How to Configure Remote Access VPN Service on Vyatta
How to install vyatta image in vps.
1. Create a VPs using the vyatta iso image
vyatt iso has default user vyatta with password vyatta starter your vm and login the vps.
vyatta@vyatta: install image
To login the reoot user.
vyatta@vyatta: sudo -s
How to assign the ipaddress and hostname to vytta
vyatta@vyatta: configure
[edit]
vyatta@vyatta#
vyatta@vyatta#set interfaces ethernet eth0 address 192.168.1.25/28
[edit]
vyatta@vyatta#set system gateway-address 192.168.1.1
[edit]
vyatta@vyatta#set system host-name vyatta.pw.in
[edit]
vyatta@vyatta#set system name-server 8.8.4.4
[edit]
vyatta@vyatta#set system name-server 8.8.8.8
[edit]
vyatta@vyatta#commit
[edit]
vyatta@vyatta#save
Saving configuration to '/config/config.boot'...
Done
[edit]
How to install vpn on vyatta
vbash-4.1# ifconfig
eth0 Link encap:Ethernet HWaddr 9e:a3:c0:a8:76:3d
inet addr:192.168.1.25 Bcast:192.168.1.175 Mask:255.255.255.240
inet6 addr: fe80::9ca3:c0ff:fea8:763d/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3787 errors:0 dropped:0 overruns:0 frame:0
TX packets:2780 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:583364 (569.6 KiB) TX bytes:386117 (377.0 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:11498 errors:0 dropped:0 overruns:0 frame:0
TX packets:11498 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:690544 (674.3 KiB) TX bytes:690544 (674.3 KiB)
Welcome to Vyatta
Linux vyatta.bw.ae 3.3.8-1-586-vyatta #1 SMP Wed Mar 13 10:35:45 PDT 2013 i686
Welcome to Vyatta.
This system is open-source software. The exact distribution terms for
each module comprising the full system are described in the individual
files in /usr/share/doc/*/copyright.
Last login: Mon Apr 21 06:23:38 2014
vyatta@vyatta:~$ configure
[edit]
vyatta@vyatta# set vpn ipsec ipsec-interfaces interface eth0
[edit]
vyatta@vyatta# set vpn ipsec nat-traversal enable
[edit]
vyatta@vyatta# set vpn ipsec nat-networks allowed-network 0.0.0.0/0
[edit]
vyatta@vyatta# set vpn l2tp remote-access outside-address 192.168.1.25
[edit]
vyatta@vyatta# set vpn l2tp remote-access outside-nexthop 192.168.1.1
[edit]
vyatta@vyatta# set vpn l2tp remote-access client-ip-pool start 10.12.12.1
[edit]
vyatta@vyatta# set vpn l2tp remote-access client-ip-pool stop 10.12.12.126
[edit]
vyatta@vyatta# set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret
[edit]
vyatta@vyatta# set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret 14HG&^G%rf
[edit]
vyatta@vyatta# set vpn l2tp remote-access authentication mode local
[edit]
vyatta@vyatta# set vpn l2tp remote-access authentication local-users username user1 password prav_PASSWORD
[edit]
vyatta@vyatta# set vpn l2tp remote-access authentication local-users username user2 password 9&YHGFjh78p
[edit]
vyatta@vyatta# commit
[edit]
vyatta@vyatta# save
Saving configuration to '/config/config.boot'...
Done
[edit]
======================================================================
Now your Vyatta remote-access VPN should be fully configured and functional!
The Whole Configuration:
vyatta@vyatta: configure
[edit]
vyatta@vyatta#
set vpn ipsec ipsec-interfaces interface eth0
set vpn ipsec nat-traversal enable
set vpn ipsec nat-networks allowed-network 0.0.0.0/0
set vpn l2tp remote-access outside-address 1.1.1.20
set vpn l2tp remote-access outside-nexthop 1.1.1.1
set vpn l2tp remote-access client-ip-pool start 10.0.0.100
set vpn l2tp remote-access client-ip-pool stop 10.0.0.120
set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret
set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret P@SSW0RD
set vpn l2tp remote-access authentication mode local
set vpn l2tp remote-access authentication local-users username USER1 password US3R1
set vpn l2tp remote-access authentication local-users username USER2 password US3R2
commit
save
exit
===================================================
**Optional Settings:
Specify DNS servers to be used while connected to the VPN
set vpn l2tp remote-access dns-servers server-1 DNS_SERVER1_IP
set vpn l2tp remote-access dns-servers server-2 DNS_SERVER2_IP
Specify WINS server to be used while connected to the VPN
set vpn l2tp remote-access wins-servers server-1 WINS_SERVER1_IP
set vpn l2tp remote-access wins-servers server-2 WINS_SERVER2_IP
Specify the Message Transmission Unit (MTU)
IPv4 packets larger than the MTU will be fragmented unless the DF bit is set. In that case, the packets will be dropped and an ICMP “Packet too big” message is returned to the sender.
set vpn l2tp remote-access mtu <128-16384>
For information on setting up the client-side of the remote-access VPN, check out my guides on Mac and Windows Clients:
1. Create a VPs using the vyatta iso image
vyatt iso has default user vyatta with password vyatta starter your vm and login the vps.
vyatta@vyatta: install image
To login the reoot user.
vyatta@vyatta: sudo -s
How to assign the ipaddress and hostname to vytta
vyatta@vyatta: configure
[edit]
vyatta@vyatta#
vyatta@vyatta#set interfaces ethernet eth0 address 192.168.1.25/28
[edit]
vyatta@vyatta#set system gateway-address 192.168.1.1
[edit]
vyatta@vyatta#set system host-name vyatta.pw.in
[edit]
vyatta@vyatta#set system name-server 8.8.4.4
[edit]
vyatta@vyatta#set system name-server 8.8.8.8
[edit]
vyatta@vyatta#commit
[edit]
vyatta@vyatta#save
Saving configuration to '/config/config.boot'...
Done
[edit]
How to install vpn on vyatta
vbash-4.1# ifconfig
eth0 Link encap:Ethernet HWaddr 9e:a3:c0:a8:76:3d
inet addr:192.168.1.25 Bcast:192.168.1.175 Mask:255.255.255.240
inet6 addr: fe80::9ca3:c0ff:fea8:763d/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3787 errors:0 dropped:0 overruns:0 frame:0
TX packets:2780 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:583364 (569.6 KiB) TX bytes:386117 (377.0 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:11498 errors:0 dropped:0 overruns:0 frame:0
TX packets:11498 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:690544 (674.3 KiB) TX bytes:690544 (674.3 KiB)
Welcome to Vyatta
Linux vyatta.bw.ae 3.3.8-1-586-vyatta #1 SMP Wed Mar 13 10:35:45 PDT 2013 i686
Welcome to Vyatta.
This system is open-source software. The exact distribution terms for
each module comprising the full system are described in the individual
files in /usr/share/doc/*/copyright.
Last login: Mon Apr 21 06:23:38 2014
vyatta@vyatta:~$ configure
[edit]
vyatta@vyatta# set vpn ipsec ipsec-interfaces interface eth0
[edit]
vyatta@vyatta# set vpn ipsec nat-traversal enable
[edit]
vyatta@vyatta# set vpn ipsec nat-networks allowed-network 0.0.0.0/0
[edit]
vyatta@vyatta# set vpn l2tp remote-access outside-address 192.168.1.25
[edit]
vyatta@vyatta# set vpn l2tp remote-access outside-nexthop 192.168.1.1
[edit]
vyatta@vyatta# set vpn l2tp remote-access client-ip-pool start 10.12.12.1
[edit]
vyatta@vyatta# set vpn l2tp remote-access client-ip-pool stop 10.12.12.126
[edit]
vyatta@vyatta# set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret
[edit]
vyatta@vyatta# set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret 14HG&^G%rf
[edit]
vyatta@vyatta# set vpn l2tp remote-access authentication mode local
[edit]
vyatta@vyatta# set vpn l2tp remote-access authentication local-users username user1 password prav_PASSWORD
[edit]
vyatta@vyatta# set vpn l2tp remote-access authentication local-users username user2 password 9&YHGFjh78p
[edit]
vyatta@vyatta# commit
[edit]
vyatta@vyatta# save
Saving configuration to '/config/config.boot'...
Done
[edit]
======================================================================
Now your Vyatta remote-access VPN should be fully configured and functional!
The Whole Configuration:
vyatta@vyatta: configure
[edit]
vyatta@vyatta#
set vpn ipsec ipsec-interfaces interface eth0
set vpn ipsec nat-traversal enable
set vpn ipsec nat-networks allowed-network 0.0.0.0/0
set vpn l2tp remote-access outside-address 1.1.1.20
set vpn l2tp remote-access outside-nexthop 1.1.1.1
set vpn l2tp remote-access client-ip-pool start 10.0.0.100
set vpn l2tp remote-access client-ip-pool stop 10.0.0.120
set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret
set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret P@SSW0RD
set vpn l2tp remote-access authentication mode local
set vpn l2tp remote-access authentication local-users username USER1 password US3R1
set vpn l2tp remote-access authentication local-users username USER2 password US3R2
commit
save
exit
===================================================
**Optional Settings:
Specify DNS servers to be used while connected to the VPN
set vpn l2tp remote-access dns-servers server-1 DNS_SERVER1_IP
set vpn l2tp remote-access dns-servers server-2 DNS_SERVER2_IP
Specify WINS server to be used while connected to the VPN
set vpn l2tp remote-access wins-servers server-1 WINS_SERVER1_IP
set vpn l2tp remote-access wins-servers server-2 WINS_SERVER2_IP
Specify the Message Transmission Unit (MTU)
IPv4 packets larger than the MTU will be fragmented unless the DF bit is set. In that case, the packets will be dropped and an ICMP “Packet too big” message is returned to the sender.
set vpn l2tp remote-access mtu <128-16384>
For information on setting up the client-side of the remote-access VPN, check out my guides on Mac and Windows Clients:
Comments