edgerouter-azure-vpn-commands.txt

set vpn ipsec ipsec-interfaces interface pppoe0
set vpn ipsec auto-firewall-nat-exclude enable
set vpn ipsec nat-traversal enable

set vpn ipsec esp-group esp-azure compression disable
set vpn ipsec esp-group esp-azure lifetime 3600
set vpn ipsec esp-group esp-azure mode tunnel
set vpn ipsec esp-group esp-azure pfs disable
set vpn ipsec esp-group esp-azure proposal 1 encryption aes256
set vpn ipsec esp-group esp-azure proposal 1 hash sha1

set vpn ipsec ike-group ike-azure key-exchange ikev2
set vpn ipsec ike-group ike-azure ikev2-reauth no
set vpn ipsec ike-group ike-azure lifetime 28800
set vpn ipsec ike-group ike-azure proposal 1 dh-group 2
set vpn ipsec ike-group ike-azure proposal 1 encryption aes256
set vpn ipsec ike-group ike-azure proposal 1 hash sha1

set vpn ipsec site-to-site peer <azure-gateway-ip> description Azure
set vpn ipsec site-to-site peer <azure-gateway-ip> authentication mode pre-shared-secret
set vpn ipsec site-to-site peer <azure-gateway-ip> authentication pre-shared-secret <super-secret-pre-shared-key>
set vpn ipsec site-to-site peer <azure-gateway-ip> connection-type initiate
set vpn ipsec site-to-site peer <azure-gateway-ip> default-esp-group esp-azure
set vpn ipsec site-to-site peer <azure-gateway-ip> ike-group ike-azure
set vpn ipsec site-to-site peer <azure-gateway-ip> ikev2-reauth inherit
set vpn ipsec site-to-site peer <azure-gateway-ip> local-address any
set vpn ipsec site-to-site peer <azure-gateway-ip> tunnel 1 allow-nat-networks disable
set vpn ipsec site-to-site peer <azure-gateway-ip> tunnel 1 allow-public-networks disable
set vpn ipsec site-to-site peer <azure-gateway-ip> tunnel 1 esp-group esp-azure
set vpn ipsec site-to-site peer <azure-gateway-ip> tunnel 1 local prefix 10.0.0.0/23
set vpn ipsec site-to-site peer <azure-gateway-ip> tunnel 1 remote prefix 10.10.0.0/16