VPN configuration


#1

Hi,

i’m currently running vyatta 6.6R1, and i’m asking this here because the vyatta.org forum doesn’t seem to allow me to create new posts.
i’ve only just found out about vyos, so still need to look at whether i should switch over or not.

is it possible to run a vyatta router as both a site-to-site ipsec vpn and as an LP2T/IPSec vpn server for multiple individual pc’s to vpn into?
(all while not blocking normal non-vpn traffic.)

on the datacentre side i am running two vyatta routers with failover using vrrp, do i just configure each one as normal, and connect to the vip? or do i need to connect to the physical ip of either one?

also for assigning ip’s to connected vpn clients, can i assign an ip based on the user id that logged in? ideally, i’d want to restrict some users that might need to vpn in, to access to specific servers on our network, which is easy if i know their assigned ip.

thanks.
lee.


#2

Yes. See Vyatta-VPN_6.5R1_v01.pdf or equivalent.

Il2tp {
    remote‐access {
        authentication {
            local‐users {
                user‐name user‐name {
                    password password
                    static‐ip ipv4
                }
            }
        }
    }
}