Hi,
I’m trying to use VyOS to create an OpenVPN tunnel to a VPN provider. Specifically PIA but the same question would apply to others like VyprVPN.
Providers like these two don’t create client certificates and instead have clients authenticate with a username/password.
I have a Ubiquity EdgeRouter Lite which I have used to configure a client connection and I am able to route traffic out through the VPN. Unfortunately, the performance is rather low because the hardware on the EdgeRouter Lite seems underpowered to encrypt data fast enough. Seeing how EdgeOS is a fork of Vyatta and VyOS is a fork of Vyatta, I’m hoping to run an instance of VyOS inside VMware on a powerful computer in my house to do the OpenVPN tunneling–at hopefully much faster speeds. If it works, I’ll have my EdgeRouter route traffic to VyOS which will route the data out through PIA.
This page describes how to easily configure a Ubiquity router to work with PIA. The important detail is that the config ends up with an entry like:
interfaces {
[...]
openvpn vtun0 {
config-file /config/auth/pia/USEast.ovpn
}
}
And the ovpn file looks like this:
client
dev vtun
proto udp
remote us-east.privateinternetaccess.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca /config/auth/pia/ca.crt
tls-client
remote-cert-tls server
auth-user-pass /config/auth/pia/pw.txt
comp-lzo
verb 1
reneg-sec 0
crl-verify /config/auth/pia/crl.pem
route-nopull
Is it possible to do something similar with VyOS? I tried but wasn’t able to use config-file as a way to set up an OpenVPN client. I would be ok putting all these options into the VyOS configuration but the validation at configuration commit time is saying that I need a client certificate when using tls. I can only use auth-user-pass mode so I think this is going to end up as a feature request for VyOS.
Thoughts?