Hi Everyone, I need help with a new implementation of VYOS (1.4) with routing and VPN. Iam trying to implement a VPN L2TP and internal route to a server using this configuration
1- Configure IP address on both interfaces
set interfaces ethernet eth0 address <EXTERNAL_IP_ADDRESS>
set interfaces ethernet eth0 description “External”
set interfaces ethernet eth1 address “192.168.225.1/24”
set interfaces ethernet eth1 description “VMNet01”
set protocols static route 0.0.0.0/0 next-hop <External_IP_Gateway>
2- Set the ssh service
set service ssh port 22
set service ssh listen-address 0.0.0.0
3- DNS forwarding
set service dns forwarding system
set service dns forwarding name-server 8.8.8.8
set service dns forwarding name-server 8.8.4.4
set service dns forwarding listen-address 192.168.224.1
set service dns forwarding allow-from 192.168.224.0/24
5- Configure redirection through the l2tp
set nat source rule 10 description “Configure L2TP redirection”
set nat source rule 10 outbound-interface ‘eth0’
set nat source rule 10 source address <VPN_IP_POOL>
set nat source rule 10 translation address masquerade
6- Configure L2TP VPN Access
set vpn ipsec interface eth0
set vpn l2tp remote-access outside-address <EXTERNAL_IP_ADDRESS>
set vpn l2tp remote-access client-ip-pool start <VPN_POOL_START>
set vpn l2tp remote-access client-ip-pool stop <VPN_POOL_STOP>
set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret
set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret Thi$I$my$3cr3t
set vpn l2tp remote-access authentication mode local
set vpn l2tp remote-access authentication local-users username user password ‘P4$$w0rd’
7- Configure firewall
set firewall name OUTSIDE-IN default-action “drop”
set firewall name OUTSIDE-IN rule 10 action “accept”
set firewall name OUTSIDE-IN rule 10 state established “enable”
set firewall name OUTSIDE-IN rule 10 state related “enable”
set firewall name OUTSIDE-IN rule 90 action “accept”
set firewall name OUTSIDE-LOCAL default-action “drop”
set firewall name OUTSIDE-LOCAL rule 10 action “accept”
set firewall name OUTSIDE-LOCAL rule 10 state established “enable”
set firewall name OUTSIDE-LOCAL rule 10 state related “enable”
set firewall name OUTSIDE-LOCAL rule 20 action accept
set firewall name OUTSIDE-LOCAL rule 30 action ‘accept’
set firewall name OUTSIDE-LOCAL rule 30 protocol ‘esp’
set firewall name OUTSIDE-LOCAL rule 40 action ‘accept’
set firewall name OUTSIDE-LOCAL rule 40 destination port ‘500’
set firewall name OUTSIDE-LOCAL rule 40 protocol ‘udp’
set firewall name OUTSIDE-LOCAL rule 50 action ‘accept’
set firewall name OUTSIDE-LOCAL rule 50 destination port ‘4500’
set firewall name OUTSIDE-LOCAL rule 50 protocol ‘udp’
set firewall name OUTSIDE-LOCAL rule 60 action ‘accept’
set firewall name OUTSIDE-LOCAL rule 60 destination port ‘1701’
set firewall name OUTSIDE-LOCAL rule 60 ipsec ‘match-ipsec’
set firewall name OUTSIDE-LOCAL rule 60 protocol ‘udp’
set firewall name OUTSIDE-LOCAL rule 70 action ‘accept’
8- Activate firewall
set interfaces ethernet eth0 firewall in name “OUTSIDE-IN”
set interfaces ethernet eth0 firewall local name “OUTSIDE-LOCAL”
However, I have these problems
1- Need route the internet directly, not through the vyos
2- I unable to go to the internal network that is on eth1, it has PING - SQL and RDP enabled, but I cant.
What I am missing?
Any help will be appreciated
Regards
Daniel.