I’m quite new to setting up routers and VPN’s so please bear with me on this one.
My goal is to make a VyOS setup where if I’m connected to a certain segment of the network have all public network traffic routed over a VPN provider. I opted to use NordVPN as I already have a subscription to it, and they have a guide on setting up a similar thing in PfSense
I’m currently running into the issue where setting up the site-to-site mode in OpenVPN, VyOS complains that a tls cert-file and tls key-file are required, however I do not have access to these as NordVPN only provides a username and password.
I tried contacting NordVPN’s support, however they just told me to “install the NordVPN software” over my VyOS instance (which completely screws up every single other configuration on the system, so that’s a dead end for me).
Hi @will2n1 , could you please tell me what the exact issue is? I’ve tested the same configuration you’ve provided on the VyOS 1.3 and it’s successfully committed:
set interfaces openvpn vtun0 authentication password 'test1'
set interfaces openvpn vtun0 authentication username 'test1'
set interfaces openvpn vtun0 hash 'sha512'
set interfaces openvpn vtun0 ipv6 disable-forwarding
set interfaces openvpn vtun0 local-address 10.1.4.1
set interfaces openvpn vtun0 mode 'site-to-site'
set interfaces openvpn vtun0 openvpn-option 'allow-compression no'
set interfaces openvpn vtun0 openvpn-option 'persist-key'
set interfaces openvpn vtun0 openvpn-option 'persist-tun'
set interfaces openvpn vtun0 openvpn-option 'cipher AES-256-CBC'
set interfaces openvpn vtun0 openvpn-option 'script-security 2'
set interfaces openvpn vtun0 openvpn-option 'route-method exe'
set interfaces openvpn vtun0 openvpn-option 'key-direction 1'
set interfaces openvpn vtun0 openvpn-option 'route-delay 2'
set interfaces openvpn vtun0 openvpn-option 'mssfix 1450'
set interfaces openvpn vtun0 openvpn-option 'keysize 256'
set interfaces openvpn vtun0 openvpn-option 'sndbuf 524288'
set interfaces openvpn vtun0 openvpn-option 'rcvbuf 524288'
set interfaces openvpn vtun0 openvpn-option 'fast-io'
set interfaces openvpn vtun0 openvpn-option 'verb 3'
set interfaces openvpn vtun0 openvpn-option 'auth-retry nointeract'
set interfaces openvpn vtun0 openvpn-option 'route-nopull'
set interfaces openvpn vtun0 openvpn-option 'tun-mtu 1532'
set interfaces openvpn vtun0 openvpn-option 'nobind'
set interfaces openvpn vtun0 persistent-tunnel
set interfaces openvpn vtun0 protocol 'udp'
set interfaces openvpn vtun0 remote-address '10.2.4.1'
set interfaces openvpn vtun0 remote-host '192.168.0.2'
set interfaces openvpn vtun0 remote-port '1194'
set interfaces openvpn vtun0 shared-secret-key-file '/config/auth/test1.key'
The only differences I think are user/pass/key fields and IP addresses. If the configuration is accepted but a connection is not being established, then please provide the logs for a more detailed view of your issue.
@e.khudiyev Apoligies, I uploaded the wrong version of the configuration as it would not commit and I was very tired when making this post; instead of the shared-secret-key-file it should be as follows:
