Remote OpenVPN on Softlayer Vyatta

On By insidepacketIn Vyatta

OpenVPN is an advanced open source VPN solution backed by ‘OpenVPN technologies’ and which is now the de-facto standard in the open source networking space. Uses the proven SSL/TLS encryption protocol.

Today, i will show you how to configure remote OpenVPN on Softlayer Vyatta gateway. This will give you secure access to your computing resource on Softlayer from anywhere on any device (Android, iphone, ipad, PC) at any time.

 

The configuration is quite straightforward. Below is configuration example of OpenVPN.

In this configuration,

1. OpenVPN client will be allocated one IP from subnet 192.168.100.0/24 and will use OpenVPN as their new default gateway;

2. NATing is used to provide the Internet connectivity for OpenVPN clients.

3. Certificate based authentication is used

4. OpenVPN is listening to TCP port 443. (Yes, same port as SSL/TLS)

set interfaces openvpn vtun0 local-port ‘443’

set interfaces openvpn vtun0 mode ‘server’

set interfaces openvpn vtun0 protocol ‘tcp-passive’

set interfaces openvpn vtun0 ‘replace-default-route’

set interfaces openvpn vtun0 server name-server ‘8.8.8.8’

set interfaces openvpn vtun0 server subnet ‘192.168.100.0/24’

set interfaces openvpn vtun0 server topology ‘subnet’

set interfaces openvpn vtun0 tls ca-cert-file ‘/config/auth/ca.crt’

set interfaces openvpn vtun0 tls cert-file ‘/config/auth/longbowkey.crt’

set interfaces openvpn vtun0 tls crl-file ‘/config/auth/ca_crl.pem’

set interfaces openvpn vtun0 tls dh-file ‘/config/auth/dh1024.pem’

set interfaces openvpn vtun0 tls key-file ‘/config/auth/longbowkey.key’

set nat source rule 10 outbound-interface ‘eth1’

set nat source rule 10 source address ‘192.168.100.0/24’

set nat source rule 10 translation address ‘masquerade’

Client end Softlayer recommendation:

iphone and ipad users: OpenVPN

Android: OpenVPN for Android (I recommend this software due to its richer configuration options)

OpenVPN for Android

If you are not really comfortable about PKI (CA, private key, certificate), you can use username/password for authentication.

BTW X Certifcate and Key Management is a good start point if you want to learn and have handson expereience about PKI. http://sourceforge.net/projects/xca/

X Certifcate and Key Management

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s