!
!
!
!
!
!
proxy-dns ip enable
proxy-dns ip request both
proxy-dns interface GigaEthernet0.1 priority 254
!
telnet-server ip enable
!
http-server username admin
http-server ip access-list web-http-acl
http-server ip enable
!
nm ip enable
nm account hogehoge password secret hogehoge
nm sitename hogehoge-hq
nm ddns hostname hogehoge
nm ddns notify interface GigaEthernet0.1 protocol ip
nm ddns notify interface GigaEthernet2.0 protocol ipv6
nm logging enable
!
!
!
ppp profile web-ppp-gigaethernet0.1
authentication myname hogehoge.commufa.jp
authentication password hogehoge@v6m02.commufa.jp hogehoge
!
ppp profile web-ppp-l2tp
authentication request chap
authentication password hogevpn hogepass
lcp pfc
lcp acfc
ipcp ip-compression
ipcp provide-ip-address range 192.168.0.200 192.168.0.210
!
ip dhcp profile web-dhcp-gigaethernet2.0
subnet-mask 255.255.255.0
default-gateway 192.168.0.254
dns-server 192.168.0.254
lease-time 259200
!
ipv6 dhcp client-profile dhcpv6-cl
option-request dns-servers
ia-pd subscriber GigaEthernet2.0
!
ipv6 dhcp server-profile dhcpv6-sv
dns-server dhcp
!
device GigaEthernet0
!
device GigaEthernet1
!
device GigaEthernet2
!
device BRI0
isdn switch-type hsd128k
!
device USB0
shutdown
!
interface GigaEthernet0.0
no ip address
shutdown
!
interface GigaEthernet1.0
no ip address
shutdown
!
interface GigaEthernet2.0
ip address 192.168.0.254/24
ip proxy-arp
ip dhcp binding web-dhcp-gigaethernet2.0
ipv6 enable
ipv6 dhcp server dhcpv6-sv
ipv6 nd ra enable
ipv6 nd ra other-config-flag
no shutdown
!
interface BRI0.0
encapsulation ppp
no auto-connect
no ip address
shutdown
!
interface USB-Serial0.0
encapsulation ppp
no auto-connect
no ip address
shutdown
!
interface GigaEthernet0.1
description WAN1
encapsulation pppoe
auto-connect
ppp binding web-ppp-gigaethernet0.1
ip address ipcp
ip tcp adjust-mss auto
ip napt enable
ip napt translation max-entries 250000
ip napt static GigaEthernet0.1 50
ip napt static GigaEthernet0.1 udp 500
ip napt static GigaEthernet0.1 udp 4500
ipv6 enable
ipv6 dhcp client dhcpv6-cl
ipv6 tcp adjust-mss auto
ipv6 filter dhcpv6-list 1 in
ipv6 filter icmpv6-list 2 in
ipv6 filter block-list 100 in
ipv6 filter dhcpv6-list 1 out
ipv6 filter icmpv6-list 2 out
ipv6 filter dflt-list 100 out
no shutdown
!
interface Loopback0.0
no ip address
!
interface Null0.0
no ip address
!
interface Tunnel117.0
description L2TP_#1
ppp binding web-ppp-l2tp
tunnel mode l2tp-lns ipsec
ip unnumbered GigaEthernet2.0
ip tcp adjust-mss auto
ip napt static Tunnel117.0 1
ip napt static Tunnel117.0 50
ip napt static Tunnel117.0 udp 500
ip napt static Tunnel117.0 udp 4500
ipsec policy transport web_l2tp_secpolicy
no shutdown
!
interface Tunnel118.0
description L2TP_#2
ppp binding web-ppp-l2tp
tunnel mode l2tp-lns ipsec
ip unnumbered GigaEthernet2.0
ip tcp adjust-mss auto
ipsec policy transport web_l2tp_secpolicy
no shutdown
!
interface Tunnel119.0
description L2TP_#3
ppp binding web-ppp-l2tp
tunnel mode l2tp-lns ipsec
ip unnumbered GigaEthernet2.0
ip tcp adjust-mss auto
ipsec policy transport web_l2tp_secpolicy
no shutdown
!
interface Tunnel120.0
description L2TP_#4
ppp binding web-ppp-l2tp
tunnel mode l2tp-lns ipsec
ip unnumbered GigaEthernet2.0
ip tcp adjust-mss auto
ipsec policy transport web_l2tp_secpolicy
no shutdown
!
interface Tunnel121.0
description L2TP_#5
ppp binding web-ppp-l2tp
tunnel mode l2tp-lns ipsec
ip unnumbered GigaEthernet2.0
ip tcp adjust-mss auto
ipsec policy transport web_l2tp_secpolicy
no shutdown
!
interface Tunnel122.0
description L2TP_#6
ppp binding web-ppp-l2tp
tunnel mode l2tp-lns ipsec
ip unnumbered GigaEthernet2.0
ip tcp adjust-mss auto
ipsec policy transport web_l2tp_secpolicy
no shutdown
!
interface Tunnel123.0
description L2TP_#7
ppp binding web-ppp-l2tp
tunnel mode l2tp-lns ipsec
ip unnumbered GigaEthernet2.0
ip tcp adjust-mss auto
ipsec policy transport web_l2tp_secpolicy
no shutdown
!
interface Tunnel124.0
description L2TP_#8
ppp binding web-ppp-l2tp
tunnel mode l2tp-lns ipsec
ip unnumbered GigaEthernet2.0
ip tcp adjust-mss auto
ipsec policy transport web_l2tp_secpolicy
no shutdown
!
interface Tunnel125.0
description L2TP_#9
ppp binding web-ppp-l2tp
tunnel mode l2tp-lns ipsec
ip unnumbered GigaEthernet2.0
ip tcp adjust-mss auto
ipsec policy transport web_l2tp_secpolicy
no shutdown
!
interface Tunnel126.0
description L2TP_#10
ppp binding web-ppp-l2tp
tunnel mode l2tp-lns ipsec
ip unnumbered GigaEthernet2.0
ip tcp adjust-mss auto
ipsec policy transport web_l2tp_secpolicy
no shutdown
!