blob: 0322b30132df927151cabeb6c09c528dbf7dc22e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
|
.. _examples-OpenVPN-with-LDAP:
#################
OpenVPN with LDAP
#################
| Testdate: 2023-05-10
| Version: 1.4-rolling-202304280615
This LAB show how to uwe OpenVPN with a Active Directory authentication backend.
The Topology are consists of:
* Windows Server 2019 with a running Active Directory
* VyOS as a OpenVPN Server
* VyOS as Client
.. image:: _include/topology.png
:alt: OpenVPN with LDAP topology image
Active Directory on Windows server
==================================
The Lab asume a full running Active Directory on the Windows Server.
Here are some PowerShell commands to quickly add a Test Active Directory.
.. code-block:: powershell
# install the Active Directory Server role
Install-WindowsFeature AD-Domain-Services -IncludeManagementTools
# install the Active Directory Server role
Install-ADDSForest -DomainName "vyos.local" -DomainNetBiosName "VYOS" -InstallDns:$true -NoRebootCompletion:$true
# create test user01 and binduser
New-ADUser binduser -AccountPassword(Read-Host -AsSecureString "Input Password") -Enabled $true
New-ADUser user01 -AccountPassword(Read-Host -AsSecureString "Input Password") -Enabled $true
Configuration VyOS as OpenVPN Server
====================================
In this example OpenVPN will be setup with a client certificate and username / password authentication.
First a CA, a signed server and client ceftificate and a Diffie-Hellman parameter musst be generated and installed.
Please look :ref:`here <configuration/pki/index:pki>` for more information.
| Add the LDAP plugin configuration file `/config/auth/ldap-auth.config`
| Check all possible settings `here <https://github.com/threerings/openvpn-auth-ldap/blob/master/auth-ldap.conf>`_
.. literalinclude:: _include/ldap-auth.config
:language: none
Now generate all required certificates on the ovpn-server:
first the PCA
.. code-block:: none
vyos@ovpn-server# run generate pki ca install OVPN-CA
after this create a signed server and a client certificate
.. code-block:: none
vyos@ovpn-server# run generate pki certificate sign OVPN-CA install SRV
vyos@ovpn-server# run generate pki certificate sign OVPN-CA install CLIENT
and last the DH Key
.. code-block:: none
vyos@ovpn-server# run generate pki dh install DH
after all these steps the config look like this:
.. code-block:: none
set pki ca OVPN-CA certificate 'MIIFnTCCA4WgAwIBAgIUORUZbBsuy0QupoJFJgXenSJ9AQQwDQYJKoZIhvcNAQELBQAwVzELMAkGA1UEBhMCR0IxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAcMCVNvbWUtQ2l0eTENMAsGA1UECgwEVnlPUzEQMA4GA1UEAwwHdnlvcy5pbzAeFw0yMzA1MTAxMzQ5MDlaFw0zMzA1MDcxMzQ5MDlaMFcxCzAJBgNVBAYTAkdCMRMwEQYDVQQIDApTb21lLVN0YXRlMRIwEAYDVQQHDAlTb21lLUNpdHkxDTALBgNVBAoMBFZ5T1MxEDAOBgNVBAMMB3Z5b3MuaW8wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCsL2Xui58HXpl+jreqRxYfNDx1ER7umJ0iPw2dyBuJhP1Hy7vlwyZRvdRQd2AexK1BU2lTkYMWh58BU/dxmnnVhfwr34wUYP6Cs10tKhOxTNj/87wfCBU1sCfvO77lPSNP9q/Ad7ZCF3K5Aruc6yO7i8Kx5mR9wysgNaVQQWCsZHKB91ZsviIsK51rVYNxF9WDxAP0Ms0pO/faSAFf70JbMG2jvRTAgQJ/+R+XXB/Rvg3cJrTYeSeFn+9len5N4HQgraw3tq/OLePYaZBew7a+GZ7YRsVdJbwq2Ch5lRN/jZxAyv4WJoMNEGJvb5I8pj/F3ECg6NcEmXaSnRXIO6eaq1v/huIsxNnWT9ns+/JB7OBDmZ88iMKP9z37X/AMwLKhcqjMGE9tR8zOMld2vqNgk6bhBzz28WJ6FT3bI30RT2fq+mnvS7rVFVyCMlruRg8jIkwa0sictXsO8rl+5i1L+44DC+L7YIlGykAMhc+V1AD3nXRz6sQH6O8Esr5hS2t3zEjcQ/jN0amlAKs8KLPaYh+Ui0E1gx0H7wGfVEVQ48IweIrRrZ0h9BG2i/9eHaM0kQjUP+I+P00dP6LdOawLWhzNQ8+9ES+1EAP088XpKK4jw9m+o6goqaLqHN0QBrfW8wSyMFE4wYin3dYGcykWqyx6Up14DGbF0iBCKSRVQwIDAQABo2EwXzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwHQYDVR0OBBYEFG1bKeDc0O/cCwaarX59BCMSJDujMA0GCSqGSIb3DQEBCwUAA4ICAQBWI+p8tBzy6CO8ImP5DBQFwnVBv+6T59na2JrEq7nZk0aBITWh9PRp5w+ZOe+cL9jHZEJNoaSjq3/bkF/CSKCIoa0YiZX/MAs4d/EnttRhcudwgTbE6q0tIKDLlxoYI0Gpo7j48W1rPd0FKAc7igy4eQKOwDmqqG9gVmNTyyrT1pVvaic7Ok/c1QmVOEub0f7kW2EA4Zk9+HUVGHYdp3WfOX8QCI5nTrAO6YJrw+d1BUly6krnb7NWDkWarJ51e6TAR1dz4zp++jhNVssEHbLQyA7+HzWnRSbxYndxCPBnoXjQRwx8/3uUubj9l3CDIb1424D0sm8TNslhElD41/Ir1uQ/RRt15O1CKQJg6mpvDtgrOik+vpUMqBDYGQ38XgqzHYV1klCjo5NlNP33TRvlQe9B6LtxzBZvoxBfxYDIheSRdPbKP8DEHZ6z9d0d1Ubo/waExlcrUfBt4bbxNebsx9nuvVl8hl0R0iEInMjN3jaPrSrUEsPcXpBVL+VhzuWG7zTfGGUVIB+5UC/VCiFP+9LPqsfgBvXKIfIlj2dbLJOsoxZrJtXq7Jvdn7NqFo7vR0hw+YIzmnCFAGpTx6yuWpjuf2y5dY48iTfMuP2vUoGRxoO+8wFQONj4psAD524SnOpEwYw+3fuw+P5zC6hT9y4XkZKsEnu6nJjB8T0BlA=='
set pki ca OVPN-CA private key 'MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCsL2Xui58HXpl+jreqRxYfNDx1ER7umJ0iPw2dyBuJhP1Hy7vlwyZRvdRQd2AexK1BU2lTkYMWh58BU/dxmnnVhfwr34wUYP6Cs10tKhOxTNj/87wfCBU1sCfvO77lPSNP9q/Ad7ZCF3K5Aruc6yO7i8Kx5mR9wysgNaVQQWCsZHKB91ZsviIsK51rVYNxF9WDxAP0Ms0pO/faSAFf70JbMG2jvRTAgQJ/+R+XXB/Rvg3cJrTYeSeFn+9len5N4HQgraw3tq/OLePYaZBew7a+GZ7YRsVdJbwq2Ch5lRN/jZxAyv4WJoMNEGJvb5I8pj/F3ECg6NcEmXaSnRXIO6eaq1v/huIsxNnWT9ns+/JB7OBDmZ88iMKP9z37X/AMwLKhcqjMGE9tR8zOMld2vqNgk6bhBzz28WJ6FT3bI30RT2fq+mnvS7rVFVyCMlruRg8jIkwa0sictXsO8rl+5i1L+44DC+L7YIlGykAMhc+V1AD3nXRz6sQH6O8Esr5hS2t3zEjcQ/jN0amlAKs8KLPaYh+Ui0E1gx0H7wGfVEVQ48IweIrRrZ0h9BG2i/9eHaM0kQjUP+I+P00dP6LdOawLWhzNQ8+9ES+1EAP088XpKK4jw9m+o6goqaLqHN0QBrfW8wSyMFE4wYin3dYGcykWqyx6Up14DGbF0iBCKSRVQwIDAQABAoICABBB3L90WlxmmlqLMhyMirJWixtzNYxJ8j2As5HsChbmwh1XHKjEehKUuFOtTxuImWKGHsyU/B9n8w474IH5l7rz5CE7rFe46BRCHYWSp/pWav9mWCLxRJi68az9DfifWFKyqYR5fnFovQcVPXlC8FmYXWvQ+OMGRu+gcQ6N+wk75giPEw9rDQHw+kjfRuz/gZmSgTG7jDMc+47AvAnT/DFs9fp+81MmZdcxwpcBdpWl+rFdzDcg3/zrYr3zngekrizvCPLXt8C2r4EdnSkoFHyIIb8s63HwiqmG8Edj2SFIJx0tArw9AE7+9t8BAKSOU+N5eMwDQANUqWU4Gg2Q/bGNX7G8E9nm4/DvGarNjSitVaLeLeJqLxSOz2jmCq1rvi92m4sY42kAhM8JXTfN5KnZOF9TUumm4CbzO1zuP/E8QFQZL2BJCpYKIKJ5fNjDvHMSehodGxYV3nbmfNqQpFq1I33OwDteJf6mjEZVrbF3CutM0+lDXeR+Vhp/6MeuDC4FJ0ZF2Ixpw0o3OBn9Yb808TwAmLgFGycTD1OFujvR0K30fhwJ2HPkUnQmErUWjuCZ/qlohmX7RM3ffioq7LyeeHeSykwrd4v2BJjW711lLvnp1Stfj+xLO1RdbKjh6q8TxJj9+NHAvVguPVNGkvs5o2UAfE1bvFDCd1mSBxFVAoIBAQDTMXs6xE/RcSlecV544Pq0NRYMidO3M2cqox19vxSJf1U2AyPYD5SHeDwyAwMP6cJ4kd8rK4yoXWruKpNSt7BAvy0q0TWBjFsbTRH6aPsE1S9hyIXj3GKoBt6j1SzNiIGsU5V+t0c7JTTCbxnvRNfhFth7Kqymh/37NIDm+iE/HILA/yBfafvQF/a3HsmwdkcvWiZLNIVYMGZsn5G1eNfJw5M7m/15qYBDf6iV2bCuj+VowIDLHh9jGyNyxJ0u906De9w/0wiD50Bm8G31W5dIsz9UzBHBKwTe9Ubnd4cearxqpi0Zc7EBSNJExR8FGeQJ/5QFGWabKLm0VzRbBbHfAoIBAQDQt0WfPgQ5Gw5bfpyYygNi2snFSkkFkf9Ch2SOhWrTLGhmFlhBTdd4wjIUyNKuQe09keKhPBrMc4yMLmSQZTKocry2ydzOqXFq+ECWhVixvbp0nFpH1ClMh5EnabbLcOAQdZyysy7/Lt//L7pKTpFuJrk9TxAzLRa5QG8tussJMNC0xJxCYc+rZ4087JCxOFEwbCArIIqqLQu3CEmURdroniNybHIArAyPyHkbEDvEusuPU/uk7jc94djbM6s2BN9Y8gOWbw7K+swm0NCUH5pend1OHIMlI83SfEjCjFzwrRl+VhcLjRhCW9UXUV36LI1hQ+c9FfGSKPY7oyRu/LEdAoIBAEO/KLeWR8B423tnRJXkHaf3K4aEI/0tqRd9UbWHuS/OP+heo33oqY23XR/x5WaSZwbETGGNy8YqiWWzFKVBNXHfob6Nc+uFuagNVgoM6REIzfVBHOoWRTN/WKYXeRLJikdcXKVUZ64qZj1E5H3jiJi0+mawLsgQ8cFGe18ct9OF8s+0R48z8Uo0lbjyUGKh3n3rHkObqna6t/B6U4RyKk6XxUAm7u27GOEOL2c6eLnWgRHURrxhglIJX5quRXnObUoyTlnO+XlOklMzJyLA6cuxbExoVf2wLhTTe5Y+uoJgXOadPfRfL1WpJYJX9XZucr9eU/46wrZdHw0huDLGpeMCggEAWgwoMor8IXMl352hjF3j1huU39Sr6oZRve9SGBdBvngzVpAfZZVi+Eu4dbUrCFmTNHQjdfLLkRftNHGzm4S9tWVDPA2dgWAjecY/f3FqkczMjBEE9mZ3pvf6TSnT3rQFR7SmdYbPKPOdWqjJ09NP9VkppGTfFWVHn4dIME+d14pDESqeTBmNEmNr0TQzPPKSPLT5sAGrMb6bhk1CCYGV77SCkJRvHxEbnlEcxutbDgaVWnIeaMsJ9F3jRLdnD7hMcECCAb5KgJJxz/FZe/6iiF3NpCyy/CwVWdGbRqxuULwt+o7EBIzMQZ0DM7s8M3pTSPqV4on8HlYj3hkF2AiXlQKCAQEAl/1xRGHZ1yGkX812AVfy4tZaPImhGcM3tQdBvfAIuEWb6veoBC50BoCO6hyO5yEHQWWniSDcueIUNJuRxOHES+UUV0c7JtI5BaTUYiMuFlYoAJoUann9fpMnxRdKKvWNyVg/j4cLjO5jcYVLfQAPGujJyPAPlWvNZYSuRHcIWs+bX1hsv26047gAmOHlxkvgQicD805AX9G02pHTpoYF436HCSneOrUm6z3xKbVJCKsAGgYch67R1rC9Z8USLRB5mKZ8G8LPQRKjgW5bFM8oDUbmcmy56LKQeOEqC59LGClEWoYyR6vMQBXPg7de+2zzQyh+zk1paXHc+s3p4vc7dQ=='
set pki certificate SRV certificate 'MIIFtTCCA52gAwIBAgIUZJNkauiY/nr9YRSXB0LGtSaCay0wDQYJKoZIhvcNAQELBQAwVzELMAkGA1UEBhMCR0IxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAcMCVNvbWUtQ2l0eTENMAsGA1UECgwEVnlPUzEQMA4GA1UEAwwHdnlvcy5pbzAeFw0yMzA1MTAxMzQ5MTlaFw0zMzA1MDcxMzQ5MTlaMFsxCzAJBgNVBAYTAkdCMRMwEQYDVQQIDApTb21lLVN0YXRlMRIwEAYDVQQHDAlTb21lLUNpdHkxDTALBgNVBAoMBFZ5T1MxFDASBgNVBAMMC292cG4tc2VydmVyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAsSiZK5zaOJrtCiWAsQFZaGtbAOM4xzfwW871A/p1cfmEsQ2sso71TVY6j2VHzN+LyZe8nfyUK+tTx0PrkoHaH3e2S4/3hqiPFhedLXffjMEqEfTfYjNLyzFc6Zfmez4UB+ehLlSWlOkhqIUTiWVz7HyI51C68vYkH7jpgkM8AZta98F/SbgvViFZAcrq3Tq8zO/lrd9/8heScYAgmBLxklKXxYW2GDwBFOnbITz/nFSgg8w+Y3pDPOnXe7H0aufI5GK8SvuxNK2Is8g3YvyF9UQwIJPZYy2Pn8Av5i/GHZC0qu/d76+18OdrXELC5dSCyGfqj2DQ/SJXPqlgwgVBqPcp3lhoycD68aGf+uedu6aWUldglYlij8ubxIL8kHnJK32MDoIGq5wDwdKBmknLkt+ja3uOG+9lyjbh40im+u2efkzK0cVBfJzOQQhs0cSbWSjhebsvzFZGg6G3gGhnRo13s2DVJJKm+5VruUFxmRRgTM3TpKz/YZHvtapfyOiTs63ezG/OR1pUk1u2HuFDmfbY4ytAWkJrjK1R9ap9p0t9QenXgHAzPd/GudYnJ3FS0SUrjWswbg5HrhZupjvP3X04pQ0LRfU6VimykyXBeP2qd2wPDGywIQmGG+O0lnWo4GZcwHbFJOq/eGCvMFMWlY+Wvc9bPCCgsFOcn8aM34sCAwEAAaN1MHMwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwHQYDVR0OBBYEFFnsRTERh8wQZAHlQE0cvQgINyHmMB8GA1UdIwQYMBaAFG1bKeDc0O/cCwaarX59BCMSJDujMA0GCSqGSIb3DQEBCwUAA4ICAQCY/ZezExvFSXU3Y+vKHlL9AJp25yaVn6MdQmpX/YTM19HQcL64MP2M0uMTUzi0OlG7WP3Ka5wYH+3R++4VLPqygZ5DArFxtv34matKQVTKmf3S+0iVReLqyFBfTlvHBXXce+ksOqyHrg9B0teND7wNmpbL/Dzg41jacZTeWAY+8PShDY5wVFfp3MJt1Lm19nNcMbe/hMeffBY2CQgGx3Lp7YQepxwGhTxf/w2kNBjVUXkXqIGNc9/cQMU+HWnMGTMa1XREXAH9dSM7ME2JD/HKIPNgVkQuXs7AsGCbCTrXfIjEv7/4uSE6cMM/0WoU/Cj2gddnLsHcsrBu0WfoRbeR6+ZCeoDDz5ZRnGkkOXFldRswZRun9gh5MMjcHw3y4zeGm8YwxIDA6GzE03D8ROFrFiCHqylkCy8kSP/B0Uw5Nu8WuQPN6RfX90RMKf+BwHdipqL1g30ILgy6yZ2Geb9zJfwGoN0w1IKesEubJwAXp1iyujwPH+QvvH3HK0p83hyiHpkRqKWs6xTEPdtlDEf+w6bKO67yySIpdSlBGopNmG/1Y5gXheMcIUu152VuwJRxdyld1RmN1vG/5UWZqwO4XZJ8CUO5VWMDtCOOUOIezuquU0d11Lj0cj/bKnHcW6V7YUIWazgJLnrA9aYVfN5ErKWPK+ceQeLf6mhStwLcqA=='
set pki certificate SRV private key 'MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCxKJkrnNo4mu0KJYCxAVloa1sA4zjHN/BbzvUD+nVx+YSxDayyjvVNVjqPZUfM34vJl7yd/JQr61PHQ+uSgdofd7ZLj/eGqI8WF50td9+MwSoR9N9iM0vLMVzpl+Z7PhQH56EuVJaU6SGohROJZXPsfIjnULry9iQfuOmCQzwBm1r3wX9JuC9WIVkByurdOrzM7+Wt33/yF5JxgCCYEvGSUpfFhbYYPAEU6dshPP+cVKCDzD5jekM86dd7sfRq58jkYrxK+7E0rYizyDdi/IX1RDAgk9ljLY+fwC/mL8YdkLSq793vr7Xw52tcQsLl1ILIZ+qPYND9Ilc+qWDCBUGo9yneWGjJwPrxoZ/65527ppZSV2CViWKPy5vEgvyQeckrfYwOggarnAPB0oGaScuS36Nre44b72XKNuHjSKb67Z5+TMrRxUF8nM5BCGzRxJtZKOF5uy/MVkaDobeAaGdGjXezYNUkkqb7lWu5QXGZFGBMzdOkrP9hke+1ql/I6JOzrd7Mb85HWlSTW7Ye4UOZ9tjjK0BaQmuMrVH1qn2nS31B6deAcDM938a51icncVLRJSuNazBuDkeuFm6mO8/dfTilDQtF9TpWKbKTJcF4/ap3bA8MbLAhCYYb47SWdajgZlzAdsUk6r94YK8wUxaVj5a9z1s8IKCwU5yfxozfiwIDAQABAoICAC+4fWX7lua3iNF6X6uObvyLKpTXICS9wz+fxG1BaqB8c4tT4SiqDJa7+wNEZ25e6yMu/e5aqrkX51XeTFcHJm/iidbZ3XXG8uAjFUI5r5yVLdVvbjrgEXMXBW2g7sNU6gVlFgxKWdOb5uajjistCmhx9VjF7M3kkr9+ylu966yNIhhp5XVAqXOcgQLUG6bjGxdjKa3H7gmS4u4y8tS0CaF+IQbiaTYm962f/th5u2rret91xXp7ZSBD5zkZKvsfG4S1uf3Cxa2obxHqhUzjM9xo9UPZP64RCEaieOSbCtVM9PW0rkZRwQM2+zr7es95Co+cOllL3Y/KT9D/xCIPU2uSrVisdqi3TPHOn96GOlYvenIMsIauuR1KI2Ai9H380xVdFUv655eJZ5ASIosr8AL9hOxZNV/VeYHPWajhSa+P6MFZx4jFeXIbxt1BioeL6izbmFdxTgYDAhjZGWw2irnBuIcM6j8r6xom0Nfa8SbTgkf3M4yjYk4MP+rkCW8jhpZMqcvQPpWCbq5HEgNIKBrxkQo87Rphocn4KuxZ70lTpPE/4iOABadqreLPYqp9VTd5bvApKCdFZdnF9DdoHUBpDbNqbj85W8E2WMCJBrZZfTUIV05klQ0JM1cbQXyRz1BwhvuGDxEP2nQRQYbWeBfbDg0tXBuIwOZqIp9Om/kVAoIBAQDEwjW8YDAjKbgOvcd18pGG7E8xB6s0Tpo3AKvOezg4Z1yWeCx4eM6kKXxsHBAHb1fpxL0mkDusr0NgZyW4EuTl+EdQHu0i03YfayfLMSKLPtcqtamyPlCsRnHw6TdfblRfVk5URpF656M6fIKXokc/4yhYOCAWGHPQWgZpWeOlWtTMKRiDqJGO+VbRw8rNBcq5i7hnvH8ESLQrwS4EIOVvmdypod4UpML26EEfNKJD2zaMLaMMqbMGt/q/HUIcB+PRgV0oaM4HB59DNrdFbeZuU3PEXofU9uYFiv1MJzzfVPVBKjEXuqUDe0R5Op4K0KasdqQop5Oh55NxGxb1JttvAoIBAQDmf6c/xz1hjfOTGxZydgD210GVYEFB2EdZnn47TuNXOjPFk8FRva6qU6txezU7DmF356jE0NlAWgD6SoFtpqSKbrxrvxPjGHOYS3fXHD6FK9vlv3jqcoiQBPy2KP59wpkIpcQ+gKqgR/nfaWvfOb3IfqER6QtqvSxK5hInbj6xcZ32cCeSAEG0EH5Mh3DiMuctwZY/l1PKCvt0fn5N0KBvLMCTZBkqQcTL635yLMgDs0PtkKzf8k2FjCjkXZ4nYoQcZ41/bzfnxjitzGiSYp6V/Oq71ZKjjNyjEBOoFRXY1THVpONc1Afct2j54p74mKxcKZaGF2Df7xszvf3TgR+lAoIBAG95QIyLSnqBhmADsV/nn/97Hpq+p4apCcIjxTLkqMN7+/7b8wYGG7zyLCXr+EDeGka9ShTxHn4Fhfy2M66INdr8wRppixxyBbhjM1ZxbgrJ/YmbBpuPppEUEDXXS6Hrli21bgddO8sQNXBLXomeTROrFQ52LeeWzva6KmvBm7HxNiK9HcBp3p3MMh4B+YISx/o7aKyNJME+l6U6e2GnaZXC7DvHE1VKy5Krn0mYvl4Hcm4U5Q2lj2I9Ffj1EKFk7vOhgTAFwMRG0zp3Y3oYe7cB3NLiY76Ka2O0jTF6AYjeT10uFEZHXnoMeozcYvHpqKSJSxQlbQULeINaP7WA4E0CggEADy4A+bZJWI9cpyd1hvw2fAsZCplYMtnneQNzFLzRRAFVP4HHjXaMdjMka0jN7KG50Ye0GaIXbKGAxvr5IxuCYouAZSgkSyRlGHZ/4e6+P07wIGVHtUjtrW5mpih0+htCsMsZ7XPTyNJ0pj3vGLhYw0dznBZY5iKnNBeKwoYEIvN0j7I7KOZTbWRYrPmOeZcYmm7RUkbJAdlPThC2iLFgn3G3DP3emmXSbAuKPEKuuW+o3ZBVkjoG2PCuELwJmlZmlOhM7UOJzv3C5c88Y8eS4hXR76TVD2hLb4GzibI5yhngOk2tm4NrMSHzC+Hczkpfr4Ido58OhjDc/b9ZZABw8QKCAQEAlJNCdC5rFwg7AoHfobbRnpYjs+avaLUj6EV0AAqbSFM3+o3UVOxRGkbHqLm4DqcRRyMoRXxgeKFx5dInK9rrVGRaoTzE7c/Atp2N7SXgodz3jrcPhTHqF1Z4eBjbwvNPumYK7N2U8PtV4OTvihUSpPRN0IgPuGvo9OFVuKenag1rDu1pZlxOQ2uuiostAkdZ6qS45tf0rjCjcpq1DYqgVm785GXCgBMZATZyLzg4nhDpoKWIZevFFCek1CAO7s9X1kHUin/uDutX/lvWMed8TpP0yD7IZ6yh3CYD2Nus+8P3Mla6lMrwyY1VJzq7wXGr9P6u47tUcCgjyRT24EHjlg=='
set pki certificate CLIENT certificate 'MIIFsDCCA5igAwIBAgIUXOnWUTwh0zWkUX+LTlftlfkEGqAwDQYJKoZIhvcNAQELBQAwVzELMAkGA1UEBhMCR0IxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAcMCVNvbWUtQ2l0eTENMAsGA1UECgwEVnlPUzEQMA4GA1UEAwwHdnlvcy5pbzAeFw0yMzA1MTAxMzQ5MjhaFw0zMzA1MDcxMzQ5MjhaMFYxCzAJBgNVBAYTAkdCMRMwEQYDVQQIDApTb21lLVN0YXRlMRIwEAYDVQQHDAlTb21lLUNpdHkxDTALBgNVBAoMBFZ5T1MxDzANBgNVBAMMBmNsaWVudDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJgTHdmee0dFlbohSBF+Xy8XjWpCKnfXGNgr9JgU9+lzQ8SR+Z83XcRocvJXasSf4gDZK05pGhyXTx9KzTaYAZi1ZCK4pZ1fXZ+TdHgThLdLW7h/xDF3WU0omydCGiBkua3kldcRfhPnBYrWZwvHkeUOYNybRezM/fIGpnp74+YBXybGZ8YRLmRhc/j1QDJt0DLvVxfb6YkfU/vuSLnPtu40Ye/EsOhuPcStC9Mmctxx3msZH417z2wWQNvY926ZUQCXophkkhNA3kxUcz+gdV5ECCO+KPa7r305olFgv7c4KSNih7MmYBEyKMS7pA+CF9etEJs3VmHT9avGtKvDMW8XhoqpxTWQ15CNaEFGTxCejPuI+nFCoqtAN9Y9O/A6rsLuM6EuaDX2qjSUfDMnUVVclE7yL8JDZEOQZw970Mi+TnhbXfYEyvX8HJLk4Vg2JUc67jTDRiQfgWuJHiaPyrYX2ssP8LU/oOis638mHo+7YpJCSeqF0R4m6lSiQJNOz8knawp40Uu1iA9RqQrYT8MRt2quCRn2aUolvRmNB4dHS/2TUdHChBdDxylLzbFtZLkCiWwKKNvu3ZjxMua2AjYe904r+S4duow4MxfKUFsoMY6GlscGeReMXJVVx2i+580wF/tn+3k/9PUS90FoFhQCidfxib/Eo4rOT03awPGBAgMBAAGjdTBzMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMB0GA1UdDgQWBBTTt3dGY9D07BI8V/0QmVI25bC+gDAfBgNVHSMEGDAWgBRtWyng3NDv3AsGmq1+fQQjEiQ7ozANBgkqhkiG9w0BAQsFAAOCAgEAKz+MT9JlvwUope8xrUuf+6s/fyiAvmQfGOAN6aBVyxO1+ZIAau6CXGJ9/MaJKF/Ju+V2zTpBVz2bFNxPHceY1z9rtQb0l+CG4elcsQY4vhouvDH+HoI8rP/jzFD25zsUmAlMaTZuLWU4WnVT2WhO5X1GZFKl5fT8ulyLx3rcb/CaiC6Kg+yi/tktFgpyWyjTMSVp9QBGYRudKVwKx585nb5a5Z+uLYBmYcYrRQvLWSQKGLb84qE8gOfek47FZCfoh7rlLpt8prFIW60xEarR4Ul/1xhs+2AqMw3mHuQrIxJgHvKoQHBkS/RadsRWglWasE0qm09BtoLeso1hZIXO2O830jXOYEZEuhE63iIHxBZUEUpurXt6he/IBL1l8UuRM6ArHtDo2awlnWlLUz34e1pSzLAtSfS9Iop+zxt/UDQtMCW/a2MQGB7m/kgCtICC0p8QsuGa8k/+SQOtTI1VAj/dJ2O5XFhfFYgDtT/XXa6o3nEmWW+KTtggcvGIyP0Huxq+6ShxrwKkXI0nWVffhVafcIkJnsUYTJu+Cx4KpilKV6+lzRQhK7UHfS0hErs0UQoZA4Fpz2uWukNe2fezl0IJThWPklGKOYriZyKb4i81i3occ1+9YpzKUrBD2ZI+t0Exp73/cfuQbiCOiIu80S44myiZMfD2OPvjR0lBSoE='
set pki certificate CLIENT private key 'MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCYEx3ZnntHRZW6IUgRfl8vF41qQip31xjYK/SYFPfpc0PEkfmfN13EaHLyV2rEn+IA2StOaRocl08fSs02mAGYtWQiuKWdX12fk3R4E4S3S1u4f8Qxd1lNKJsnQhogZLmt5JXXEX4T5wWK1mcLx5HlDmDcm0XszP3yBqZ6e+PmAV8mxmfGES5kYXP49UAybdAy71cX2+mJH1P77ki5z7buNGHvxLDobj3ErQvTJnLccd5rGR+Ne89sFkDb2PdumVEAl6KYZJITQN5MVHM/oHVeRAgjvij2u699OaJRYL+3OCkjYoezJmARMijEu6QPghfXrRCbN1Zh0/WrxrSrwzFvF4aKqcU1kNeQjWhBRk8Qnoz7iPpxQqKrQDfWPTvwOq7C7jOhLmg19qo0lHwzJ1FVXJRO8i/CQ2RDkGcPe9DIvk54W132BMr1/ByS5OFYNiVHOu40w0YkH4FriR4mj8q2F9rLD/C1P6DorOt/Jh6Pu2KSQknqhdEeJupUokCTTs/JJ2sKeNFLtYgPUakK2E/DEbdqrgkZ9mlKJb0ZjQeHR0v9k1HRwoQXQ8cpS82xbWS5AolsCijb7t2Y8TLmtgI2HvdOK/kuHbqMODMXylBbKDGOhpbHBnkXjFyVVcdovufNMBf7Z/t5P/T1EvdBaBYUAonX8Ym/xKOKzk9N2sDxgQIDAQABAoICAA4nLuhOc620TOHn1nCEwNbXcjQfi7R5VcwXxymr2RvzO/oPr3PBPN5Nh2+FC20L1J/i/KdNaJgDMvw4EEI49ZXg2wlqNhIGSpnSQnNcaaxML9fLa31CqZJ6dkbtXXro6BwsqA9Xuh9sqQ585rxpBFIVIcmjDJs9w5KVsNyF92jnQfpDWjjlgQ2BjlmiRY+/IMwxi/r7kgM1FOVfWon3sJ0AGtWsPUSpSEfFTR9UUDmyjt8lYiASRw5WdQ6g5WJExyeiQe69FjIDH803Yz4Nym6NliGLDjGF646tevnoFaxqsyI8BmITbu4BK48nrkMG05fUeQIURw6Cu5xf7JE7Vzgy7mBwujtkEuRmXz9LsJTaWt5I/sXDUh0Uwe0BGYj5O+8MB7yzQFBjhv6pLJZdySSVgSlmupbwtY2BcV48KuvPkzKngHXR8jA6p8XAQV2Xq2njQLsOKJrgEhbIp99h61ao5K6gtW056hSN4q01YA00JQZGKZRviUOuQGP71SNDPCl3uvvElVwBFtfEYV12VzFKye1fF2CcRThCEML91Qo/IueqrNEBVQHxnCO7R5uwKSkXZNJ5pNArMsAdMfLzXApDF3Dcctz/C9I0RG18EdtoW4RjPxEZ1wXHGVkvCpUCwNImsvxWOy78klnfEUyKtOCMdnn1flp0CiZzjGAMSiGbAoIBAQC9ZpY4XZ4v68KnaHyiqKjNQDU64wrONGK1XrMSwOl5a6Cg8S3n3d51E2AguFKilKZ1LJ721WGdEIO4+J9nFKvXYUSCl711cCh+njyaE3a9H6louFVZ2X3NxjLUSJtqUyBEOE/NzNxhTt9BoiiR3cKUmhLLlYkHmLnqBv3jw4Trl/rU3rDemAf6zOB0eXKM946qjQpfB2LsokCWWsOhnT1XBcSEvkHvSrWv4EH/6IDFAROBGtlCW2C8BiosRdpj8thsdnW1lvGAvHs27nLMXz3/NNBX03dlA8YRaelml0EDo0IwrXI7/u4Zy8wL3gfn/NPr0ST3jXz9K8nxvohPxwcfAoIBAQDNjIZs/HT6Y2rTMH++rC3ZNfLUm/3aNsVl1TB8nkEvfBQHU5HEyqqeE4d/b3+7bRwWhVpfNHLerMV8qNr8iAjvpeL5nvnmUPHLT0CpsI+wUvOlnluHGsCfyLWDNVBPcDL10scediYMkKGJGiQSbl355JbIrYxA5AgA7qUGcLQ7mGmwzXyJgmBMOJbDyYvoezh4iogWxC4Clh834UgmGWJp2Bi20VuqF00HClN+z1QELQN2Pu2SVK5XTlfXmuYHc3Bi1xvD2KaLyqT2BtWVRS9RDG0LOzgOAnG9Mx7SEtPAnRhpydx28HWEwGaFKas6QaIuDo92Blpo40ti2Yav4hNfAoIBAQC0m0SYDz2u+KQvuwVOnoII5zdbJfHB3FZcGSettGNus2EC17ksp3dgMM+zo9C41AM/LQOQ4L0qZvsUwZBPXXjX8xq/ZS7287LJut6TFgheI/kJsO1CtpCuTldd8raw1v+nzgLbfoSQDgP6tET3g33u8lUF6Vw38D0omu4z6NexSMWZg5kpSdQiJofKyZygK9jRbZj8MTD18WqhdX+jdyts9kUFR9/b7WP/iFunSfCw62vL6uxNyJEf+sjwWtP8BzC1jOiF9p/oYNMl+I9jr1aRK62YckAiBU00gchdWdJXQ7D0dhC+gURPOPUkQ99KKt9yuYcEwNj1GnKBoWyelm2FAoIBAHoj2bEjZuNudgjeVdpYd7oNm6kItJSZXT0ArJowc62ivkgIOaNFhpL+KdLoz27xC/K59RSDlwqIgaVstQvATgcRfMk11WstiDB2fIcY2pk9AXjVm6+xjuqjmnBIGtvJYQ6/3ABW1o861jIg7XRiTsdyNMM0lRXuKm9bX4ZvLDoJfCxKPol7hntkWPooZlGT/t9p+ioFEw4IZK6Q2I2DIf6hITZpO13cELJxSWIeEt+UW+1EwWjllt9cN0hvy+Z7iznAdsgukfCZTuK+9uWHQfGYP6ef3dQ9UZbKrLLJ6zgWYW5jO/UVN8/VgFX6h7vLSnKxxj+s0MZo4d/wQF99KGMCggEACAWOCIerQRC51zo8eXOB65mmpR0nX/VuWCZw4uIo5tVZ47JskPIH9MTyd/OLbHDa3esJjmZawSl0lI0j7p/yY+J9TEJyOCUU9PCDUw+BeJ39/VqW/fyBn8gI1cC3BnPkDf2HnbgHxaCP37sy/aHs7Xn/bNDaLksEDWDblFCQ5tYqGbZhxUNnsx2x3z/aYJVmx0lkKXSA+8rKeAk+OnDHUjlJjpRIcAsQJE6Ni+2cHbYygVPXiFbbKk+2ekNwYkhMZ+DP+t+uY5ZRfwq0jjIrh+5fyw26yG9PoXspGoqPCTcQ9BEqU88J6ziFrxWXbmsYdR1dnKCZXcKJVKqJIFCnyg=='
set pki dh DH parameters 'MIIBCAKCAQEArXG91W69LiDsmnDvXjXl9eJzEY0f/SLuipxqYRYdplgWbD3IQlMBtp66onNrb11ZVJa0jkddq3qJbJPZ4mTkb+wGH2bpdAgWx48k+c/JCBSF56NoAHLUhn/+UWHvzfOQOLYVJD4maTxWw4f9WlInANS/B/BQY+Z7zWuEX2F5dnBij5hlMHwgRxq86m4Wm3WNXyux4plVqtW0Htrm0Cl5m+SV04bDA4D5SK22hW8L4FnnPQmlzBb1nRdpolw6SdZKs/bgSfV2wGMfe3Yh0afdOLg5AI2sfgAl/7fCPOXUwaDuqSOkXAEnGqzD+XbuMdJ7947HMumODkOty5j3ysn/hwIBAg=='
Once all the required certificates and keys are installed, the remaining
OpenVPN Server configuration can be carried out.
.. literalinclude:: _include/ovpn-server.conf
:language: none
Client configuration
====================
One advantage of having the client certificate stored is the ability to create the client configuration.
.. code-block:: none
vyos@ovpn-server:~$ generate openvpn client-config interface vtun10 ca OVPN-CA certificate CLIENT
save the output to a file and import it in nearly all openvpn clients.
.. code-block:: none
client
nobind
remote 198.51.100.254 1194
remote-cert-tls server
proto udp
dev tun
dev-type tun
persist-key
persist-tun
verb 3
# Encryption options
keysize 256
comp-lzo no
<ca>
-----BEGIN CERTIFICATE-----
MIIFnTCCA4WgAwIBAgIUORUZbBsuy0QupoJFJgXenSJ9AQQwDQYJKoZIhvcNAQEL
BQAwVzELMAkGA1UEBhMCR0IxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAcM
CVNvbWUtQ2l0eTENMAsGA1UECgwEVnlPUzEQMA4GA1UEAwwHdnlvcy5pbzAeFw0y
MzA1MTAxMzQ5MDlaFw0zMzA1MDcxMzQ5MDlaMFcxCzAJBgNVBAYTAkdCMRMwEQYD
VQQIDApTb21lLVN0YXRlMRIwEAYDVQQHDAlTb21lLUNpdHkxDTALBgNVBAoMBFZ5
T1MxEDAOBgNVBAMMB3Z5b3MuaW8wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
AoICAQCsL2Xui58HXpl+jreqRxYfNDx1ER7umJ0iPw2dyBuJhP1Hy7vlwyZRvdRQ
d2AexK1BU2lTkYMWh58BU/dxmnnVhfwr34wUYP6Cs10tKhOxTNj/87wfCBU1sCfv
O77lPSNP9q/Ad7ZCF3K5Aruc6yO7i8Kx5mR9wysgNaVQQWCsZHKB91ZsviIsK51r
VYNxF9WDxAP0Ms0pO/faSAFf70JbMG2jvRTAgQJ/+R+XXB/Rvg3cJrTYeSeFn+9l
en5N4HQgraw3tq/OLePYaZBew7a+GZ7YRsVdJbwq2Ch5lRN/jZxAyv4WJoMNEGJv
b5I8pj/F3ECg6NcEmXaSnRXIO6eaq1v/huIsxNnWT9ns+/JB7OBDmZ88iMKP9z37
X/AMwLKhcqjMGE9tR8zOMld2vqNgk6bhBzz28WJ6FT3bI30RT2fq+mnvS7rVFVyC
MlruRg8jIkwa0sictXsO8rl+5i1L+44DC+L7YIlGykAMhc+V1AD3nXRz6sQH6O8E
sr5hS2t3zEjcQ/jN0amlAKs8KLPaYh+Ui0E1gx0H7wGfVEVQ48IweIrRrZ0h9BG2
i/9eHaM0kQjUP+I+P00dP6LdOawLWhzNQ8+9ES+1EAP088XpKK4jw9m+o6goqaLq
HN0QBrfW8wSyMFE4wYin3dYGcykWqyx6Up14DGbF0iBCKSRVQwIDAQABo2EwXzAP
BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEF
BQcDAgYIKwYBBQUHAwEwHQYDVR0OBBYEFG1bKeDc0O/cCwaarX59BCMSJDujMA0G
CSqGSIb3DQEBCwUAA4ICAQBWI+p8tBzy6CO8ImP5DBQFwnVBv+6T59na2JrEq7nZ
k0aBITWh9PRp5w+ZOe+cL9jHZEJNoaSjq3/bkF/CSKCIoa0YiZX/MAs4d/EnttRh
cudwgTbE6q0tIKDLlxoYI0Gpo7j48W1rPd0FKAc7igy4eQKOwDmqqG9gVmNTyyrT
1pVvaic7Ok/c1QmVOEub0f7kW2EA4Zk9+HUVGHYdp3WfOX8QCI5nTrAO6YJrw+d1
BUly6krnb7NWDkWarJ51e6TAR1dz4zp++jhNVssEHbLQyA7+HzWnRSbxYndxCPBn
oXjQRwx8/3uUubj9l3CDIb1424D0sm8TNslhElD41/Ir1uQ/RRt15O1CKQJg6mpv
DtgrOik+vpUMqBDYGQ38XgqzHYV1klCjo5NlNP33TRvlQe9B6LtxzBZvoxBfxYDI
heSRdPbKP8DEHZ6z9d0d1Ubo/waExlcrUfBt4bbxNebsx9nuvVl8hl0R0iEInMjN
3jaPrSrUEsPcXpBVL+VhzuWG7zTfGGUVIB+5UC/VCiFP+9LPqsfgBvXKIfIlj2db
LJOsoxZrJtXq7Jvdn7NqFo7vR0hw+YIzmnCFAGpTx6yuWpjuf2y5dY48iTfMuP2v
UoGRxoO+8wFQONj4psAD524SnOpEwYw+3fuw+P5zC6hT9y4XkZKsEnu6nJjB8T0B
lA==
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
MIIFsDCCA5igAwIBAgIUXOnWUTwh0zWkUX+LTlftlfkEGqAwDQYJKoZIhvcNAQEL
BQAwVzELMAkGA1UEBhMCR0IxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAcM
CVNvbWUtQ2l0eTENMAsGA1UECgwEVnlPUzEQMA4GA1UEAwwHdnlvcy5pbzAeFw0y
MzA1MTAxMzQ5MjhaFw0zMzA1MDcxMzQ5MjhaMFYxCzAJBgNVBAYTAkdCMRMwEQYD
VQQIDApTb21lLVN0YXRlMRIwEAYDVQQHDAlTb21lLUNpdHkxDTALBgNVBAoMBFZ5
T1MxDzANBgNVBAMMBmNsaWVudDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
ggIBAJgTHdmee0dFlbohSBF+Xy8XjWpCKnfXGNgr9JgU9+lzQ8SR+Z83XcRocvJX
asSf4gDZK05pGhyXTx9KzTaYAZi1ZCK4pZ1fXZ+TdHgThLdLW7h/xDF3WU0omydC
GiBkua3kldcRfhPnBYrWZwvHkeUOYNybRezM/fIGpnp74+YBXybGZ8YRLmRhc/j1
QDJt0DLvVxfb6YkfU/vuSLnPtu40Ye/EsOhuPcStC9Mmctxx3msZH417z2wWQNvY
926ZUQCXophkkhNA3kxUcz+gdV5ECCO+KPa7r305olFgv7c4KSNih7MmYBEyKMS7
pA+CF9etEJs3VmHT9avGtKvDMW8XhoqpxTWQ15CNaEFGTxCejPuI+nFCoqtAN9Y9
O/A6rsLuM6EuaDX2qjSUfDMnUVVclE7yL8JDZEOQZw970Mi+TnhbXfYEyvX8HJLk
4Vg2JUc67jTDRiQfgWuJHiaPyrYX2ssP8LU/oOis638mHo+7YpJCSeqF0R4m6lSi
QJNOz8knawp40Uu1iA9RqQrYT8MRt2quCRn2aUolvRmNB4dHS/2TUdHChBdDxylL
zbFtZLkCiWwKKNvu3ZjxMua2AjYe904r+S4duow4MxfKUFsoMY6GlscGeReMXJVV
x2i+580wF/tn+3k/9PUS90FoFhQCidfxib/Eo4rOT03awPGBAgMBAAGjdTBzMAwG
A1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMC
MB0GA1UdDgQWBBTTt3dGY9D07BI8V/0QmVI25bC+gDAfBgNVHSMEGDAWgBRtWyng
3NDv3AsGmq1+fQQjEiQ7ozANBgkqhkiG9w0BAQsFAAOCAgEAKz+MT9JlvwUope8x
rUuf+6s/fyiAvmQfGOAN6aBVyxO1+ZIAau6CXGJ9/MaJKF/Ju+V2zTpBVz2bFNxP
HceY1z9rtQb0l+CG4elcsQY4vhouvDH+HoI8rP/jzFD25zsUmAlMaTZuLWU4WnVT
2WhO5X1GZFKl5fT8ulyLx3rcb/CaiC6Kg+yi/tktFgpyWyjTMSVp9QBGYRudKVwK
x585nb5a5Z+uLYBmYcYrRQvLWSQKGLb84qE8gOfek47FZCfoh7rlLpt8prFIW60x
EarR4Ul/1xhs+2AqMw3mHuQrIxJgHvKoQHBkS/RadsRWglWasE0qm09BtoLeso1h
ZIXO2O830jXOYEZEuhE63iIHxBZUEUpurXt6he/IBL1l8UuRM6ArHtDo2awlnWlL
Uz34e1pSzLAtSfS9Iop+zxt/UDQtMCW/a2MQGB7m/kgCtICC0p8QsuGa8k/+SQOt
TI1VAj/dJ2O5XFhfFYgDtT/XXa6o3nEmWW+KTtggcvGIyP0Huxq+6ShxrwKkXI0n
WVffhVafcIkJnsUYTJu+Cx4KpilKV6+lzRQhK7UHfS0hErs0UQoZA4Fpz2uWukNe
2fezl0IJThWPklGKOYriZyKb4i81i3occ1+9YpzKUrBD2ZI+t0Exp73/cfuQbiCO
iIu80S44myiZMfD2OPvjR0lBSoE=
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCYEx3ZnntHRZW6
IUgRfl8vF41qQip31xjYK/SYFPfpc0PEkfmfN13EaHLyV2rEn+IA2StOaRocl08f
Ss02mAGYtWQiuKWdX12fk3R4E4S3S1u4f8Qxd1lNKJsnQhogZLmt5JXXEX4T5wWK
1mcLx5HlDmDcm0XszP3yBqZ6e+PmAV8mxmfGES5kYXP49UAybdAy71cX2+mJH1P7
7ki5z7buNGHvxLDobj3ErQvTJnLccd5rGR+Ne89sFkDb2PdumVEAl6KYZJITQN5M
VHM/oHVeRAgjvij2u699OaJRYL+3OCkjYoezJmARMijEu6QPghfXrRCbN1Zh0/Wr
xrSrwzFvF4aKqcU1kNeQjWhBRk8Qnoz7iPpxQqKrQDfWPTvwOq7C7jOhLmg19qo0
lHwzJ1FVXJRO8i/CQ2RDkGcPe9DIvk54W132BMr1/ByS5OFYNiVHOu40w0YkH4Fr
iR4mj8q2F9rLD/C1P6DorOt/Jh6Pu2KSQknqhdEeJupUokCTTs/JJ2sKeNFLtYgP
UakK2E/DEbdqrgkZ9mlKJb0ZjQeHR0v9k1HRwoQXQ8cpS82xbWS5AolsCijb7t2Y
8TLmtgI2HvdOK/kuHbqMODMXylBbKDGOhpbHBnkXjFyVVcdovufNMBf7Z/t5P/T1
EvdBaBYUAonX8Ym/xKOKzk9N2sDxgQIDAQABAoICAA4nLuhOc620TOHn1nCEwNbX
cjQfi7R5VcwXxymr2RvzO/oPr3PBPN5Nh2+FC20L1J/i/KdNaJgDMvw4EEI49ZXg
2wlqNhIGSpnSQnNcaaxML9fLa31CqZJ6dkbtXXro6BwsqA9Xuh9sqQ585rxpBFIV
IcmjDJs9w5KVsNyF92jnQfpDWjjlgQ2BjlmiRY+/IMwxi/r7kgM1FOVfWon3sJ0A
GtWsPUSpSEfFTR9UUDmyjt8lYiASRw5WdQ6g5WJExyeiQe69FjIDH803Yz4Nym6N
liGLDjGF646tevnoFaxqsyI8BmITbu4BK48nrkMG05fUeQIURw6Cu5xf7JE7Vzgy
7mBwujtkEuRmXz9LsJTaWt5I/sXDUh0Uwe0BGYj5O+8MB7yzQFBjhv6pLJZdySSV
gSlmupbwtY2BcV48KuvPkzKngHXR8jA6p8XAQV2Xq2njQLsOKJrgEhbIp99h61ao
5K6gtW056hSN4q01YA00JQZGKZRviUOuQGP71SNDPCl3uvvElVwBFtfEYV12VzFK
ye1fF2CcRThCEML91Qo/IueqrNEBVQHxnCO7R5uwKSkXZNJ5pNArMsAdMfLzXApD
F3Dcctz/C9I0RG18EdtoW4RjPxEZ1wXHGVkvCpUCwNImsvxWOy78klnfEUyKtOCM
dnn1flp0CiZzjGAMSiGbAoIBAQC9ZpY4XZ4v68KnaHyiqKjNQDU64wrONGK1XrMS
wOl5a6Cg8S3n3d51E2AguFKilKZ1LJ721WGdEIO4+J9nFKvXYUSCl711cCh+njya
E3a9H6louFVZ2X3NxjLUSJtqUyBEOE/NzNxhTt9BoiiR3cKUmhLLlYkHmLnqBv3j
w4Trl/rU3rDemAf6zOB0eXKM946qjQpfB2LsokCWWsOhnT1XBcSEvkHvSrWv4EH/
6IDFAROBGtlCW2C8BiosRdpj8thsdnW1lvGAvHs27nLMXz3/NNBX03dlA8YRaelm
l0EDo0IwrXI7/u4Zy8wL3gfn/NPr0ST3jXz9K8nxvohPxwcfAoIBAQDNjIZs/HT6
Y2rTMH++rC3ZNfLUm/3aNsVl1TB8nkEvfBQHU5HEyqqeE4d/b3+7bRwWhVpfNHLe
rMV8qNr8iAjvpeL5nvnmUPHLT0CpsI+wUvOlnluHGsCfyLWDNVBPcDL10scediYM
kKGJGiQSbl355JbIrYxA5AgA7qUGcLQ7mGmwzXyJgmBMOJbDyYvoezh4iogWxC4C
lh834UgmGWJp2Bi20VuqF00HClN+z1QELQN2Pu2SVK5XTlfXmuYHc3Bi1xvD2KaL
yqT2BtWVRS9RDG0LOzgOAnG9Mx7SEtPAnRhpydx28HWEwGaFKas6QaIuDo92Blpo
40ti2Yav4hNfAoIBAQC0m0SYDz2u+KQvuwVOnoII5zdbJfHB3FZcGSettGNus2EC
17ksp3dgMM+zo9C41AM/LQOQ4L0qZvsUwZBPXXjX8xq/ZS7287LJut6TFgheI/kJ
sO1CtpCuTldd8raw1v+nzgLbfoSQDgP6tET3g33u8lUF6Vw38D0omu4z6NexSMWZ
g5kpSdQiJofKyZygK9jRbZj8MTD18WqhdX+jdyts9kUFR9/b7WP/iFunSfCw62vL
6uxNyJEf+sjwWtP8BzC1jOiF9p/oYNMl+I9jr1aRK62YckAiBU00gchdWdJXQ7D0
dhC+gURPOPUkQ99KKt9yuYcEwNj1GnKBoWyelm2FAoIBAHoj2bEjZuNudgjeVdpY
d7oNm6kItJSZXT0ArJowc62ivkgIOaNFhpL+KdLoz27xC/K59RSDlwqIgaVstQvA
TgcRfMk11WstiDB2fIcY2pk9AXjVm6+xjuqjmnBIGtvJYQ6/3ABW1o861jIg7XRi
TsdyNMM0lRXuKm9bX4ZvLDoJfCxKPol7hntkWPooZlGT/t9p+ioFEw4IZK6Q2I2D
If6hITZpO13cELJxSWIeEt+UW+1EwWjllt9cN0hvy+Z7iznAdsgukfCZTuK+9uWH
QfGYP6ef3dQ9UZbKrLLJ6zgWYW5jO/UVN8/VgFX6h7vLSnKxxj+s0MZo4d/wQF99
KGMCggEACAWOCIerQRC51zo8eXOB65mmpR0nX/VuWCZw4uIo5tVZ47JskPIH9MTy
d/OLbHDa3esJjmZawSl0lI0j7p/yY+J9TEJyOCUU9PCDUw+BeJ39/VqW/fyBn8gI
1cC3BnPkDf2HnbgHxaCP37sy/aHs7Xn/bNDaLksEDWDblFCQ5tYqGbZhxUNnsx2x
3z/aYJVmx0lkKXSA+8rKeAk+OnDHUjlJjpRIcAsQJE6Ni+2cHbYygVPXiFbbKk+2
ekNwYkhMZ+DP+t+uY5ZRfwq0jjIrh+5fyw26yG9PoXspGoqPCTcQ9BEqU88J6ziF
rxWXbmsYdR1dnKCZXcKJVKqJIFCnyg==
-----END PRIVATE KEY-----
</key>
Monitoring
==========
If the client is connect successfully you can check the output with
.. code-block:: none
vyos@ovpn-server:~$ show openvpn server
OpenVPN status on vtun10
Client CN Remote Host Tunnel IP Local Host TX bytes RX bytes Connected Since
----------- ------------------ ----------- ------------------- ---------- ---------- -------------------
client 198.51.100.1:40297 10.23.1.6 198.51.100.254:1194 4.8 KB 4.8 KB 2023-05-10 13:52:01
|
