«
»

Setting up Client-Server OpenVPN on Vyatta 5 – Part2

Vyatta is a great free firewall/routing solution.  As of version 5 (I’m specifically using 5.0.2), OpenVPN support was added.  OpenVPN is a much better alternative than any of the L2TP/IPSec VPN solutions out there, and with just a little problem solving, I was able to get a Client-Server (aka road-warrior) vpn set up.

In Part1, I explained how to get the certificates and keys generated.  Part2 explains how to setup OpenVPN within Vyatta.

  1. The OpenVPN Client-Server implementation for Vyatta requirs TLS.  The keys and certificates for this must be created first (see earlier post).
  2. Within the new GUI, set up the virtual tunnel interface on Vyatta.  Select openvpn under interfaces and press the Create button.
  3. Enter an interface name, and select the set button.  *I was only successful using the name vtun# (where # is a number like eth0, eth1, eth2…)
  4. After the interface is created, enter the vtun# mode as server
  5. Set any openvpn-option values needed, such as dhcp or routes, and press the set button.  Example:  –push dhcp-option DNS 192.168.1.10 –push route 192.168.1.0 255.255.255.0.  This should correlate to the network behind Vyatta with which the clients need to communicate.
  6. Select server under the vtun# interface and press the Create button
  7. Enter the subnet you wish the clients to have and select subnet for the topology and press the set button.  I commonly use 172.16.x.x through 172.31.x.x as to not conflict with home networks who often use192.168.x.x and businesses who often use 10.x.x.x.
  8. Select tls under the vtun# interface and press the Create button
  9. Enter the correct certificate and key files and press the Set button.  The crl-file and role are not required.
    • ca-cert-file = ca.crt
    • cert-file = servername.crt
    • dh-file = dh1024.pem
    • key-file = servername.key
  10. Commit your changes

At this point, the OpenVPN configuration within Vyatta is complete, however, the client must still be configured.

This entry was posted on Wednesday, June 10th, 2009 at 2:55 pm and is filed under Computers. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

2 Responses to “Setting up Client-Server OpenVPN on Vyatta 5 – Part2”

  1. Hendrik says:
    8/20/2009 at 5:25 am

    Hi

    Everytime that I enter this setting and I commit,
    My Vyatta disconnect and all my settings are lost.

    Why would this happen?

    Thanks
    Hendrik

  2. AtlantisAL says:
    8/20/2009 at 12:52 pm

    Hendrik,
    Did you follow Part1 of the post? Is Vyatta completely rebooting, or only the interface through the browser. If it just appears to be the browser, then I would try a different browser. If Vyatta itself is crashing and causing a restart, then I would try the above steps but do them via the command line instead of the new GUI. (It is fairly new and there could be bugs associated)

Leave a Reply