From baf330c08cbfca1a29d3918586f708904acf2ca5 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sun, 15 Nov 2020 14:09:56 +0100 Subject: [PATCH] dmvpn: improve blueprint with diagram and full configs --- docs/_static/images/blueprint-dmvpn.png | Bin 0 -> 41398 bytes docs/appendix/examples/dmvpn.rst | 161 +++++++++++++++++++----- docs/vpn/dmvpn.rst | 18 +-- 3 files changed, 142 insertions(+), 37 deletions(-) create mode 100644 docs/_static/images/blueprint-dmvpn.png diff --git a/docs/_static/images/blueprint-dmvpn.png b/docs/_static/images/blueprint-dmvpn.png new file mode 100644 index 0000000000000000000000000000000000000000..04b7bd6f6bf9aee802bdf05bbbe23f59cc9800c2 GIT binary patch literal 41398 zcmbTdbzGGF);=ntAYIY|Dh<*lEiK(3;DB^DLx)JWN;eGBB@IKjGy@FX&Cn&1b4Glg zz2Cjxv-kP^&L7;sd~UwE*0t8Uu0@!Nk_;9)8Tx|<53pq4N~%40fK-6^vVDSr_(U!7 zt{3qQ$yrTC{6X39vmL}QkIcms#U4DUh{3oqe2n-V&Ec(%^MeQ2oxi`3dhH8L9z4jF zmz5OLaM$0zMfH9*6;B&!?6i0^Sej4i~$8cGLjiDL@ed{pX`eLe@cqt)i-!;;P)TA@*H)ZeftXTsc{y zAR{;hRQ%5eS~JZz)9j{FqK=Kh0g5J|9{=i4D&Nrm9+2fC>*hI_3{?E$uLop;FyO?0 z+bXmy_^*egx;AD%DySHb1+Z*3qL{lx?y|70cGZk{=}fDRZ41j2zZGQt_en%q?4TQ= z;2w^2QggooqA{ zF7@CnAOs7AUe&}rzUWJH=-17{)!ocW@S>7k3uv7n&Zi5!w=LOoW)IdwUc4!`r5yS;mBGWRM}%8{0)i{5L8mlq#_d$A$&2$OQNjUT(It!k^g@EA++p)se1?l34Ur84YV z^@CHIb?QoM6t%zQE5Z7w>ID0ZAE8Kc7Q|ZV*>83qE!fl459Icb7MC^tXx*ZrBF-}C z!5r^!i(Z;soU{|dQKB-zg9RIdfl|T4-*#{-pxIps_Mu4 zk=2yBpdt;8;FRGuxA#zG^~yAiv1Fj}MffJQmP>b*H^N{cW55?Srr~=G^TME(Bm&&w ztodur&6O!lVk0HPWpiA^0}2m3elM2<;?|LDMwDE{pBxwb@#oNlGK>|b@$c~^e!)h; z?OAcEfn*xfk&5y8i2+RC?Or?Yke%Vs%{Mu!PH^b)VH@g&4~Lu9q?a=m2ZR0P4Q5p$-IKRB2#1m``3qxypFvXp z#QZ`YGkjE`eNmtMO~IEWO!V)Vonwx6TikEY{ig1?13WXF8v6GaL+0Lh#!t=WPlZA& z(5;fOVqg6GcAmRFKmP5&6`+6Y@V|bP8t5nPA=7M3iE|Oedioi|^l-F(Ug|f{s5o4F z5V&KNyRix{GmG4&Yrkyj8fLG;EK4<&;0LqPDJoARr}vDS4{ zc!b6I5`pcV0Ax}o^yh8p_K^xG(oxdmbh?QbPm|)qxN+z1x=*ELcfTVp08;Z0s0_*Hz;uU(g_?M*lNy| zGSXAM+{y(=9R8$M!TEDgaiKpsuQP4KR{Tft3xtEib0jzgT8F86drgO{`LSE`fO zlHI%fT!KmqHT-E6HL%LdH>+ZZ*oP1J1NUFp!F67tcH9ItCIs=7941YjI>UU^@1_;Z zs=l;+Hmk%Nx-kYd_(@ksa^(X3dUu81#PyR-RB%YSLB)4G+Gi1a=?Dl6Wa5e5d?YK z9-&p7!_||OIzzvNL49f6id&UK#+~nvMMI-8&5Z^7TC*ekVnw9!aS(w$88QF68A${< zUoA@NXsb^`Ba?xtDTVarC<`-pt)W^@!IjI}{OX1Qy6rP+vm>E$wfF!T*Df7&g#fnj zM$|=OPQks##()AN(ZsMQr#?TLlny$cr~&Xtt|B13jqWF9jW%(;U+P-jmFgt)|0^Is zBcl%#!HXJlE~}_%Jh$ecjWm`Q&bshK$$b5-lJx>gao*#;NWlTnfciTZ3uOi*_15Tu(*=?&xWN7OUk$EP(}IMC2yc`?#oIkxIB(b= zO0P+%j|UfR$je zwBeTXGH`(;sQDwVoOzi@_FCy@@34leUB@=^=)zDTnr~eI91K(l44>cbNGsFArSM3y zSS!aX-8@?SxfFULx;aQ2QuUO|7%k){J})0{xU!Bl%pT8lWKu`tbz2jA{Y%?dkYk+J z5!a(bKCRDnfAUGH`=%;xWroSQ>5zMVj4X<}@UdfsF!9cr@XiL=)X%j@PoZCo?%NID zy?kyrocj1a5B)2CtV-841~K30NbbHaX}2|4jx=Y2oRjHq*Wu`+ICE7rCq)HgF(sdi z7zYSklOAq`*Q6s&qo4%a31Nb_mwg1o+DY^%>B&Ysx!~e4d#9Z>(!)OzcJ}tUco(GL zU$_cocCgPJANb(%Z4G_;odcr$6>}Z4y&6*sE=eHmVrjyT@5;?LBWnlyQ0vWI_+uID z@y&G)D-Ay$;sHKvawx;UGHgUhR_WM_mSDZnP^JIOJFKd}z%b{=hj%E1U!J*!CU+{fWk&a z8y}K&GL!V$SqwYj8vS(Ny)kY)MEV^ASx2qHMV@RFDhj01b-d z6WC>K$CwipelNhP*3biykNnW828ufj(8Lmb{~f8h!OUcb?}N?Yo!ApC2k8q;NQ#)} z6{s7&IMe`7uxMYx-6*f+jr>@AF4@~lpxE&|%&#-WPi{d|r^ncki*h*i&t#+W;<`lr zb5<|j4>!%X>v^7tDmWXyKLBkb(wxn<9kot7TNOb_cklZPJxOAE0w9krk2lHl@xphK z)hig1@*a&625W=spKHETwQ;Egk%#7eUkqF_9%`K|UuY}A4X5V5XnpJQ8LpMDM}GCd z`P>jCBH6~KYC4PP$bgr@s-J^0;yLXwx0E*5oy%o7=HoHu*CblukG>gBzd$EOyRW^F zi>%#_+p}Cb>e$`x%x{+uqEM`9kw2(x*r<@tsA!$=?kv$-2^+HPp@LZn0PhA-x^<~I z)curTn&cFkcC`jZT9ubBy5zw~nB^8&knq+C=TnwnerGh5>;(z$t!e+K!L)o5$BPk_ zbUAbeY6bPDGTpx zZ9ga8Gpgx9t)2F#D<32CZI~fNt@OHQb&|bH#F$LKWV5D@6!aBt-{I#5~Z5e$&R^S#b@lw!6&PJTeH-IZ&^nElyfxlq( z(?wbl+}+VZ7Ded=j@3aRB#fh z3rbk64C<7{*A+< zBNpjR!(rhjcU)u&_P3y#&jqjts>9x(oU~?JzfTsI20Mmp>b~hwVf?{* zCzN$rWP%QaK3rS$lR%Toh+42D46a>?r0KvPUWdEELN9R60TJVET1d;a^$fK*rXo-b zd2w4rr!O8FW&j;^91+fY8ub&qaQpk06Cs5Z;nnF`S zR5seq4}gXKipCfADOd%3lG2ZJX8WtTifIQg2l*9vx^bP$&eMlHCf%MdlJdkB>f8P3 zD#0O0{&mer;JiI_&B9CKvP7zo&nAh|jbbW5gd~?{iKwNXA@~7P0uG9x9WMe?fTE7} zseZ|vPJ(zfTr_zopRen)OH!P0(!=uo?*`uW31L&c)K%iaHAxMh(E>hkwAX)7dVVK* zI8}{j_!0SlcIMd=7VM16EGupUnQbNNIr6<`L z8I-3^IQJPUs@#RE44&$6gxTp1i=o;NkWH*O-3Cvg=HSMlX=}gEpgk_j6$LLQ353dm z^*jGZGn3Wf7m|tck-Z(VVO)qLERqk6BQ6z-E7kNdsU`?uj*r2%RsV=;HhlcARLPv zJ2kW~@FippiW)1fojLXGA;71VaG|Wl6p_QgV|6UZISABZA`{9v+59N7EF^EAO4sfzd(5 zNPrgb-vb4gdZ8ZrgSitKPW94!Ze*7lZ}(pH|6UAY7!Hmiwo&NCwOQ2;1_ykx|9AS# zK+XaW{)xU@CoA+9te6Jf!%BEr6z)Q;0_c;f)rh+Q-n=2WxJ%l=dp|ii3dY~HkoP~v!OCIP4{+STgmhnoD&17^GR^0N$7x;y z&u1h?AkZytMksVDV(&?pUkgM`WNBwuSHs`55}CB)QRq+xPU0hDa8)a?53PW zju=Zu@kEawL6vS6f5&Fwv3;vaHnuK3XB;@s!pyCpX9`Ucw9LTN_yn`$C`F?l)g4)4 zgg-*}q|rtw?-gum=Rh!NY?bW@Y@_@`h*c6I@vd`psTdnR!23 zdVcSI*F~v;)vw~}pyKsu9t{C?XX}1Rn;n1AE<@9!&GYYM`0T5T#0cHWG$HA=Rfza> zPVR!yi=V!=x4AwQ7VVH%b?EoK;fB;)7amqs1pkrOJ%1%*qkH3q;a3-*XnW19-?MAy z_qmQ#F7EP$^&lP7OwrQ!2yKV=w(GZmY(e3vhG$NTh%Dqc4>KUlAR1cMnk=rTQ*A)EB08;Zm z=&iSJ0VESyV%(wp$8QgTb8=%AKV{Y|`@)EJ^`zY}C=3KLdPd}PX6--;1o9R)GR_R= z;y!Qc8ehhLU8<>V)KV&}>V<4`M15C&O*VypZ~JPKlC@vx3bPG?tIng z8ir?Ca|w+p!M={TQS%x~ds1WzHF2C)>{w*r@bEIA`eoi1?(K+9iy6xhu?@Ctb9Ygz z#^`4$r>_p3j|jMJo{~=#kBmz&bW+D|yXWW%zoMb!MxZAI82er9iHD5)Dlv{GX`*0g zNZ|ywy%7xkQ~>FZ70NFJ+foLMJ!@#5X%hJXPIP`1F#Ap#@bdz|Q@xKxG9ky*G%ICF zZm1$rBc`*l-)~TYg+5nPC3fqMD|}=}#OZs0&?a**P|q@OAP!Su7<;Dd{Dz6lN|)H%@$rV6e*PF1 z^+VD)z~Zh)ga!(akpv^aejslqP0XXtZ+Qq9x3sxv@PwA~cZS^#+@Soe(NMntN*svs z^M6&ty!ez=d?0o#Ffyo=lNKSR@n|y-lD6gE*s>Vl>48Qu!UpQNc{M9y{93qeAf%K5 zgk2Lv`Zv_wt2ak@T+cYMRv%Y-pc@u!8F_HJQQ~Y0;GlWC27u*ffKy($M-KH9I_}}TJ z`G6Yn>K>XHKt0aUQntZwkv@8i8*hl>`2?oSV~SX&F3OXFq&75kXXv&RT?i$$k^e8` zu6hIDoIttyc>M4K@;QOR%Gxk8Hn;i~zKV*{fbfCh!t8T&p#EXy)1lDwwdJ7SL<0gJ zVvm#=4h!4{jdjCEO(~tS_bA8`8yS9!TcloK)ZwQPa_71+4F3EU|*?SCe&wYd^p*y1$CBQnc4QU>0f-sTDxb{-2F?Ys^x+x}Dm z`tL9;>|6Gk(%Z+Z?Ts|stkfK51Y;u%9Z+z1Ge5{=pRFl#vc09w_vq(wM;x?hS2%OKrjeu!Gt_CL?7{xuI5(KPMpf%H(e3c@|Wm{uUVIS zYt_c^c_wL)M%UYZ!?$LMO7UIB_g>=r+-AG@FZoLqSeLuS5c_L0sX>~6<3xiKYheQa zmuMbCibH>u(no&o7wqwnx4Mpu^{=X$_&-FO*04A&lKe@v{zAy2gKsqg5u`N^iJcnW z?u=5+RylPjz-=zxycNbcd$^wpCxz21`0(5*^iG}Ybfbymf08Q_Ps z-r1}{sujDFu{cBr(8wmt+s~0VP0M4>pQR{qdAW{R)xd$4=Ij4!01gaHl#Twcx)$9I zyrj$+=!s%8bnE?Jn|3`#x%@a~Mcrx;RjAnSv;50!qa>j`q#7cN!MpVa-$X+=C$e1r*j#!o zqatZnDF58Uyle~7n7na~SDhUf>={o`HguOh$NTt9*wnzQtBC*iUEJnl#EaeR{xB(m z)o*adSe$;)ubJh0w=~PT6?Grc|K^!Mu%F*2we@AS=s1k88FRi!Mo^pCt6x)y_(*h6 z8r@OSGpuhGVDzn%>x{F99I+=3z^dw4%v91oP!jHd+Tmo{5>%{qoYx_6_$ zwfh75h5nv_YKJLDGG1E>EKYEnYy|#>SdBn|F!01*oRTfnblX|P4W)BFhi_Zvhv%0DN zE;hODfXZ>TDq|7kJA4MSd+%Zxdw(ZrQrcB9;Cr#3Yp^u16_J}72`d2n>BAHU((f-_ z;nBj`CjnEH)()3a@|+DUnR~N&2T}abOqbcsZbora2`2hpi-%x+*)xOt-hv?!SikUZ zY8#QKCAqLo)S_a-Je5@>qJPWf2uwEkN6uzA);v9m$6gRk&R1%0T-UU6&p`eyU133> z>^lj323RB-yU^t)!u%}=;RInjKG1(O6v)=WPHH}i@l-E;Z;4ts2@bfQ;BQq_QoHk; z-bkJaxyJd%?qpqs-lD@jX8nD2_v_OWXhcTQgg8O3cwGm`vF~U2TlPe}9cy=ep7BwP zkk3_jsmIQv^WOXaAsT~<5nGt_Vg8_U3Ecme85U@4aK#t#GJbVSX!dMiuNpGdbfzYO zJDQX}-m{fxS#v{kGbq58B9^1(zYnhEf7SH9dQ-dw)u)N?m*_j}F=YNIHIrc3w>1h~ z?`4ysJE{kzT*aT9pPeNodfi90cWtIy|8q< zL1e1ZE0JgbnQm9ua3gw>}Tk(K*Cxcc7MbFJ@9vp z-sa0%&Ss5;2mFUiV)OBQOFB`FO#GiN$=7xk&s0VIC!x+#m#c^3znga8_-#+5aetP` zqWT9Pg1HTze>Yt`rHd~*JBSyilkNZ03y=o-II$@CzN&vYz`r|`5SO(6DYieW$EL65 zKfN%xifO7+ZZGs7r=TC;j2DY~=QsQ>*Zkj`U!V%O3&dJ!S|~g==gDnuPTmN3LtxzR zk~m(m3laVf75|h6*R~5=#JghnBdkIPS0Z@6dawV)%Ig0bD zXp$ri+K9{07Pp)Us)j4Htcq+76U7-mlJj*|y2uW! zpje`(sjduI5PrHdMZ0=j<0uLf&q*D*h89m1G&cv7y|>gZDJ;t!u+@H;SzcYIZf;J$ zP!HLdU0S$@5{LnSA?JnH1`KFbKd+QXrdOD>o75DpE1<0=mHgiR*^fcZa|{@MV>DXj z$3#L%-;I-g-KXfS_uuAE$e4<(vcj*-itKIkYlnAT0@g6GEXl)sy$Qy$zOyK;o8Fb> z)ilJ@3W|&(>uywi^$Jvh7=hV=3K@nQnKB)y041 zPKo5&H}M1nHwlJNUVoqz7W80@N~`kkVO@|`=R3@gM^%FKNF?{Sg%^<*gew;3-ZB9W zolu`T)I|qSNoud1ZiBkL)_Sl^<)Wg7G*nfkq@-x$3{*^xL90RDw+&fGF9{RlRDp^V zHMO;>ThL;wdfO%{R8g9ugHi;OcRPz!w2ors0pQ}(+TH02Qk!)ZN+mi_%9q`}fapck zLB8);ZzqSzZ$mD&MyU@6vr(56w18oS(U-7-!n1TYv+Jk#=R9{RZ*)ppF(+R{_pLFJZEld)*p7uAnkIL( z8gqXy>9dD|lriPoV4zoh&3w;{s-@0ja+MeH+8S!k1EyAM3gFyxbRO;+HDT>%A0&)1 zczB!xf)oqGE;Lnj6dOE(;$rpQ)Bw+2qL{(MKb81fI7%W|ynZzf?*b;KC$lSa(n%Y* zZO47DHcEg+*zU_wBauKUKeXnMUIlaGRK=x@tBn_TaBY2fWDA!a(XG)eQ%bcVo2`%A#sHQhiP^RaMh7Uy=JMmIM|I7HQ+ zxX%nWFn4$7(LMJ9F6Y5B3IiAE-v};qU6$W};iMn0U0PeFsN)V&Q%c(!EQ$ixH&LVk zx;yWqZs}Y%R@B!q^mq#B6rbAe25(WJwaHpx?uq<77^|~V9(q%k!m0^9xxxy69Ml~b zAFs#*1^V0cCn7kt!>_FN;`MM$SF-(!B7Y^VyDn_JkV)=G5#GS4i{;-8BdO^%3nX;>pWpP#rGTxeyx8`i^589%Gk5cf*zi6 zql$4QVn_#Q5#DVAiqx<9?Cg`tF>RjI1ur5*hn=m62BTf}J68I`jpG_b*XXEqm*I{}yaczu zdQ$8ZeK2f=T@$2-^<|bky@IW>Ko?yu>3)U2!P7s=3XPl)#c^ke z*l&yF;6Myo`#zf|q_RH#dw9mB35Vi>_s8J`jUsM$#>`0N$=tCY{JT4aXc$nReE%PL zE$uAyE)=WM47ywo`n4gW;t@ZelyW0|T zw$Ls1#-7^Uuzs7`vIp7H5069Ujb`1?Fo)KInNXy&<*_b4jdB@*Yp=yg&{3>yg`5(~ zoT-1HkhOcgPL*5yD(&q0O!Yj)^4dYt=h12Bn+P9sjETdTx>F);6iu}`$*NkaJgQ2L z7Zmz#zpBYtP=&8IX%(njE0wS)MB@OGdSfFHZ#xg~YBRoOPV)fHnvkWG?8sgE*hEO< zfZJ#c9V=B$JSE$c(OA0FeO!K~7E zldDVf=}k;YYT%Gg8CwZzwsf!om^V%S)UoSnOu#!=9nvaj;8G%^P7GCt` z(_#qUkB%ch6R9dS>_S$)Em^6=6}QFY?g8xL)SM?I4=&P%pBjL0wD;Bg*XB1*adVJF z^&3M@W`3oG#=ns@SwI6Pp8TNIeB?R{X;Ao051~U z71|b@y1_mxAwJ@sYNq6Rzud;FqKOZfZ0k*ynANOc=m+W6xB5~B9&22l_8Ut5tI`Kh z^6afPvoHjN7eORZdX*o36sfIg3k@;(og6-1S1r zF*PTn3!zbcLDW06ILV11q6~xn0p@QJ-KH+bM#=pj!hhL2%JRoo$gX7Ig3pIDTi+xy zSwEE47|6?;dFnsuIq8a2<&>l`TH>Om*=G8KjX`U3J1C7W%73E!M2%#VP~yyC>i7d84D zw>CnaTB4$T=h}{n1f}Z=TYbkEDBrF}WhX3uOtOpl`xL)?X0*}N9VBMh^=!<1OPDgU zq|@Al!@{zup9Rl^=ZE{G!>%#0x$HKd^km>(VMY|j$O{jD0;o%_`hr4N73MHO_=9!_ zr*AX%EQ>|pv*4k3#Rn9HoJVNAA5n!gLK3F7gHoXuts?~Q%7^FP%;Z9~b`FM*qXH!- zxz))?5Gc7c(ltsi!bRh3QE zcaRVr$fOTU25$#-1@yduEqTzR_$R5`&7I;7%Oq@@t9UKtM!I_7V zXr+k~#QNs!`)hwE5QldK_)EsMOG6{Jv5x}wM?FmUZFqpDpk>Fb@Y#af7D^=M%)DFA zkXExawOM(7rm|jPaMm1|5A7gv07qKX2ZBFmwc!L4vgsjPL&A~4v~f3EHHsHkHZh*@ zyb*%d>Z7?_#yiMAu9AP&*HEC#o}}~eB340{7xGZ-jj*uc3)FrlPvbkfD-+uyGEd*_ z8>#r=82x&wWHUcSbhF0Wb&p+!`Sdk%w6HvkD6`3qkB>~`Yh||w-;#&&z7(>U>o9{# zC$g=r%q6sS)`_h)5}mV`#a?-hfJduHtaP!fj8=WMEiE6zQ5xtiJKn%L-c3@77&lRN z;`R7b;&AJ8khv`m=fJLH+^8t~Wu$`-JWZtQl^?5L&rHO(09-9xjQJ^(FZPqY!fYPUtsFsTzqD`ij-lQ2I)TE*6yi78&>s!4%zmX^f=S;8T}OS z%+OQVPLK?KJl;{z@wVrDKF+lIRHJO{krAy5zHD7{j)bCUoLlx=@>r;*dFoeAx>3&O ziI?AHJ;EXf5Y72Fx>UY_XfHmpr*v08%k$@^ z1h^cQO=l|!iL6n^aam*|J6GDLtzIM@09TmLM2&G#529>^GfH*Ew(}%Y;E$}Sv$A4b z7I;}6F+@)AtGv{DNUQ3?5m{eb=C70{R5~b|`jwY%jyuh4qQHU_=a8z)MJfqg;D%|J zzsO^IBBjZXPk>GYP6sO*_Q6bQt3t(26${N6~LrdH3R3UPt_()2llAq-( zwizgZBpvScepIC=H%{E&6YZi2yV7xGML&tC8uH+-?^~{h>Jo@sp|``VB(097#O7sQ z4!e)NQT3Ft_vS;>O+xjPyjw(w5oL1>;N;o;L}q4{>F`KG+Av72t~ogLL#M1v(Jfv6 z3<)K66h}ne*xr5!a04J^r-SRT^8<=i+LH34wG^|~9d^;A}xcxzkl469F zoib!mWfF>6XD6jYn?5j{Gj<}E$T5@mbkMsx`O#oOjiTaD*e0P>!=A(|w-Owza*xMY z1GZX^ZB&RyAL{_fPss5%-Y2=UO|q00sFruU9bx^Jsh}^CMHi%pk~E9i{APGD0X*rN zQfcV-b~4y!jh{&YSnY7(I6O#HVDsb@zS2+WNo-i$K|u3f=iQ zqi3jKo{qerkH0IGXnsZ`7X=2r@k$fz3n(X^Gwq6{>o_Oz4BCr8Rn?vi%AYb9%QFwJ z0-2pKd1Qk9#n6XiXNd){P?0GdDj_Kq#;7Ih=o(Q-Tco-hjWgm&%y7;-`)PiJ}bvjvz5Ge2#1jY}EeLhcu>7)qlz(NkPIt{1)VwY+g7rX*LP)RR z0AuBD=+nYZ^@cld6ac&cts@J2-Oi?fh0T+MOb6NlLoFlBWXojn)K^~zRjwt#)`=5-=L z=NvP$b-e1%5|LgnA3j1!17=71-tCYXH%SL9k=K3XeI`&$7Fw?a$(nDEk{uKY2>$Nl zSI_4i7-f7AP3oshRldjcFGdx(BRiwWV5e)gYQ1%^F>lfbK95UNcC}w4;IX#PJ zY`4)zB2JF^!ycL{)DgnMc0A8Y*uKWd#)(8pmjohh9@7w#_(=XSiRek;0W5%&+p67c zDyqjpqZHpxD(f1Xg=|p4U!ey@x~4?bTbDG%U>Wlfo(B7Tu9tFA2^t&Cb$@Z6f5c|R zMdE0F>bT{2-%GhZCJJ`(!zz}YvtOw4$k(2R{Z{cjS1bBG66)r}>94G_3F(5ps8Y&+XQHhF)(IzJ+)p^XUzUzDVx8wCEJ^ZYCoj8 zxA$0hj!B?8x%63#Sk;(x&{icop8>78r~8NckA5=7#`2lbhij+GW4pT}W1n(NT?z`m zFzGEIv!>OPPdU=;4ZV8OMf+<&N6!+{QuVBn_C>{wNByb_YjceWj?Zzfa==u3elZjn zBfU1jr8T~{FQZZ3YyQ3=N9hS)<&>;V1kw`{!ced2A#H(DgS^Ihc51AQ+zx8?ynWPg z3!%=W9%r+lon`hepR<>@zc9##N!nkbn7;7?+6HvA%iylOF@Cc3R7vyrXFnmTQehbf zCg@0h$dBDnb(t=gxZoQ{_UexYa*-)6l$B7orYtF5I~{bE1-Gx8&hi+sZ&uUQ;G9lY z%i`^ib$ZX=RyVlA8`?w+>xa9C_!Cli)d(^Y*%Fy6|d`d?+?uaBSKu2?h1 zovrrZW-!=RJQa70z0m8Fj!V_c%6rvuCItjW6|Lf!u&^TyC&h8-EHMfwbXqd#k6Ru( zoD|^%>^AVEnL*o8EJ))ynQb)$ipSabyWU{CT)aqyt*=2-*Yp;>q3(OWUcZR045;=H zM4hmby^Vmfb4=XW-3C_12{GcFIwcmoU1>X`q<`ufsD314a+)6qsVz1oAkQ5z1+z zS&3@rD5N<=wm?+3N=DIU_Zbok3L(lZ6i61Q=u-89w)gW8=^QphLFD-D__3dmO9Xu@ z$B%YPUiU9A%yQd=>4mBS8>*rW7&M(v4dn>Fb!_`OXAIuqladE}7=4va8mneOg}(pv zoUVzY`9mzzl4#76+SOXq1QNDy7LM0DV{I*od;FFZmnxW&LN4?5vgXWe+>L>zLiI zTd?oIm2@He2>j)yH&2+r7QmEIC&!aU5!m5nWUr5!`SyKe`EH-Hkdp}(68HtnNRDpa zB-*9KCVUs>Nr4B4q0tv{`t5pz|Vu$9n1I;TLxDLCJ)JjpaVgdg_Rb3 zPrJ`LD=l2GmtN!()IYKu8ndcvWf!E|-aIxjcJJhcJ#^{y(GU1Ux>`ZX?ddpzDKV(Z z+Zf$$em3^O$mX!tNX2l}01zw2A9gpJ>Ga&E+Nut$6BYBFr)ON9W(Lyc#xu@8ZoJVQA-^ zmBg{yjf*{(IGtxf9Kc=2wQd4iy8JYiYdFlBt0NEq7NX{av_BL~mF^gC$ zBd^@sHRTVCP3SU6JkhLd=&{%%x86;f#SC z(5ln^+y>VMZMphwth5!$a_frBqe_C+e7JzopqjgNK&Y2N``G(o+&r; zZ~>-t(6yQ-6zK9wI5vem^%~d=Xqi;hNh>THC<4XQe>s{zd380#7_zM_eaN0czy^1k zr@TTaT4yII&fJz4kLCKxvTp<;wXj6X_3U9Gfc%q(C|`6IjUvY_2o_+|a8c~cJ#dfM z`>iCNRiL%6$l3JZ5-{#-1LX1;wqWHh;3+;@A0%rd8lN-Seja1E?#@*P)At%Gog?q~ z;edgROg)Mmh{CpsCg~ai-mg+bwE)L+81hEcCD^Dhc=-ap-e26pTa*o&N-9hzcdtIJ zlo5JNYB+m5UL=N@f0n293K3b2L)A-8b|LzYg>md7gg*mzf^Am)1*$xg z%EC|N7rNb#Y`y@`7929_4)p3YbK{&^5=0gZBqg*nv&$6)#o>o~jgj#wvA@OOtKEx> zv5U>^gIo`pev69+xgv`et9?eHm))dHcNmx5{aLID??D}_=uE4v9~>=dA;8)C4kARb!!;`&7KS0!^Jnv ziA@>f^)^+NJn3c|+)O53>@xu&(c|49H7n~z{Nt3}f%8e<=8))h{Z-7muXK4tV&uh!wn&uY$EiY%C%7UGW%15DPsd&2~Q)c#B$9#5|`o@uq zSgeBX`te9u(uY784d&Y1n%UU*onmN{_rL|EHgd66t|?Q%8yxIPV$8rdx1ZcNvJG!I zVTpyz6VD4X1z^PV98Ne`(}@j`8~okQdBndQ)e+gNSUjaAQqg2C%tjzV8Km~P^wPPEr$;rg=Muh!PF$d3FcK7;AbJhd8&rW8Y&z2`T&kzbaIWs-IpXs*rRYXPO_8eCX zgqgh3^5+WvY~s=zQxpQSg4dm$en~dxM-`Y%P4ASpPFd9sf{gl^8FFtrIGO5ym}z>4 zMHPPyk5`3$SA|xpLRFr(Clz< z5L~OQVlk1dHPp!?WT)dTu_hAkF-_GhPz8b`(J%5ppPQx+XB+o&mWmM!S;ZOEukoq$ zUU-hM^p`e>&%HJl&oP;XRh`w0V4pKlwuzF~q_^DcyttYPA5YUE9t-BuENZ+!Pkni` zyvwC|V>|E)yK6mrq~x8c(rdyp?d$sn+jCd%l{&=k4IYk}m9 zO=*q;)%I$K5p-(ji}b$yGmKnV1>pp#HGi?V1SyubiBM6r;VS$WwlE93U`b;Tc|)(0 zyyeo4x8~OLVVY+w`Bc*DpQj2W%=ZEHRtRN7=Gy@~`#eU+kpk`vejZJ`ih{$dxD#3sQ4q3<_R-c#;woHVKA3ti2O;QU4zC zXfs!I7i0X=FaJ))8mG|dW;a!SyS23{#J5|e&;4?1&9(R-!=Ox1W_&!{(oLTN(U?-? z>{W++&7^&nbaviV=o}ZTJ-DeMPW(YhYQyFo;cSvz@#_e5GZjJ`r9>u)D73sl1-Vo; zW~ejoPL{iLcBa%?!^eZ+iGoo~7Fr3iIu`{98ndMc zoS=n|@Lv%m6XuL(} zI6sw%XVAxt#@nOKXHm`}v)sMiff&7@U873UrUI9rCUuWW2bmpI1$CpfFvjh|JlTe0 zrl_SQ3!|>_BOi(jxhF#TxK*XKcvA_?l`d_R zexyvNX-sOshEl9%l3*PqvGKHw65x^oEJh2VArcXripM6@=-I{;-J8t*wiVBUkz@TW zA4m0bGT*UUXtbB~$1Cbw^nEThly+_EL{Cn>sGr~6O(It3NS*45?dIm%f7#qmdQM#x zGY&tzZ9Yq7v)AJIS&gITpa*D@%ybRFl(CNzVq}NQ$ z;G{2>9~n+zk5}YRja^7L=cP-hogw{dD_7e$y&0fww!4)e;3;D*$o}EoVAjgaMZG}W z3y;P-n<^($b*;oqN=b-x{>Wy5<(IM(&*3%v-L2BB%Ai`)cn{3}Xh5{7w()?qxPUKp zH?IgY*Xd7o63=G`!~tYg78voTJj=pVN{bQhNBEwyZwJIZ^jHE1k`o1gFp50G8-Gud z*f=c;XcE7?`;qmDIJz;lwT}IAS9#v%_9ihSyMES2p2K;3_kH;?QQG zX>qz453Z*(zlyAg7>->&J|OD?r_`^lk-c18^M^6zgGq;XB1E<^hJNkrpekAqcGGriwQdbmad!a=IalOOzJ1~(uGizp^`8M{|54AHXT+ZgcgTxL@w10Qu((CytC5>F{7TK0HiODk~2Z=nW+)Ncd?pq^;pS15H?OTrTUw)95H zOnxEeV}D4j4rW5Nl$cY{%S)J8z3wCMD1MP!sX-F7Buy-t_4U7t#jTBuP=X)eE4`hhscSYFvsY^e8Q)x-oVuk5rsd zPsnn~W?FEq>%oID;_-DEapZCJHnVW8fR)=te+pMSsII`u!!P} zUG;JdXC*f{i#Ux7srdq1J7NtKx2igARa@iSSSk5zun=9tlf@S)Ky5W{3>nxE5tzI= zvI5D%>-BE$8Wv~T>c>PeW4}L1cW^mmdPD3SGCj#jKUXRm5gHQS$0}#6I;c??-A}?^ zgjfGT%`osx+jwNg-a^sxX{!3+`NWiovbkkFi+s)?zMxJ;-@zbDwa4jKFX(fXs+Baw zq5_BCg)zw9pq{_?OALN+P$k445)owH%1O%tx&F1CFq=DaN9w6~xW`-q4Ip!M4xGJP zci!9+c%{D9CaLkco`^cydo>)gw9fhtnI18gIue(^&-QV;&RUk>Eu4ia>gNyFauAZQ zVzwr{pR?pZ(s(GpJ^3ZE!{##oDUq6o2ocZpAuf|F8Y`f_p>ne z1532rWr`}>og`;bvgAaW8zWzav@~sLPS$g5_+a-?OxqKq!}5F?4I830mrNdkjZX%x zV_f9wApMyDV|IH`v3Jqdy#WHpieP-mY6N7zY+7CmpQ-2=m+A1HFxMU?y6`hKyAAN= zzPG=*NJDm1LJi4Sg2CDGJHgb7MN_rjvZd5fqEl&$Yf(3&75Uj@C0Tg!>^Pq#YUoU9 zJx6t-B*Q%J^wiW+;s^XbWGSVkWN8nI-I^qRT!My@q)A;dbQfmRn>r$gXCXh?Ohso| z)pQgNM1QCG9hQ+Ay{|So4xfN;9i5Q0ipD3#LP^q7u;9I1Y#5qbT5!E0@ZC!d9-gA zQaetv;p@8^k&*g1s@aDBAu7_O7l- zMjy8fei&UW%cFs!uAbC(LY(kUBYNfxVy>$pq(N|eN8wI+t1zcAAiGsXjj1BvdQ?)3 zjH5}2Rre>0;pVZuU$xf_F4!)qK)|E-@Zi=$c+}u}s7B+8BVyj)fM}vsoOdIkW7Qbulat_+_5!-A zQ||(^XJTtGHD>c&ve}Fzv4jRu5w}Bm^0ECH?{)fSRwEPv1A!QpksEYmWNJ&ga%5^q zilY_VC`3~aq$TEYPL>aazV^xpnW1xZAc&cIFPlH6pIlX%sWdYaJF#KPOyhi4S_ba- zjtG@ugtdWtXx{Nh*w(dR%^8!!G*jCcv6{#F-IcIHi>>b_bu}eQzBf`{- z6k?simX;94gTqBn?yzo#Md>JqKtsslKIcdIB~K43pwL91Y~CYv2tUqIec?SYrL5uh z1`lfT^Z*5_vj0u2@z|D)gYld>88X#aJ2vSSN5oyyKIdRxfxhq4ep}qr!$k0vYvby$ ze?GKL$LVmW@F(#ZY}3e;rYScRkvvye+ZRlR7nv8jnyd9_75U!`xkB8-;rZ%eayup>g z4o`@CA;x+sUXu0K`ipu@`mF7FDUAe^kzS{n8sDr^*+|k@QZ||8iT&#{^1RY9c;l+o z`e{>m&+Gathk?}kUkI0D7c8qjio+Y8@~|N!m+rL_tN==lQD?pBT5M&OrE+OpRLtNRxvlOkPJ$4dbB1Hq!kxR#JFM{ocsjoWn$Aa!ZBqDm^+x zb03w9(PE~sIE7Kg9E6j`RFa?5_!c3e30*QDz4Agh6S=l+4;PfVOfbD#R6+BOLMBRG zvLOOcWkxkdCbuFJ-R~pX93`CUa=%G4XS~_Rsfd%x!B0~DUH!>H z&Gh}LEJn_RG}A;Oo+1zNhv&o^WTrZB=@RNNEc$9iww&*&qfD_d7MrY3FJtK(QHC8P z{ZBu-K9+tc%|>!rkqW#-P^@ZlZhX= z?qXt&k73T>nGqy{D7-(dw8A!DIx>xSu^X6t_)b_WyI;)pF>FAR-6yn9I}U2$`48yJWeWWzNdYX}a5uY&pxi1#R?rk1F z`dDXChg8*@J%Dp(C<~8{d2jM?w|p>bT#lH!?Dcq{^+HA&Hz{`@m;1m*NP_EkmJtZU zoRqS|Su>NZ%o%DjyFG4R!n?`CTA0Sd1q-z$?``y)m^Gq2uAU)`DyZnh)0uC28ZRQp zl#D=D0U9qmcf`lPv73J+2B@iHv0}$eyo^`&Nc4T?=@u|*cYP=CZgTR-KtUqSXZ%=7 zhldZbh>Z!yC+`D7AwUM*A#(Dg$$Y#$tRud@DPCC;E59vAx$umUShZ*Sle?eK=cDZr z{E-<5!MD4n*7@wnwJiW}q|CKSL6%Bj1|o>{#*$*qTdF>C5cqPgD!`mvhrc~_F6B2_ zR?uCIG(YMWGdt)Q9&5hNw~U)0o|eE3#zo?V0=#tPIE0X#?D15ywm4nT)9g0eTtzwj7Ndn^C+Bk1 z!$*8a5is^WFi#CbNjzl7+Qvm?<`66PW{=u^BLdqT);2ogI7`M}XkvN0y&sjOWE+{S zWYjaZ3gQ_LzjdA%t>Z#H<}m@Udquc&C7s1OD_N=u8e65yt@RxJ5=s{HaL}%?(ZJZq zEze%Z?ygKaswyI;=3@#wqtB3Ba|K;Dog769YeAA7&4$|#+4lzR*=<&d`U+dhTWp8@ zM6j}hGKhc9MdTcoq*W5~w`A-!5inm@$64QBxVOK?jgo?bY8*XAGv;pd)X9yfo3lMr z@(}{<*!^jh&FwY^J3^o5mwuwGV}4|AP~*)ogVU7K?j^C=ILd`J*xbs(`GEIv4*~EV zexqyuZ#COas|}uDuNTIKjL7;RBRW>xUBrRrVXA8OMula;2a z<#9$>9pHyo-Fj2oSVX*acIPH-2Pdo<2Sg@+in? z$IQE{sfCcOHyBrf@dA8NRTkw+Yn3z>pqt1kO=NRkupG#H|L|7F^38gE0Xfz$$uJb> zMQAww0wSVg;?l{H+xkQ|N}hHB@nF_y0=Ho=!9fh|@N0`b*%a0dDdOwlG4&q z!-A4K!RaW0+TFl(V%Om#xyb$r-N*{4Bu#*|Q*FzaI)ycN#M(rxT8KMMSlzHlbC>f> z0WnRp|J1fwZg``R`kd7Od>W!GXTC?nD|VBD8r0qBTj{X)?Q49% zQJwbV1U9D62l44Q*w{}2k@&R!0!cF73w{xKKFi5wC8%$pcQn%#xdZYjBAWeVf+u#y z6%4=&a_c;9By66v2JZwq>*;-f>$o-LlW5;Oa3ar#ONQr?dj{OyRZyDU2Dm^Ll8e|1 zwUSihYrjc)n?J+4G{BB?c2Sxcsw{5zSni=TTaO}N-X&j-m&W3N)90INB0Fw5Ai5e3 zW}NkXg5x{PpqzV?ADVy<-yQHxq8WOyr0j2Ai`aa*)RB=5VGpcHQ)p-+h#V52d zB&vP+nzhhc)eB{*k}>5+=l)@1a*CLSJ2xKVt`b8pJpSbvd03-fNy{UmFEe#+si7fVZ#A&jF>Dxy>$!Ow z)%7a@e-w)^vJ|MUPZ%Chv1i?WUp?Eh-TTJo33itGJIf+oXA*%QGcz?Y(C{d+pXu1< zy_r4c+Uk6u6-M&d6-xb!*X+&p#0O8W4VqI~4Eq+Fo2%{e=) zEouhyf?wdAcIquPm$&_mjO!jo}kqRaMY zwNX6<`HtcC0*1zl#8ty%dkSQ5$w9{&?yzAG6{^9_M2UF8*z;rVy1Q*dUVRO@l*Q%l zQ3ZUZHr&{fu;R~=*=_nHl5`kN4dJ`7Jm)+_H{)++W9kx#d-Ss^J&Lyix6io=DgPAR z2W<2ct3Bg^IT*6)_hOH^Vp@C;{S22+;G}-)H%>dxyp?~nu*PlR+Kf`G>T$2_m|0FR zw+TFZ#8n(>-P^e~KAOERg5~W(AkeXS@}m$-)xZ4iY576=+I|pIj&eEF&e5x*|He%f z9mMU&%Dwkow;GbuP#e`JyP}S^F))T2H(A(PW&b&{LTImUFZ<+3SRz@+QNjye(%<8R z8(HLx{eD{;t%@%@7 zjt$-fCox*F`e_O>Blo=B;>!8BBdbi-Zl2~~;q#peP;*x6-;i{lW4u`IMo%6*M&86>lg^bGinpr-vw5$oAbG!IkCWo36F=CDU(wef#uf4(~K3}Tg9jfO4@ixf>(%X_=ZPApObh{PO3C= zFpF|kWn{fIWl}~oVLL7)$QI2=#8wMwIa6YTzR7Qp@OcNv9pf#ba)?E}KbqL>ezuIo zu6Md}9N<~ZIi5+YY_`5Ea&i;O4=~~2CizM_+8bZ=Ju;e zqaLqHS+<%C1M9FuC>Vb(Q8BgbTI? z_c7*=HP||a-#8IzJl#;$QInTwlyG-a%fLj}8YTH9Wa@*XLS3C3cr?NEsfXzTg6u z(!$b;5-IXk)+d)jbHFZy81||Tt(Rq^RppE^#ES?B3%L@VbCc)W&%v(8rXLYf5 zpO#QE>T!z+i6v&d2Bx%E%eVu>2qeROIs0lTu);3|5; zOmnIAyZC2P7HH2@Nb99R1@DjoJ$I4dl7hX7Xt0Re^)Y6HV>MWst-7$ZC2Ux%F|N#x zUln;AhAB`|lZp(*Vh@!wKPa&*L`dUS^w=N&Fw=JSOV}uYk(?aat!;8o;h!-dN0<(c zrAOKMAl$UuyC+u6azDjQDl<&!@LX;^hlsu9vsZXwqAt#WYaSb(NQyJCY3&sE9zTQW zs)Crka8U@YE3Vrm(U)?I%owF`_c7)-yQ9k)UHg?%d*iRwhHvW4{QAkf#~@Sd#hToS zbvYYsiGX}*T&X3fTVQXph7KBUb%KJ{>SJ~9C&bw?CoG%dMTPf*> zX9uvw9u+@zhQ{s1NftBG`LY22oSwwVu~|*B2e@c2~~An zN#9k_+9bP%%~p4H)`>!%5~59(w#*S~J5zZE&IOJNmQ;8 zHxQC+96uxHZBP|8QXCIg?NO72mD4z$(q$R+$LC2YdRSXFD}5VI@mFNS?_B%m7J4DNl|_>+D3vd$VUq%Sqa=mQT;XQ^v=k4+w-P_rZ02AS9&7Sq9e)wEY-sSL?@k1Pk<9MO%d?5tKO# z%@^y-{X)+B4KtK+lpC=vdh0+-o0bh)c+r-xaJsskq2XOilg^Y!&A4qpG7Fk|oOg1Z zBV)c=Bn3BqVrJexem9tzvin#YpfOe6Z7Oi?dF@K!~7HO)Z>!r@=t? z-46n4ro=+XQj(i&T963N8F7LKVOY=oGMl!A`;oQBp5k<5dk6t)5vS*6$9N12(a37G zyo;s9MY-r$qbz7hsYl(B!>h1l$kHulGX9|p$wQa~``Su5(fH594=2;J?ns=q@rTmV z(&!tmw+FA(DzbWHm#(wZC;5}aapbkgQMf$Ege@>lY{Q8%O4P%85A%9OBM0n`HCx?(4rR;hdic`#b1OI@w zmJJooMovz0jrq7c7Vt6&>ATHpzX;W&smQRYKoG07=}g5P-+j3v$r`OMx1VzP0-rtC z8y0azU^WTbjWg-RVEs@DazoOv4V*^ss{49DkO_9qN?E6b!6y9kkHA&hkAIt)l*gv_j)Dp9c;|M-{bgTM|%ElJ;3+fvvyS3$FFb5T94dU=)vcrhMBTs!;)NzsLG#B zZ4PR&`Gyfwg5vGX^c4};BA;QERX-X((6K9s@9>JSoQ!`g$Ly1xjIO5x`Q2U&kTI0o=%WSO$qI?lLyMai@fv^*j?qUttnk z?yf&p3|NjbEQ8vdl(&TFz7uCIRC#w=M=@pO@6PyOenXVd6Y&h~^{;fjDX!=7@6ttP z4*2Ywxr-1#PP$1%vA^@WSy}ZhyC!jUoq}h(ahXN1m}>^E>I*lTEhHq+2^0uR*PcyR zoL(yAr-fK#V#e-4bMk!g+`T~_0|`?h*An>HGIMY-JN*9cDK}4v~NeV;Ip&##S&Q|xmWm5c^IQkhOb$-m=!@RZ?8AQ zBjl&^>h`I&%?tTQYU}YKi$j&^xS01z_f7HXb3!#Y5ALJ*$KF@mz(yS-dYbIYTv(n` zzYUahD&j5y3v(>`dQ1Qt={fS`*!(wB23h+~m_DBCrQm5q7JmC9HyNYq;*Pj)I#I---@C&x-!iy_G)8(l7#8c+fO6HOa;Ici)*dANsRUC$uPN(fjie z>J`QimRnJ@S&CkK*#;4w*oFi#w%F6SYo{?mThe%K=EEp;jXAx{B`vQmKgg-|CSe*MS$ zWH#_$-X}Hu!3StuH@*{SW5e%7KXTuvKrQTlvG-;>=J`)ecEvNh4He$!;2{#`W+w2W z9`-kahU3jm_!NWrj%pk!H)UDpm7q(%n-*5iNkKS1lw7?FDpE?5_6 zvRn6&{UMI+P7nB(2>od9wZ1yFfoo4)U!MqG<1%|2D&4KHO7pBMXa1KLW&3Qc3yH=aL|9Tn975H>0rlS zG`9Qk>gGZBGXnJ=5BF-PYZM5crXF?%!m3-Qc!yBR`;99qWuj0 zdNQ{qhqG&GO9mLZ23?TbMnXrE* zjt|`Z2=2eGP^{x|SBMFV8?IP9LY?M2Xz{S%UpZNhS)fXYk(#G$T<1RzgPh zu?{9Bx6VW4L6ygwW$li!I_RS1CGI%y86D$g&SlfJt~ z0oe-(FfBC9_lpZWHF#aowECVoOnc~#tIUWkItpA`LRjYfKV&g1Oy>Yr5=ZHCciVC` z>!Vt0AOVV9Duvx)rY0h3G?OdM_ z5-pv=TgKt{mt6F3nwt11L+SqGnp`*;P4rrSLx$7tc4@j+YL+11e?4(-mX&TlaO50x;(wnNifKc99C*~MVaserwsI>D9yv-{V zt(pxpm)@!!<;~Hd+@}Q$+|$^0`?c^Ov>u=a zl6kAlx%^_CPK=A2M3Ff?E-A1&HeWUwh>8U zK0;0o<2;7llDzg=^Rph*FLp0@qs<_d_Q{>;JS0rDP>NCCgz{P1KHAD>LX#mLS{mTV5e7bFN{VP?_ zfj&`^tfPyu^2arf;wDL@wO{kJL@XXUnb~f(+l(dbB5(Q*IVhBzjJRCZq4$Aa{_i1U zOxgcG+hsvLAX825TTN@5B^ab--ZUC4M)0p(4r0x+F)erAq+n?}W$W+7AK9M|z&Bu1wffkv;l zx}A33{5bp#{PWlQ->kNd_qGKuu4J8khZO{@OYiOBwcgg*gyg*4(OCQraDbs<5EfFP zRoQWLf7`OXT67+cQ!T+DrnlZj*E>m2HroR5%8yCXMK2@!Ud1xh7&g>0I=0iCAKl1N zns4RD|G3*dMfHkb)3!az&nYJ9$S+edMp?bRxT08e?&uyWTK^8`j^$x*)B8LEFhqYg z^Aqs>Vljy%<*^0QPym|+T<}o#1>?>;A>B>LvNh$Q`a>#&bIi8l^4(tO=7?#0q_O+Z z-CXx0n|^vFqs#XiT zLozM#v;Cea?89=)P*Sf*uzfZ$_ljZ9)#5L!F3@+SPd)Ov1Q`FR7ebLlSfS<`>@LQ> z@ueV&h6FcS!hKU!s*l>ei^GPBE6>9qD~3`TQwD)JoGwsFqpMQGccS4eU776w_ZeXL zKHG-?MXhorhTo^@z@jD7SFHrG#E0c`I^a?EPWd-r^iFwy0;5oo0I7esmWQcg8}T@z zx`eK~^+?z_Zwd!|^m@@5_*t+Lr!CX3k`i?TK!r%v9VEHLZv7 zGf3^Euf?BI<5ZZ%s_5_v@~gkiIM?aMJsO^z4nAK)2DwfF%f5SCj$!EH-!4#TuTu9ESe^wk*uDYya-WSrA*9Ewza13J%2NDQ z`^5+1`~io>e%(*+{1p`xqTCvTvP<0RorH8-bU^b_&8_|x6^ktD_h6e<;HxZ!14A{i zty_oks>m@T0{A!qe9T|JDzNxSnFW-@71VBdTt`gjYvuq*?Svn(xh;5?s1k+Pd3I1d zcQWGp8)W{3L)e1%Yc9L2yR8_tnrq$0N>PIM@ik5`Q=L(i>sz1z3Q^B(Umpbq2#?R@ zxm^BJbbGT<*5e0y`)V=x>gtA+-R5%f{>HR%(aCWU@fJDBHIbkf3aHV2f%e0*5GT*( z_iq-a!~f%BggIf*5pP8_>VV?p*h78_XzcXYoRNi!^R>voNw(SPicIBt^{3x{Erc}G zf4?;2^r|xClG99*Ca+i|UPhxk8~J)@xwWsSPjX??Ufg`LQUyX(ID&A5J`PRWeTm$N z)%3uK5*KI@&PL2uvbhbm=yjn?y4fC{edR`J<+RCL-3s6vhbyS>=kVw}b=-;7_Q1gY zXN&avMa$VxA3eea&ZOdpC}W z+8QMg61UjODsL1*MO$Qz`O#bsCr+K?0HRTtRhE|QHrG!&6+1LR406hWQ!P00OEAKB ze@z4&o)l^#v*aUdIrS=bl(9JM!Z~zpusgMrC?-QKiMB;Q#33Y0ZLKwsT>9I&>U5L5 z&n*`O#ygBL2j0JeGi3dtUhm?u(UOiip#9_gI=F>cTzB@cS0qC07qBuZ`2;Eq(p87owg*>&=ZP7eU9{ zXc_d``a@a@`;1E>KXsmtUUd{~157wvH7*BZr!<>`Uqr;oMNI`kKIEAFs`4qo$grky zj%ORBiQLo#({R)}E8Dm+I0_$TL}Ix_(qDNN$TQh8 zP{!2(9rsuG6xRg}X=oi==H$b~Y^lc1r#l1X^u;pD z74k^m4XF^;2hTM=vZAFUhyqZ=V2HH_@0PC8BWwOt2^{s^Y`73eeudI5y}LZLjWA_{*_3k+t~w<;&q_>8yD{ z7pX!&0@+6@IsL1Pq8&L$plMPx0Y=tmXOtF%XDBG17Yuxpo3P*+r1`HQqgW-)tg1_c z8GtOmrtl{Rh~!qvYtd4Bz7TZS1);;8g287M=f2tBzz&YlLy zX#v!rDudA=!s@xHebweKK}#pK*5fpEEkiI0fa?l~gqX9N3yx_Dpn;4WHN_rEX2H7y zy&N_e-VsJvfoC}(GG^m`gS3qOh~&$28UA~J>|DW`<6UyAvNjY$)5($@CZ+lN4jV!v z`JZqIr$@Fe&3N~bnl?`+*y~}nkIj=xnO&6D_VJG_nDEwTB=kb{6CvLO7o5I~R)wijqDC;!uT{Z1%J#$C z9oEkD+Dp^d194d|@~-8TpK}%4WzfF>EFS*Sbu073!tl!4H8yPw)->f*IQLYzB2Dv1 z@_%!=mMB$362cHREV>O|6tofK)xahZ&iL$*q@SOTG2{pS&E$#ItkVv?+?>NmgBQ0b zKH(BtiOcBX06)aNS!er7WL0Dh(0JC=95xCRutw|4>PV1REQleWX5{l&sgsv2meKyo zkk`tGOxXzv*_O6lJi~G1b`Xmi@_=Ccu~aay~4F%=M)9fc3X zUMNB*UbHo}R-SO`^HN$4El%Q;0u_@Ah^E&<7N7I#Lg_Lb-uD>NaCdK+34$l2S1lD$ z<(^E3TcavR6b(#$@f(lk25>)O5Wn)a{Oy}CkF_ugF-fjR7KTP=D1ann&eIjCe8bTf ztS)>eyU=;<>V!EI@%DMjC6Ucdo=p&J|6OJSR4q)%?#RX&Vm{(zu-=qt?Ox?sM7@b! zsZGHN^u&sZH)Vlqd%Y6V=}+Q=5g;V@c@T&QWb@&WdjYBgu7xmL8ym-2?>$7RCa%(|srR_{lR}(4{puc37>5Mrg zndFmX@B1((c()UdCbO$kZE2S8fD>M3-*7RZ# z^?6{N&mGu}-TYP%VpqhdsLoGoA4x2V(?H>WEj?Q7Be1Oi9HmEUu(0AMY$qa{<72OHvDqt z#xa8tZtUh%2~l$1=Wyio3N-TA8MRJz9<=NFDg3Ns#Xh4XC1L_21T8`n222gxnkTyi z$epANUZ#!-E4mp_bFpI2e{MfGdh4Mul3vPhtR0Zbk@dQ*uFQ&FW9I7)Bkwx{lhah= zk0XB7#+IKOGgkpkIA?O>?pLDmgZTowShpFZfj=4KKJ4^}J!O9CvbqeW;k{i;Q)8w8 zVb#X@{mzPXl+>hz(yHb;o;`pQR{9R0EPU=Yvr9MN)RIV0MJa-|BoVV{sB$rwcrf?O zlExWF=r_xB*$8KZv~e?+vxL<-OnQG+ucR@wizJPqMuA}1+u|<#6k2b(14tFV}R8^UWuRhSo104|?;Ng^d&@1B8(m$KglrG1X%8j?6$T0sPy| zO^+rTIns!6p5rWSoU$0e#W=~rF;UrENFA5QnHdHvX*K00}b@r;nqz?+0 zHb-ctE~h7jXm&!w0l|AjswDV8#-u9J2;n+d3{5-9`5>cO^0Ms1Gs0vxnd27>lUzJw z?Pmo{>cut$9=W&>OojD?5-Vg6PC_xGuqv~=aA5j}dvTE;rhZN}jP^2?v62B@WY7$e z@30Z&%bxEzM%?Z?Vjxn_yk}c3;FR25Fy2SB{0ZT<=*Cb(a}@5^h*-#^)AXljM+nszm^?d?w6! zAe4w3|M4Ln#C<41ZR|{ihu!k}V;te_*ZzAk$0hv0@|75VC|!8Z1KCbMErB=5KwXym zPB3w4pJI)+I=w;Mc+FSSXw0sAmJ*72PMmRP)!6q{_V56}4VOrcMA&pDm!G5x%a9Th z8Dio5e2rX;OOgTrp%W2rY&<`jV6hUhwxY`~uUG3#1P&ald`4L94Y zV|TtAX!#hq9Wz>m(Kx!zNro1J7N#_AZDo}|%()viy+9lp%+Xp@n|@*DOXRCP;iMIj z-Qno9^&+*#yTVeSQ~YR>z1YS^rSf5pDD)CY{JSGLaC@*A5M+ds&xTecM~N{w>Bjs8 zt2(W9pPs(@z5G@AZ!ZuHqhh!Zq#$Ww~vWq;nP9E`gz(1d~mzDcsqO_4an$+&g`u4f*Om8hW zbT~;0U48n{dzE;4qv#S1u?_GgY)x&J?;;_4DT#tssjNJgO9riNN=^glZm>020KnRI zxBdlG80y0<&4wa#iaoF?QJeo6$>uFVC-pg9JobZ(vu?Cf5p~4DAM4!-E_pd)Ss^A^ zJZJ__kx{8i9d>fZr4(VJlgBrvbgGX6@z|)4;%8vA;KNtzkIUaLYD3io?))0(6unhZ zT_sWDa4-+donGl?&Bf zhA&K1Y%8FsgnCyuixp=FO*p^$_EV(0BC*(D^IXn~A1WpU_WcEh=_q zYol2SEAs$ONFXjI7A1y#)Jw7X!y8=4?K9ITD4W!vs&Dtm4X8)esQ*8Y1QPY#vo-Y2 zQD*JQ3kaHvq7>}ncgJ$5FCrVh>!;L*;2lU@w)Lf*Jl7v_-F%$$(Awbr6?%&u%i2R) zl$fW%*XToVOOMVm-bM4GV&~GR?_YYGCr8)DvJmd?b4FDNOmSdip zddU3mrq16B71*|Td=7N{(PA(m;_yLuJW{4qpm*j##){s|$@9BIf_s7ruPLAF`2CIh z$>mOkGx7$k-j%3pM>8Fa=?zmNoZBe?WCSRJCh?PDy~Z_k6`~M{dK{T4`qa*Yosf+ENQU z0fUgF2VdKShxfaW;BRYSMBQwRiLeJbH72$)Iq-aX4J}d#W>@A7;MfKf+&fEF5l#Ei zqa2<+=b}9z!iO%lJL#qQi+rT!Au|?E{df;tjUjKm9i&j=NVcFkW*=2bHpa{_?WTH5 z_Q}fq#rgzrXMa;ipx+gUtYnLA`URODx+p=7p5%kQ-JHOg7#$wbv*Hq8QkL?sMTI5A zO5E+9Q~r8gt9dO}W5=TNC?C=mE4LLXVu@!Ah$h=$>V}Hv>QkK5sTiF^d&DaNU(DWb zJqh_-yn_$MY)`^yA#Y-TYgPJjx#MP`XM8!;tdod{H`wUY2l5Izweu7Jnx1>k6GMEo zw4_ztiQE1~3CmEj%Mx$XH=2+s_<4c|3`&EvDAafOvZ%nMwRT~Ms2(IMvjFDaT`E1bhKWDkTkYorbNeoh+xU6o|d} z{Ww&><1n%j+}CTZ{8qi>mE=}jVlx|$Vv+fP_Qv#`W2sk-urv1SNrQV0wxL?5ERKRi z^k<6uEzhn4?-y%Uo3OS~kCB&n$d{;g2jYLW5wK5pacmr62)U1^f1bpqjM+#2$GQaU zQAYeTGu8j2f%t;Vm_`v?koo0}>c_^buo?0L-H-*+i-FFr;*IMq5648uiC$`_=h+VE zJrqz9T$J#~AnL8E4sbKU1XubXHb~g)<67W_?|`nFo1AXFMr{j=Q9#jvUZ}`|4oC=m z^umNCcJTgi^-4gTYs;>I%kwh%e&r+qB5|`<6q96k2I-lTr zm$5L|{0nKGBw%KjW+FDAOo?XQ{%VT#v+4TihjPq=1Il#g_JJ|eu#&CbOT$G*8RJhK zrsXPevOcD-6;ajviXt(40K_O;=pPo2{XUwcADW@5gV7_gi70qnaZw4Q`naNvL|JH> z(aplsp~Ax>F_lt=IY(Uq;sEYJTB!J24mnljIaxUO=*g|_H5nQ7v%)}m>3z2CaMd*) zSFE!q@#}iCeGsu*^ePZxn7D@l-GOJ6sV>j}lPF>5)67R$q^h!8ul)sSF`Rl5`(S|A zQe(XQ1}<@w1b-SAGnsS3zF z5m8*APa)k(7+fVu1%IZt`FrI!Ga1N$fJ1Rv3(w-rfvZ!If98dIwTzq09WoCN!ufNrkwA3=1bPa8zew?{%iE}3eSm!12+9u zXCjz)tSg?n6Wn1wBT=j~_BS8kaujLx+bhtf@8cAr`Af;={hqFKk_gI?PNt~eQUjZP^-fG2 zb)z+dXyd7_t_G7%WNW^?4-ON%0aA7Dgn82V=py0KTpF+m7moX9`tXN5n+@ze?*c+f zNPc=9xquw-1#h3eDXkQ*`NX2N_0G~oX|W3(5ObnmHm?xKz_Yo+;m(J5$+Q2bwet>! zyIuSEgCJ2NO^6yKdhgK^T_k$9maq{-@14X(OOU2T%Ob4qQ8r?+5+#JNSXK}l!m45Q z)pLGJo|E&OGw*rloq6|<-|Wo(W@qkSx$gV^Uf=8bP>qJJDK)7CLJ7hfRl3rTP&-?G zA)dfezDFzoV=kK4G~1LV)6Hm-vh48(Rh7vLpX5P2g}AqO!m zO92yZWKGRJd=}eP*QJ?F1nsxhcN&t6^{p5YKDXXxM!sx=-V`y)vF)t4Bxs5Y>-Bo< z>XtiQHf^&A&76v0$skTNS_PDATb~`W8-*l$ns#-|>lt}fSePDQ!8q%hZq@u2PeZD* z)$8c(S7dVyLR*$8X(SE1!N?xT$r3(y7VLK^Y=-Q3R7gV(wnG5k58#JbQ*E5XHTq{- zD^?WGDkM2F^}n5(9TH;j%4ZdOzPI)6m643d#`;vwxn+w9_8SD@5iOu+G3JABv>&S0 zy2%Lf67(H6{Gg+I6~ToJF`dT)_?q0>$JI1K&a=ffo07VX((CZoqHsc^6sW0l-~u0o z=3SjR-iRC`5x2%(8-(^A4dk_JD#0783;EkLPd-KjDWD$wm7psb3od_Ba;>JNjBY;o zYV8wHauD$}&P&l7EZBqy$_&X|HsBR85{nAmI0(L9RHxUdKgH^aHq6iYL0I_-=M~O- z?IYwrw;{8!+nBg<_?TVVe_hqOjj`=xzLRMhM9cnKHp)zfEpglvxE z$IN(9cLI?imu66y9ly&`v1`H2f+h>~E-9iHR>Q)0xQ-J;{7C1`JZ=}{z)eU0o{~&n zD5zO6Dci_XeLR3WQ?}~E`@1(x{|GW8#_(VR_X9T%U)DlF-Qrx0^2;0Tw@eMK&?82f zT{v-(^OtA!rXq&g1JkG96&#eX^d?#=`t6cCVJNfk7mAoJc_@UKw{FptUQ|yT5&|U|o)s9WAm9HnC z@l*bs{h>QUWU|(f99@Pj7~{iqwO1Nogz1}rt7Koi9b&~M`UF?biacg>wH^PnDj?S5 zLM41SXNOYHraH=8pS{>&X|;HMaB!+$dVW{3e`*r9NCF$SJ@SAK!=$x67{XsC-U2Ex zd;-w9s}OC>oWvA=u*pS)U!ciO{DllDZ?;4hsmHd#zTD;V>F94D@`R*;soMJs@`#@4 zf@0G)+T5{wmjTi+TPWL$B7excK52;u_iJ(;(l+<~&l`5?>pthE3 z*LqGv6-@OtK^?2r)Xp2b+zZa1^RA(Dg$?@tJlp#2#l+8_&KDi)Y~X8ptFXomP!f$VWsGipQEIk%W1&$f!{cB)oCuF zVrToxZZC|0sWllw(lI=ROLuEDlp4EiP&6)ObM*B(-{3`G*?!9; z_-tBsevL|1Azg`5ib~j*Lv}V-xPRj>ZT0v*0~XLgQ(8tQek`lx{nG_Ac@1q4LmS-3 z*7Nn}nAJYT_V&k|Z9I&-a}fj1)Scp(HYYT)mGll$6>ROXIhmCRB?-YbZ6r=~L43s% z$4#_IC2YD7wgRkm`RL;dL-#rAi)~m3hkQm=4kc`Vp7Ib`EE7Chnw5^d2AH_&laL-s zeo@bEqx5HyWe0b(F3RAYp~idkZ7fFJ@poAqA_)`E1Y!js!P}O;_Y5^J2}ti);g(lF z`F))*0{9Qdd%pC(C4w?PjN)MPlQdllwRM`AKNpo5f}ma@El;5k{2XW>fMtvtI`bA( zhA!u)xogO9eeVSQOtZo5oB5;59)eM)=tE*&Fiacvw{r^$3%>cB;8t?KUJcQpy^h2x z^J!^sWle;Wdjvc6w!VGZ7pvG^q}XEr63}icJgyT|$?PE_&V~r;kJ<@{*TM>%ov^P} z9~%sbujGZS{jz*avmB4g0EgcK)T@TZtaA4{Y!8F`xtqTqHn}#~i%($iiOIpGqR!l` z#}^ltmtlFEJT5CtvHd0Fr2|2JO74mlS|gW=Yv-<3@W&*;rxM3aQ7%^&8FE)aHAPu< z2H8Ldwo4f=ht4)q`@`aVWD^UifxxHCt;cmumA za|yxpwNY-}ofUgmJ9FAJp*OKOOTAZ2?;N{l%uTKJMUrf}`HsTOq6~jvj7MuJs{j_u z_Nj0n3Q{|b@2rxYvV^Q~B=cbv7LqXATs9T6FI*TpJR|gF@vqTv>)w`qhw@U{*a0cp zqIq3K#GN}I`9+7*v`p@&Fq_K%^G&li3}Ct?f5I;`L%^Nf4wlq4^H4&-6!*}BDZECZ zv%_W0b{wz89%kSCWKZ=2zBTop(YhX*AGK_)o9R3*rw|!mo$6CC{pDU?{&@ikIePh9 zf}@WzzivrZJPTMy1wCJ0_IAtfEMLUji+yo)%lcrqFCppEM3HMD?5+kH35W%u9HX#a z%WnMb`8l=_TvZQD72PlRb&rPCb=>rwM>-^Y#h#@ug&yrig2f-FXeDxKq1E?Z#GObJ zwK#*{vGUt@zUah@*mbBS(C$A2!Qhet{&or}vbMvlV-vK<0_i6Mr&j~aMun3-Ok`3R z(~QcOIQwQ3;8~#71&I4K{M|Q3A?93;ObhliEM*pE8djICkts(fSqlmY=BV4Nw=%Z&8a53<;jdm6~E#75Rn;MT`{8! z8ouPZd1`Bn4PbTVBmOf*psYND=Qtv;{yvZ<;0-e-zLSxm6mO7CzyfT;oT*f2|2`=< zc+29uFp{*m0;uGdWzPt$0tyyoe{7qTAIT)wX8~4qyKMe_(sq$1k0HKhj?{$(R*4if z17 zaW7kCZgSKpj&pGvz7{{u1{uG9) zKh96n?6y>ko%8pW7o-TU(kR+kq8&DgFM6W9l3j5nAq6^$t76z330{SaiEGV|V4Kk5 z;wcvFr4uS@5p}-xPUBv2DM5g;JNdnpa#+H@+m7UjrR5!aUA=KZID>k8I7WZP0cN4LPzNo zMDXmSgp^s#O7jOwH0849_FBlq&Ny!BM79p2A!+D?OXI6sEXMr%Q>Goa240?bj_ZdYKhmLU-y>5K ze0EZ6lEI)JhIisUy=_6Kg5P|9S4V$bXOGO`D#vnxM`co=m_z%|uGPA1EpfljDK;f0+GF=xHw%eP(Mj!DXFVoYh8j7Lg1c z+cmXLl3YYvt7BF|2MKM}I7fH;$cB>SjfgBpx+Ha-c0Q^hA@JoNt23V5W&;7yoYx{+ zm@mBMW9*1oU!V^B0kV1uEnGXX1=%mR-QM5QSrw*YjB@^s?XIEtjqR4G@&})EHGD2a zbp&YiGnwNffs+5%7OktAZ+_{|5#0W zmb;!Rs2`3t`@^2D>ykluJi}}VZaeV|8YRJUW7<{REqI9dVR1JispfM2|KyDNq%rLO z;e4kmOq2OgjlTW{&*eAdl0PiKwGmdaqrCf?oDVz;uuq=koPFEk_uk6Zb7Tn(mP01Y zk|h8S786olRR57OPJY%Nt#0@E)Jce8#S%}4wkPD9Tn-P5SYM_keNECZ%t47GD?xkw z?=>EPAch$R1To&X6||Fdf?tVr;SV#?qSbXYVWNG8P?}JQlC_P2GxVdX8Vf&%PlD{J zCMuW*cR8RflC>2Hv#P6yiFRyEd@byRm6S%6Lwox7C)FJ}93F&Zd#(1TeR;};e(u+j z{*>1K`$&Fd^T$`2{TPy+9*7UL_M#U&qgij*CA2*3qv`Zr-9hjVRePnx5V^6hDIAIW zD4e-C7apjp31!RbK8Sb%6pk_g+47T#43`_N_@^Y9Gp^reM8TsNe3kjP+fjjvXrxE} zW}CAmbJyaC!Iz+|GCuE%V3K&YVKz)jh<4<%={5^TGu5W;k~7%lZkyfkpr=Qm5Ru_$ zkwog4^cPK^YdDEpy)=bS@n#)@?>Gqoy$A1vRHaA{H$wD|5{@lp#?2yKdT1FR z8(JEnueh^qkcmIAHCYa*8-cdmQ zw^aQn)4woLN5FER#^H#Uomct^dDC)4Z_E>7c!bPmi5j$pl`uRpr~8}$75e+Up^ zVMi=+K(#qSH6I0(ha@h1%&)`oyMOfKuLDU7{ROQ5b=t8F^#A9NUalDM6N&;qL#!Y7 zIdb^q{$K~1%lzBWgJWMzgxNYcrGrjI>UC$gg`^|N4bEkzD*nsJNZ099(|^1_zXavN zxno%Q(Nu{`4K~Os#!qUELs=TbLAk^~fX_`$eT@pWJ5m1tKs=qB literal 0 HcmV?d00001 diff --git a/docs/appendix/examples/dmvpn.rst b/docs/appendix/examples/dmvpn.rst index 44c08de4..08a51838 100644 --- a/docs/appendix/examples/dmvpn.rst +++ b/docs/appendix/examples/dmvpn.rst @@ -4,28 +4,49 @@ DMVPN Hub ######### -General infomration can be found in the :ref:`vpn-dmvpn` chapter. +******** +Overview +******** + +General information can be found in the :ref:`vpn-dmvpn` chapter. + +This blueprint uses VyOS as the DMVPN Hub and Cisco (7206VXR) as multiple +spokes. The lab was build using :abbr:`EVE-NG (Emulated Virtual Environment NG)`. + +.. figure:: /_static/images/blueprint-dmvpn.png + :alt: DMVPN network + +Each node (Hub and Spoke) uses an IP address from the network 172.16.253.128/29. + +The below referenced IP address `192.0.2.1` is used as example address +representing a global unicast address under which the HUB can be contacted by +each and every individual spoke. Configuration ============= -VyOS Hub --------- +Hub +--- .. code-block:: none + set interfaces ethernet eth0 address 192.0.2.1/24 + set interfaces tunnel tun100 address '172.16.253.134/29' set interfaces tunnel tun100 encapsulation 'gre' - set interfaces tunnel tun100 local-ip '203.0.113.44' + set interfaces tunnel tun100 local-ip '192.0.2.1' set interfaces tunnel tun100 multicast 'enable' set interfaces tunnel tun100 parameters ip key '1' - set protocols nhrp tunnel tun100 cisco-authentication + set protocols nhrp tunnel tun100 cisco-authentication 'secret' set protocols nhrp tunnel tun100 holding-time '300' set protocols nhrp tunnel tun100 multicast 'dynamic' set protocols nhrp tunnel tun100 redirect set protocols nhrp tunnel tun100 shortcut + set system host-name 'HUB' + set system time-zone 'UTC' + set vpn ipsec esp-group ESP-HUB compression 'disable' set vpn ipsec esp-group ESP-HUB lifetime '1800' set vpn ipsec esp-group ESP-HUB mode 'tunnel' @@ -43,47 +64,82 @@ VyOS Hub set vpn ipsec ike-group IKE-HUB proposal 2 dh-group '2' set vpn ipsec ike-group IKE-HUB proposal 2 encryption 'aes128' set vpn ipsec ike-group IKE-HUB proposal 2 hash 'sha1' + set vpn ipsec ipsec-interfaces interface 'eth0' set vpn ipsec profile NHRPVPN authentication mode 'pre-shared-secret' - set vpn ipsec profile NHRPVPN authentication pre-shared-secret + set vpn ipsec profile NHRPVPN authentication pre-shared-secret 'secret' set vpn ipsec profile NHRPVPN bind tunnel 'tun100' set vpn ipsec profile NHRPVPN esp-group 'ESP-HUB' set vpn ipsec profile NHRPVPN ike-group 'IKE-HUB' -Cisco IOS Spoke ---------------- +Spoke +----- -This example is verified with a Cisco 2811 platform running IOS 15.1(4)M9 and -VyOS 1.1.7 (helium) up to VyOS 1.2 (Crux). - -.. code-block:: none - - Cisco IOS Software, 2800 Software (C2800NM-ADVENTERPRISEK9-M), Version 15.1(4)M9, RELEASE SOFTWARE (fc3) - Technical Support: http://www.cisco.com/techsupport - Copyright (c) 1986-2014 by Cisco Systems, Inc. - Compiled Fri 12-Sep-14 10:45 by prod_rel_team - - ROM: System Bootstrap, Version 12.3(8r)T7, RELEASE SOFTWARE (fc1) - -Use this configuration on your Cisco device: +The individual spoke configurations only differ in the local IP address on the +``tun10`` interface. See the above diagram for the individual IP addresses. + +spoke01 +^^^^^^^ .. code-block:: none + Current configuration : 1773 bytes + ! + ! Last configuration change at 14:46:27 UTC Sun Nov 15 2020 + upgrade fpd auto + version 15.1 + service timestamps debug datetime msec + service timestamps log datetime msec + no service password-encryption + ! + hostname spoke01 + ! + boot-start-marker + boot-end-marker + ! + ! + ! + no aaa new-model + ! + ip source-route + ip cef + ! + ! + ! + ! + ! + no ipv6 cef + ! + multilink bundle-name authenticated + ! + ! + ! + ! + ! + ! + ! crypto pki token default removal timeout 0 + ! + ! + ! + redundancy + ! + ! + ! crypto keyring DMVPN - pre-shared-key address 198.51.100.2 key + pre-shared-key address 192.0.2.1 key secret ! crypto isakmp policy 10 encr aes 256 authentication pre-share group 2 - ! crypto isakmp invalid-spi-recovery crypto isakmp keepalive 30 30 periodic crypto isakmp profile DMVPN keyring DMVPN - match identity address 203.0.113.44 255.255.255.255 + match identity address 192.0.2.1 255.255.255.255 + ! ! crypto ipsec transform-set DMVPN-AES256 esp-aes 256 esp-sha-hmac mode transport @@ -93,17 +149,66 @@ Use this configuration on your Cisco device: set transform-set DMVPN-AES256 set isakmp-profile DMVPN ! + ! + ! + ! + ! + ! interface Tunnel10 description Tunnel to DMVPN HUB ip address 172.16.253.129 255.255.255.248 no ip redirects - ip nhrp authentication - ip nhrp map multicast 203.0.113.44 - ip nhrp map 172.16.253.134 203.0.113.44 + ip nhrp authentication secret + ip nhrp map 172.16.253.134 192.0.2.1 + ip nhrp map multicast 192.0.2.1 ip nhrp network-id 1 ip nhrp holdtime 600 ip nhrp nhs 172.16.253.134 ip nhrp registration timeout 75 - tunnel source Dialer1 + tunnel source FastEthernet0/0 tunnel mode gre multipoint tunnel key 1 + ! + interface FastEthernet0/0 + ip address dhcp + duplex half + ! + interface FastEthernet1/0 + no ip address + shutdown + duplex half + ! + ip forward-protocol nd + no ip http server + no ip http secure-server + ! + ! + ! + ! + ! + ! + ! + ! + ! + control-plane + ! + ! + ! + mgcp profile default + ! + ! + ! + gatekeeper + shutdown + ! + ! + line con 0 + stopbits 1 + line aux 0 + stopbits 1 + line vty 0 4 + login + transport input all + ! + end + diff --git a/docs/vpn/dmvpn.rst b/docs/vpn/dmvpn.rst index c4f53a72..9ca28b3c 100644 --- a/docs/vpn/dmvpn.rst +++ b/docs/vpn/dmvpn.rst @@ -1,17 +1,17 @@ .. _vpn-dmvpn: +##### DMVPN ------ +##### -**D** ynamic **M** ultipoint **V** irtual **P** rivate **N** etworking +:abbr:`DMVPN (Dynamic Multipoint Virtual Private Network)` is a dynamic +:abbr:`VPN (Virtual Private Network)` technology originally developed by Cisco. +While their implementation was somewhat proprietary, the underlying technologies +are actually standards based. The three technologies are: -DMVPN is a dynamic VPN technology originally developed by Cisco. While their -implementation was somewhat proprietary, the underlying technologies are -actually standards based. The three technologies are: - -* **NHRP** - NBMA Next Hop Resolution Protocol :rfc:`2332` -* **mGRE** - Multipoint Generic Routing Encapsulation / mGRE :rfc:`1702` -* **IPSec** - IP Security (too many RFCs to list, but start with :rfc:`4301`) +* :abbr:`NHRP (Next Hop Resolution Protocol)` :rfc:`2332` +* :abbr:`mGRE (Multipoint Generic Routing Encapsulation)` :rfc:`1702` +* :abbr:`IPSec (IP Security)` - too many RFCs to list, but start with :rfc:`4301` NHRP provides the dynamic tunnel endpoint discovery mechanism (endpoint registration, and endpoint discovery/lookup), mGRE provides the tunnel