사설망 구축 및 설치하기 3편 – IPSEC VPN with GRE Tunnel

1. 구성 목표

1.1 NAT없이 Multicenter private IP와 Bluemix Infra의 연결

IPSEC VPN과 GRE Tunnel 기능을 활용하여 고객 제1센터와 제2센터를 연결하고 고객 센터간 사설IP 변경 없이 Sorftlayer private network와 통신이 가능한 구성입니다.

1.2 Bluemix Infra center를 활용한 Bridge or Hub center 구성

IPSEC VPN 기능을 활용하여 여러 지역에 위치한 각 고객센터는 가까운 Sloftlayer center와 IPSEC VPN을 통해 연결 되고, GRE Tunnel을 이용하여 Bluemix Infra 내부구간간을 연결하여 고개센터간 IP변경없이 사설IP를 이용하여 통신이 가능한 구성입니다.

2. 구성 설명

설계


구성을 위해 Bluemix Infra 각 센터에는 Vyatta, 고객의 각 센터에는 IPSEC VPN이 필요합니다,

고객1센터(US)에는 서버 1존, 고객 2센터(EU)에는 서버 2존이 존재하고 양 센터와 가까운 Bluemix Infra를 통해 IP변경 없이 모든 센터가 통신이 가능한 상황이 필요한 환경을 가정하여 구성합니다.

Case1구성

2.1 IPSEC Tunnel 구성 내용 확인

A. Phase-01

Authentication Pre-Shared key : IPSecVPNPassword

Encryption method : 3DES

Hash method : SHA1

DH Group: 1

Lifetime: 3800 Second

B. PHASE-02

Encryption method : 3DES

Hash method : SHA1

DH Group : 1

Lifetime: 3800 Second

C. Vyatta_US connect IP: 50.23.69.194

Vyatta local IP: 10.0.0.0/8

IPSEC interface: bond1

GRE mode: site to site

GRE tunnel IP: 192.168.1.1/24

GRE local IP: 10.52.109.8

GRE remote IP: 10.134.98.52

D. Vyatta_EU connect IP: 159.122.94.116

Vyatta local IP: 10.0.0.0/8

GRE mode: site to site

GRE tunnel IP: 192.168.1.100/24

GRE local IP: 10.134.98.52

GRE remote IP: 10.52.109.8

E. 제1센터 connect IP: 192.155.223.54

제1센터 local IP: 10.91.31.0/24

F. 제2센터 connct IP: 119.81.184.214

제2센터 Local IP: 10.111.40.0/24

2.2 Vyatta_US, Vyatta_EU Ipsec VPN 정책 설정

set vpn ipsec esp-group ESP-G0 lifetime ‘3600’

set vpn ipsec esp-group ESP-G0 pfs ‘dh-group1’

set vpn ipsec esp-group ESP-G0 proposal 1 encryption ‘3des’

set vpn ipsec esp-group ESP-G0 proposal 1 hash ‘sha1’

set vpn ipsec ike-group IKE-G0 lifetime ‘14400’

set vpn ipsec ike-group IKE-G0 proposal 1 dh-group ‘1’

set vpn ipsec ike-group IKE-G0 proposal 1 encryption ‘3des’

set vpn ipsec ike-group IKE-G0 proposal 1 hash ‘sha1’

set vpn ipsec ipsec-interfaces interface ‘bond1’

2.3 Vyatta_US Ipsec VPN tuunel 1 설정

set vpn ipsec site-to-site peer 192.155.223.54 authentication mode ‘pre-shared-secret’

set vpn ipsec site-to-site peer 192.155.223.54 authentication pre-shared-secret ‘IPSecVPNPassword’

set vpn ipsec site-to-site peer 192.155.223.54 default-esp-group ‘ESP-G0’

set vpn ipsec site-to-site peer 192.155.223.54 ike-group ‘IKE-G0’

set vpn ipsec site-to-site peer 192.155.223.54 local-address ‘50.23.69.194’

set vpn ipsec site-to-site peer 192.155.223.54 tunnel 1 local prefix ‘10.0.0.0/8’

set vpn ipsec site-to-site peer 192.155.223.54 tunnel 1 remote prefix ‘10.91.31.0/24”

2.4 Vyatta_EU Ipsec VPN tuunel 2 설정

set vpn ipsec site-to-site peer 119.81.184.214 authentication mode ‘pre-shared-secret’

set vpn ipsec site-to-site peer 119.81.184.214 authentication pre-shared-secret ‘IPSecVPNPassword’

set vpn ipsec site-to-site peer 119.81.184.214 default-esp-group ‘ESP-G0’

set vpn ipsec site-to-site peer 119.81.184.214 ike-group ‘IKE-G0’

set vpn ipsec site-to-site peer 119.81.184.214 local-address ‘159.122.94.116’

set vpn ipsec site-to-site peer 119.81.184.214 tunnel 1 local prefix ‘10.0.0.0/8’

set vpn ipsec site-to-site peer 119.81.184.214 tunnel 1 remote prefix ‘10.111.40.0/24’

2.5 Vyatta_US Ipsec VPN tuunel 확인

vyatta@vyatta:~$ show vpn ipsec sa

Peer ID / IP Local ID / IP

———— ————-

192.155.223.54 50.23.69.194

Tunnel State Bytes Out/In Encrypt Hash NAT-T A-Time L-Time Proto

—— —– ————- ——- —- —– —— —— —–

1 up 0.0/1.2K 3des sha1 no 354 3600 all

2.6 Vyatta_US route table 확인

vyatta@vyatta:~$ show ip route

Codes: K – kernel, C – connected, S – static, R – RIP, B – BGP

O – OSPF, IA – OSPF inter area

N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2

E1 – OSPF external type 1, E2 – OSPF external type 2

i – IS-IS, L1 – IS-IS level-1, L2 – IS-IS level-2, ia – IS-IS inter area

> – selected route, * – FIB route, p – stale info

Gateway of last resort is 50.23.69.193 to network 0.0.0.0

S *> 0.0.0.0/0 [1/0] via 50.23.69.193, bond1

S *> 10.0.0.0/8 [1/0] via 10.52.109.1, bond0

C * 10.52.109.0/26 is directly connected, bond0v1

C *> 10.52.109.0/26 is directly connected, bond0

1K *> 10.91.31.0/24 is directly connected, bond1v1

C * 50.23.69.192/29 is directly connected, bond1v1

C *> 50.23.69.192/29 is directly connected, bond1

C *> 127.0.0.0/8 is directly connected, lo

2.7 Vyatta_EU Ipsec VPN tuunel 확인

vyatta@vyatta:~$ show vpn ipsec sa

Peer ID / IP Local ID / IP

———— ————-

119.81.184.214 159.122.94.116

Tunnel State Bytes Out/In Encrypt Hash NAT-T A-Time L-Time Proto

—— —– ————- ——- —- —– —— —— —–

1 up 0.0/1.4K 3des sha1 no 354 3600 all

2.8 Vyatta_EU route table 확인

vyatta@vyatta:~$ show ip route

Codes: K – kernel, C – connected, S – static, R – RIP, B – BGP

O – OSPF, IA – OSPF inter area

N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2

E1 – OSPF external type 1, E2 – OSPF external type 2

i – IS-IS, L1 – IS-IS level-1, L2 – IS-IS level-2, ia – IS-IS inter area

> – selected route, * – FIB route, p – stale info

S *> 0.0.0.0/0 [1/0] via 159.122.94.113, bond1

S *> 10.0.0.0/8 [1/0] via 10.134.98.1, bond0

1K *> 10.11140.0/24 is directly connected, bond1v1

C * 10.134.98.0/26 is directly connected, bond0v1

C *> 10.134.98.0/26 is directly connected, bond0

C *> 127.0.0.0/8 is directly connected, lo

C * 159.122.94.112/28 is directly connected, bond1v1

C *> 159.122.94.112/28 is directly connected, bond1

C *> 192.168.1.0/24 is directly connected, tun0

2.9 Vyatta_US GRE tunnel 설정

set interfaces tunnel tun0 address ‘192.168.1.1/24’

set interfaces tunnel tun0 encapsulation ‘gre’

set interfaces tunnel tun0 local-ip ‘10.52.109.8’

set interfaces tunnel tun0 remote-ip ‘10.134.98.52’

2.10 Vyatta_EU GRE tunnel

set interfaces tunnel tun0 address ‘192.168.1.100/24’

set interfaces tunnel tun0 encapsulation ‘gre’

set interfaces tunnel tun0 local-ip ‘10.134.98.52’

set interfaces tunnel tun0 remote-ip ‘10.52.109.8’

2.11 Vyatta_US GRE tunnel 확인

vyatta@vyatta:~$ sh int tu tun0

tun0@bond0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1476 qdisc noqueue state UP

link/gre 10.52.109.8 peer 10.134.98.52

inet6 fe80::5efe:a34:6d08/64 scope link

valid_lft forever preferred_lft forever

RX: bytes packets errors dropped overrun mcast

0 0 0 0 0 0

TX: bytes packets errors dropped carrier collisions

0 0 0 0 0 0

2.12 Vyatta_EU GRE tunnel 확인

vyatta@vyatta:~$ sh int tunnel tun0

tun0@bond0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1476 qdisc noqueue state UP

link/gre 10.134.98.52 peer 10.52.109.8

inet6 fe80::5efe:a86:6234/64 scope link

valid_lft forever preferred_lft forever

RX: bytes packets errors dropped overrun mcast

212 2 0 0 0 0

TX: bytes packets errors dropped carrier collisions

496 4 0 0 0 0

2.13 Vyatta_US Static routing 설정(목적지가 제2센터 서버 2존)

set protocols static route 10.111.40.0/24 next-hop ‘192.168.1.100’

2.14 Vyatta_US Static routing 확인(목적지가 제2센터 서버 2존)

vyatta@vyatta:~$ show ip route

Codes: K – kernel, C – connected, S – static, R – RIP, B – BGP

O – OSPF, IA – OSPF inter area

N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2

E1 – OSPF external type 1, E2 – OSPF external type 2

i – IS-IS, L1 – IS-IS level-1, L2 – IS-IS level-2, ia – IS-IS inter area

> – selected route, * – FIB route, p – stale info

Gateway of last resort is 50.23.69.193 to network 0.0.0.0

S *> 0.0.0.0/0 [1/0] via 50.23.69.193, bond1

S *> 10.0.0.0/8 [1/0] via 10.52.109.1, bond0

1S *> 10.111.40.0/24 [1/0] via 192.168.1.100, tun0

C * 10.52.109.0/26 is directly connected, bond0v1

C *> 10.52.109.0/26 is directly connected, bond0

K *> 10.91.31.0/24 is directly connected, bond1v1

C * 50.23.69.192/29 is directly connected, bond1v1

C *> 50.23.69.192/29 is directly connected, bond1

C *> 127.0.0.0/8 is directly connected, lo

2.15 Vyatta_US Static routing 설정(목적지가 제1센터 서버 1존)

set protocols static route 10.91.31.0/24 next-hop ‘192.168.1.1’

2.16 Vyatta_US Static routing 확인(목적지가 제1센터 서버 1존)

vyatta@vyatta:~$ sh ip route

Codes: K – kernel, C – connected, S – static, R – RIP, B – BGP

O – OSPF, IA – OSPF inter area

N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2

E1 – OSPF external type 1, E2 – OSPF external type 2

i – IS-IS, L1 – IS-IS level-1, L2 – IS-IS level-2, ia – IS-IS inter area

> – selected route, * – FIB route, p – stale info

Gateway of last resort is 159.122.94.113 to network 0.0.0.0

S *> 0.0.0.0/0 [1/0] via 159.122.94.113, bond1

S *> 10.0.0.0/8 [1/0] via 10.134.98.1, bond0

1S *> 10.91.31.0/24 [1/0] via 192.168.1.1, tun0

K *> 10.96.0.0/12 is directly connected, bond1v1

C * 10.134.98.0/26 is directly connected, bond0v1

C *> 10.134.98.0/26 is directly connected, bond0

C *> 127.0.0.0/8 is directly connected, lo

C * 159.122.94.112/28 is directly connected, bond1v1

C *> 159.122.94.112/28 is directly connected, bond1

C *> 192.168.1.0/24 is directly connected, tun0

결과 확인

제2센터 서버 2존의 10.111.40.80서버에서 tunnel 2와 tunnel1을 통해 제1센터 서버1존의 10.91.31.75 서버까지 ping test 확인

Case 2 구성


3. IPSEC Tunnel 구성 내용 확인

A. Phase-01

Authentication Pre-Shared key : IPSecVPNPassword

Encryption method : 3DES

Hash method : SHA1

DH Group: 1

Lifetime: 3800 Second

B. PHASE-02

Encryption method : 3DES

Hash method : SHA1

DH Group : 1

Lifetime: 3800 Second

C. Vyatta_US connect IP: 50.23.69.194

Vyatta local IP: 10.0.0.0/8

IPSEC interface: bond1

GRE mode: Multipoint (hub)

GRE tunnel IP: 192.168.1.1/24

GRE local IP: 10.52.109.8

GRE remote IP: 10.134.98.52

D. Vyatta_EU connect IP: 159.122.94.116

Vyatta local IP: 10.0.0.0/8

IPSEC interface: bond1

GRE mode: Multipoint (spoke)

GRE tunnel IP: 192.168.1.100/24

GRE local IP: 10.134.98.52

GRE remote IP: 10.52.109.8

E. 제1센터 connect IP: 192.155.223.54

제1센터 local IP: 10.91.31.0/24

F. 제2센터 connct IP: 119.81.184.214

제2센터 Local IP: 10.111.40.0/24

3.1 Vyatta_US, Vyatta_EU Ipsec VPN 정책 설정

set vpn ipsec esp-group ESP-G0 lifetime ‘3600’

set vpn ipsec esp-group ESP-G0 pfs ‘dh-group1’

set vpn ipsec esp-group ESP-G0 proposal 1 encryption ‘3des’

set vpn ipsec esp-group ESP-G0 proposal 1 hash ‘sha1’

set vpn ipsec ike-group IKE-G0 lifetime ‘14400’

set vpn ipsec ike-group IKE-G0 proposal 1 dh-group ‘1’

set vpn ipsec ike-group IKE-G0 proposal 1 encryption ‘3des’

set vpn ipsec ike-group IKE-G0 proposal 1 hash ‘sha1’

set vpn ipsec ipsec-interfaces interface ‘bond1’

3.2 Vyatta_US Ipsec VPN tuunel 1 설정

set vpn ipsec site-to-site peer 192.155.223.54 authentication mode ‘pre-shared-secret’

set vpn ipsec site-to-site peer 192.155.223.54 authentication pre-shared-secret ‘IPSecVPNPassword’

set vpn ipsec site-to-site peer 192.155.223.54 default-esp-group ‘ESP-G0’

set vpn ipsec site-to-site peer 192.155.223.54 ike-group ‘IKE-G0’

set vpn ipsec site-to-site peer 192.155.223.54 local-address ‘50.23.69.194’

set vpn ipsec site-to-site peer 192.155.223.54 tunnel 1 local prefix ‘10.0.0.0/8’

set vpn ipsec site-to-site peer 192.155.223.54 tunnel 1 remote prefix ‘10.91.31.0/24”

3.3 Vyatta_EU Ipsec VPN tuunel 1 설정

set vpn ipsec site-to-site peer 119.81.184.214 authentication mode ‘pre-shared-secret’

set vpn ipsec site-to-site peer 119.81.184.214 authentication pre-shared-secret ‘IPSecVPNPassword’

set vpn ipsec site-to-site peer 119.81.184.214 default-esp-group ‘ESP-G0’

set vpn ipsec site-to-site peer 119.81.184.214 ike-group ‘IKE-G0’

set vpn ipsec site-to-site peer 119.81.184.214 local-address ‘159.122.94.116’

set vpn ipsec site-to-site peer 119.81.184.214 tunnel 1 local prefix ‘10.0.0.0/8’

set vpn ipsec site-to-site peer 119.81.184.214 tunnel 1 remote prefix ‘10.111.40.0/24’

3.4 Vyatta_US Ipsec VPN tuunel 확인

vyatta@vyatta:~$ show vpn ipsec sa

Peer ID / IP Local ID / IP

———— ————-

192.155.223.54 50.23.69.194

Tunnel State Bytes Out/In Encrypt Hash NAT-T A-Time L-Time Proto

—— —– ————- ——- —- —– —— —— —–

1 up 0.0/1.2K 3des sha1 no 354 3600 all

3.5 Vyatta_US route table 확인

vyatta@vyatta:~$ show ip route

Codes: K – kernel, C – connected, S – static, R – RIP, B – BGP

O – OSPF, IA – OSPF inter area

N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2

E1 – OSPF external type 1, E2 – OSPF external type 2

i – IS-IS, L1 – IS-IS level-1, L2 – IS-IS level-2, ia – IS-IS inter area

> – selected route, * – FIB route, p – stale info

Gateway of last resort is 50.23.69.193 to network 0.0.0.0

S *> 0.0.0.0/0 [1/0] via 50.23.69.193, bond1

S *> 10.0.0.0/8 [1/0] via 10.52.109.1, bond0

C * 10.52.109.0/26 is directly connected, bond0v1

C *> 10.52.109.0/26 is directly connected, bond0

1K *> 10.91.31.0/24 is directly connected, bond1v1

C * 50.23.69.192/29 is directly connected, bond1v1

C *> 50.23.69.192/29 is directly connected, bond1

C *> 127.0.0.0/8 is directly connected, lo

3.6 Vyatta_EU Ipsec VPN tuunel 확인

vyatta@vyatta:~$ show vpn ipsec sa

Peer ID / IP Local ID / IP

———— ————-

119.81.184.214 159.122.94.116

Tunnel State Bytes Out/In Encrypt Hash NAT-T A-Time L-Time Proto

—— —– ————- ——- —- —– —— —— —–

1 up 0.0/1.4K 3des sha1 no 354 3600 all

3.7 Vyatta_EU route table 확인

vyatta@vyatta:~$ show ip route

Codes: K – kernel, C – connected, S – static, R – RIP, B – BGP

O – OSPF, IA – OSPF inter area

N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2

E1 – OSPF external type 1, E2 – OSPF external type 2

i – IS-IS, L1 – IS-IS level-1, L2 – IS-IS level-2, ia – IS-IS inter area

> – selected route, * – FIB route, p – stale info

S *> 0.0.0.0/0 [1/0] via 159.122.94.113, bond1

S *> 10.0.0.0/8 [1/0] via 10.134.98.1, bond0

1K *> 10.111.40.0/24 is directly connected, bond1v1

C * 10.134.98.0/26 is directly connected, bond0v1

C *> 10.134.98.0/26 is directly connected, bond0

C *> 127.0.0.0/8 is directly connected, lo

C * 159.122.94.112/28 is directly connected, bond1v1

C *> 159.122.94.112/28 is directly connected, bond1

C *> 192.168.1.0/24 is directly connected, tun0

3.8 Vyatta_US GRE tunnel 설정

set interfaces tunnel tun0 address ‘192.168.1.1/24’

set interfaces tunnel tun0 encapsulation ‘gre-multipoint’

set interfaces tunnel tun0 local-ip ‘10.52.109.8’

set interfaces tunnel tun0 multicast ‘enable’

set interfaces tunnel tun0 nhrp authentication pre-shared-secret ‘webzen’

set interfaces tunnel tun0 nhrp multicast parameters ‘dynamic’

set interfaces tunnel tun0 nhrp ‘redirect’

3.9 Vyatta_EU GRE tunnel 설정

set interfaces tunnel tun0 address ‘192.168.1.100/24’

set interfaces tunnel tun0 encapsulation ‘gre-multipoint’

set interfaces tunnel tun0 local-ip ‘10.134.98.52’

set interfaces tunnel tun0 multicast ‘enable’

set interfaces tunnel tun0 nhrp authentication pre-shared-secret ‘webzen’

set interfaces tunnel tun0 nhrp map 192.168.1.1/24 nbma-address ‘10.52.109.8’

set interfaces tunnel tun0 nhrp map 192.168.1.1/24 ‘register’

set interfaces tunnel tun0 nhrp multicast parameters ‘nhs’

set interfaces tunnel tun0 nhrp ‘redirect’

set interfaces tunnel tun0 nhrp ‘shortcut’

set interfaces tunnel tun0 parameters ip key ‘1’

set protocols static route 10.91.0.0/16 next-hop ‘192.168.1.1’

3.10 Vyatta_US GRE tunnel 확인

vyatta@vyatta:~$ sh int tunnel tun0

tun0@NONE: <MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1472 qdisc noqueue state UP

link/gre 10.52.109.8 brd 0.0.0.0

inet 192.168.1.1/24 brd 192.168.1.255 scope global tun0

valid_lft forever preferred_lft forever

inet6 fe80::5efe:a34:6d08/64 scope link

valid_lft forever preferred_lft forever

RX: bytes packets errors dropped overrun mcast

278 3 0 0 0 0

TX: bytes packets errors dropped carrier collisions

422 3 0 0 0 0

3.11 Vyatta_EU GRE tunnel 확인

vyatta@vyatta:~$ sh int tunnel tun0

tun0@NONE: <MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1472 qdisc noqueue state UP

link/gre 10.134.98.52 brd 0.0.0.0

inet 192.168.1.100/24 brd 192.168.1.255 scope global tun0

valid_lft forever preferred_lft forever

inet6 fe80::5efe:a86:6234/64 scope link

valid_lft forever preferred_lft forever

RX: bytes packets errors dropped overrun mcast

212 2 0 0 0 0

TX: bytes packets errors dropped carrier collisions

496 4 0 0 0 0

3.12 Vyatta_US Static routing 설정(목적지가 제2센터 서버 2존)

set protocols static route 10.111.40.0/24 next-hop ‘192.168.1.100’

3.13 Vyatta_US Static routing 확인(목적지가 제2센터 서버 2존)

vyatta@vyatta:~$ show ip route

Codes: K – kernel, C – connected, S – static, R – RIP, B – BGP

O – OSPF, IA – OSPF inter area

N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2

E1 – OSPF external type 1, E2 – OSPF external type 2

i – IS-IS, L1 – IS-IS level-1, L2 – IS-IS level-2, ia – IS-IS inter area

> – selected route, * – FIB route, p – stale info

Gateway of last resort is 50.23.69.193 to network 0.0.0.0

S *> 0.0.0.0/0 [1/0] via 50.23.69.193, bond1

S *> 10.0.0.0/8 [1/0] via 10.52.109.1, bond0

1S *> 10.111.40.0/24 [1/0] via 192.168.1.100, tun0

C * 10.52.109.0/26 is directly connected, bond0v1

C *> 10.52.109.0/26 is directly connected, bond0

K *> 10.91.31.0/24 is directly connected, bond1v1

C * 50.23.69.192/29 is directly connected, bond1v1

C *> 50.23.69.192/29 is directly connected, bond1

C *> 127.0.0.0/8 is directly connected, lo

3.14 Vyatta_US Static routing 설정(목적지가 제1센터 서버 1존)

set protocols static route 10.91.31.0/24 next-hop ‘192.168.1.1’

3.15 Vyatta_US Static routing 확인(목적지가 제1센터 서버 1존)

vyatta@vyatta:~$ sh ip route

Codes: K – kernel, C – connected, S – static, R – RIP, B – BGP

O – OSPF, IA – OSPF inter area

N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2

E1 – OSPF external type 1, E2 – OSPF external type 2

i – IS-IS, L1 – IS-IS level-1, L2 – IS-IS level-2, ia – IS-IS inter area

> – selected route, * – FIB route, p – stale info

Gateway of last resort is 159.122.94.113 to network 0.0.0.0

S *> 0.0.0.0/0 [1/0] via 159.122.94.113, bond1

S *> 10.0.0.0/8 [1/0] via 10.134.98.1, bond0

1S *> 10.91.31.0/24 [1/0] via 192.168.1.1, tun0

K *> 10.96.0.0/12 is directly connected, bond1v1

C * 10.134.98.0/26 is directly connected, bond0v1

C *> 10.134.98.0/26 is directly connected, bond0

C *> 127.0.0.0/8 is directly connected, lo

C * 159.122.94.112/28 is directly connected, bond1v1

C *> 159.122.94.112/28 is directly connected, bond1

C *> 192.168.1.0/24 is directly connected, tun0

결과 확인

제2센터 서버 2존의 10.111.40.80서버에서 tunnel 2와 tunnel1을 통해 제1센터 서버1존의 10.91.31.75 서버까지 ping test 확인