Dear all,
Per asking from some of my friends, today I am gong to share with you the way to configure client-to-site VPN with X.509.
-
Configure X.509:
1.1 go to the directory /usr/share/doc/openvpn/examples/easy-rsa/2.0/
1.2. copy all files and sub-directories to /config/auth
1.3. go to the directory /config/auth
1.4. Modify the file ./vars according to your organization/private information
1.5. set variables with : source ./vars
1.6 build Diffie-Hellman file with: ./build-dh
1.7. Build CA with : ./build-ca
1.8. Build server key: ./build-key-server Name-of-Vyos-box
1.9. Build client key: ./build-key Name-of-Client
Now all CA and keys are in /config/auth/keys -
Configure VPN server:
root@DFVN-VPN-GW# show interfaces openvpn vtun0
description “ABC Company - VPN Remote Access”
mode server
openvpn-option “–push route 1.2.3.4 255.255.255.0”
openvpn-option “–push dhcp-option DNS 5.6.7.8”
protocol tcp-passive
server {
subnet 2.4.6.0/24
}
tls {
ca-cert-file /config/auth/keys/ca.crt
cert-file /config/auth/keys/Name-of-Vyos-box.crt
dh-file /config/auth/keys/dh1024.pem
key-file /config/auth/keys/Name-of-Vyos-box.key
} -
Configure on VPN Client
3.1 Install OpenVPN client on your Windows box
3.2 Download 3 files ca.crt, Name-of-Client.crt and Name-of-Client.key from Vyos box to a local folder of your windows box
3.4 The openVPN client configuration is similar to below:client dev tun proto tcp remote your-public-IP 1194 ca "C:\\CA\\ca.crt" cert "C:\\ca\\Name-of-client.crt" key "C:\\ca\\Name-of-client.key"
Run the OpenVPN Client then connect
Have fun with OpenVPN client-to-site with X.509.