summaryrefslogtreecommitdiff
path: root/docs/configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst
blob: e42d3567b46cf40e2a9ac65406f5a5b08ae66a25 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265

.. _examples-OpenVPN-with-LDAP:

#################
OpenVPN with LDAP
#################

| Testdate: 2023-05-11
| Version: 1.4-rolling-202305100734

This LAB show how to uwe OpenVPN with a Active Directory authentication backend.

The Topology are consists of:
 * Windows Server 2019 with a running Active Directory
 * VyOS as a OpenVPN Server
 * VyOS as Client

.. image:: _include/topology.png
  :alt: OpenVPN with LDAP topology image

Active Directory on Windows server
==================================

The Lab asume a full running Active Directory on the Windows Server.
Here are some PowerShell commands to quickly add a Test Active Directory.

.. code-block:: powershell

    # install the Active Directory Server role
    Install-WindowsFeature AD-Domain-Services -IncludeManagementTools

    # install the Active Directory Server role
    Install-ADDSForest -DomainName "vyos.local" -DomainNetBiosName "VYOS" -InstallDns:$true -NoRebootCompletion:$true

    # create test user01 and binduser
    New-ADUser binduser -AccountPassword(Read-Host -AsSecureString "Input Password") -Enabled $true
    New-ADUser user01 -AccountPassword(Read-Host -AsSecureString "Input Password") -Enabled $true


Configuration VyOS as OpenVPN Server
====================================

In this example OpenVPN will be setup with a client certificate and username / password authentication.

First a CA, a signed server and client ceftificate and a Diffie-Hellman parameter musst be generated and installed.
Please look :ref:`here <configuration/pki/index:pki>` for more information.

| Add the LDAP plugin configuration file `/config/auth/ldap-auth.config`
| Check all possible settings `here <https://github.com/threerings/openvpn-auth-ldap/blob/master/auth-ldap.conf>`_

.. literalinclude:: _include/ldap-auth.config
   :language: none


Now generate all required certificates on the ovpn-server:

first the PCA

.. code-block:: none

   vyos@ovpn-server# run generate pki ca install OVPN-CA

after this create a signed server and a client certificate

.. code-block:: none
   
   vyos@ovpn-server# run generate pki certificate sign OVPN-CA install SRV
   vyos@ovpn-server# run generate pki certificate sign OVPN-CA install CLIENT

and last the DH Key

.. code-block:: none

   vyos@ovpn-server# run generate pki dh install DH

after all these steps the config look like this:

.. code-block:: none

      set pki ca OVPN-CA certificate 'MIIFnTCCA4WgAwIBAgIUIPFIXvCxYdavCnSPFNjr6lUtlsswDQYJKoZIhvcNAQELBQAwVzELMAkGA1UEBhMCR0IxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAcMCVNvbWUtQ2l0eTENMAsGA1UECgwEVnlPUzEQMA4GA1UEAwwHdnlvcy5pbzAeFw0yMzA1MTExMjM4MjJaFw0zMzA1MDgxMjM4MjJaMFcxCzAJBgNVBAYTAkdCMRMwEQYDVQQIDApTb21lLVN0YXRlMRIwEAYDVQQHDAlTb21lLUNpdHkxDTALBgNVBAoMBFZ5T1MxEDAOBgNVBAMMB3Z5b3MuaW8wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDg45vAzS6xNqU+Pa7wk1Imt1/az1C22Sbp3wPJLfgOmy0K3TA5qVsx/c/8gatsatMkCsekGnK5BPzCDd5eCCLo//B25HFO6fBYRNvHvVyCUx7QEXw4FHFNG88zCIizx114AGtVwZfGGG9xCc53xjLPUpH6iqTXme41cCFFQlqXwZ7fuySieSdoV8SAsJTTOsGCEUEcDEnNPn6tX3KWTzNuyFPECy8WCmNgWNyG2nmH+U7WRTX0ehZ5dZyU5au7TxpRN4a+JtE0gNqcWJ+nh1A543q2pcRoQpPAzHFclgj8wG/EyauQMY/LC4tLc6moPaNlTwA9HJv8s6xUqpzNptDoUHKOqKuw2JRFnno5SCQ788KkKNgVWBy2o3BGoewfHFhAdR61CXeLpmuneuhi96GcM031gW8ptXbd4DkCF7H6KRtqeIvwiyG79ttC8kZf01Sn1fM5fTjGxaE38dAk/RchtHRC6rtFavHJjB2cUcCkhhQofUE6IR2dYJZ1cw0Wy5CI3bXHf43BpvDGmuxIlNGirTq8wf5RCWzDJJgmkQpYhUYe8x4faF4gTo00uH4ZvAYjQu3JNZGkb50p4kM9Mu5rQAiZJUeMAz/QD+EIV9xXgOk14+BbnHKWbZ7Ou5emewFuE/bjl79oNJklpXdc4soRkCPCTEGK3zDBdmUtCYk1DwIDAQABo2EwXzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwHQYDVR0OBBYEFP5NDac/yC+mQmaTpZDUv9GZMGMBMA0GCSqGSIb3DQEBCwUAA4ICAQDEqpF2ibwYFxsF1XDIPS5/Gs0sZTZBuByNm5d2+jTyO7d5alZUdbvobbwhxZOhWasmFNyPLr4TYmZm5zF+efFsiOxjyRuEoVU+Fe8rZmpRIF/+6+nYX5r9vMI4QxGjeeyP20OHJ85Kvz182CTsITrM15Vw/kVVjAVzFI5Gm/QolalAoFQza9rAL4kDqaUszjHjPbysvDpGF+NLPjiYDHXcty/BC48bnuzAeEM60SGZ7EXvf8l0X8YsO7z39w6780A/3rbZvFhCYMKp/+p5xBRDjnX91dM6DJw73RwYQ1KHbHk9wWUwnL1giL71jzp/y4Oj6SSK2PQv+OnO80J6Zg06WIQx9xYcxr108Xh9FotUrlG7GYPI3Udf95t6SjuydDhULAVD0lMBxlDe9DHW1k1q1pOXaHZg926tY66xx/lda6dcuwJjA2Dx5JI6L0u9ureQmQAtxvnoTCtf+hR1iX/IkskZCKs34SjNiCnBuw/DNfdOpfaABm7y+tWiXBwnu5l/K8poXcQYQByyZj6YMmpgsbVPr5KNsLWOgRA81M6IPof8qxvnFrkazhiQWh1YHSjnaHtA3z5/BdgwHVICuFyrIOlbkKyJOjKcKBsDdMwIV0tsnpnyli2xEPZKu1tAQFAavXrK/RGYYhOZ3e0aRSV8hlP8i/mf7p0I45cJiBCqPg=='
      set pki ca OVPN-CA private key 'MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDg45vAzS6xNqU+Pa7wk1Imt1/az1C22Sbp3wPJLfgOmy0K3TA5qVsx/c/8gatsatMkCsekGnK5BPzCDd5eCCLo//B25HFO6fBYRNvHvVyCUx7QEXw4FHFNG88zCIizx114AGtVwZfGGG9xCc53xjLPUpH6iqTXme41cCFFQlqXwZ7fuySieSdoV8SAsJTTOsGCEUEcDEnNPn6tX3KWTzNuyFPECy8WCmNgWNyG2nmH+U7WRTX0ehZ5dZyU5au7TxpRN4a+JtE0gNqcWJ+nh1A543q2pcRoQpPAzHFclgj8wG/EyauQMY/LC4tLc6moPaNlTwA9HJv8s6xUqpzNptDoUHKOqKuw2JRFnno5SCQ788KkKNgVWBy2o3BGoewfHFhAdR61CXeLpmuneuhi96GcM031gW8ptXbd4DkCF7H6KRtqeIvwiyG79ttC8kZf01Sn1fM5fTjGxaE38dAk/RchtHRC6rtFavHJjB2cUcCkhhQofUE6IR2dYJZ1cw0Wy5CI3bXHf43BpvDGmuxIlNGirTq8wf5RCWzDJJgmkQpYhUYe8x4faF4gTo00uH4ZvAYjQu3JNZGkb50p4kM9Mu5rQAiZJUeMAz/QD+EIV9xXgOk14+BbnHKWbZ7Ou5emewFuE/bjl79oNJklpXdc4soRkCPCTEGK3zDBdmUtCYk1DwIDAQABAoICACVsewzYmD6RU2pKJYSPX4pl1aO6ADqNZHZi0GR4K+FyXUqDiHTwA+cLz8K7aWV/WWeUC6j5ZcH4XH+Gg0yumfCgNsnyNhDlyUNHIjPZBT4Cywvg/QTwEfK8//wEHYudT6aam0IIF1O12UW8VgmEiAwMN5Kz476lNQjbgg3efujmJaQhpnULKE2q3V51BC8qhe05JdafDOEE11vOmGj/ARYcbCQhoFJQpDzyTLB8RuEj0cTCe7oVXwwTUF1O4wcmoMCHNvsJxqKwFrER5m+giu83NcKTT13yRlg9LVg094XoGDFtRgmW1dD6ONHzi3Yd28UOIoII8sRYugLU6YcnjXfrgxvKJHJywEEJobfS2o/2/mHh6kjv7pvppWdDhjkf+dWZ0frx2YyF5/dUgGG6e94hzOwRunEu4JVKl0Qr+Vfsqt/STVDA3vbhaMdMuIR2Ir0OkoYiqGBdiEGVx82lf4uDy2TXveqKUADXU5SchjP0JZpBANO4RVoxFpY2r1tEh/sRBu9wY+Fjk4FqdjjOmsbmFwhyG/j2VvKkVsq5itsxG/Rg1nTThE2LN+R6LUquujtn94rIaz6lukEr7Yq9qy14Prj5A7tYnuHbcN36b0A3xN7bxxeX6w12naVp0KZPmey6W4HNeNOOfTLh8BpG+TMPZLJq6U+fryHD2nIhk1mxAoIBAQD88A7vo3LIzas83bYaCa1BgjtJ6WUsqsriuG55pt8olzF/X0THkcDiozCy1IJchL4+GxxA0dp+NBispflvbFWZFAHMnbJx4cc7qMR9k8DDSHNQVgfV6nBa4xBvjBp+sanOOOLV4p+fQZW+n6VMzCcKC74awjbIKgPY0LhUQxIVjtzFyor+MLLoqeavxWzBVVBslwR2oyjbTtTMkeNuTyC4kQAJcfWDN/s2bl6P8Mldpik2WhW0GdxHyK3sgZWXIrnkTlQg3EMPb2sPhFZm6pQKpxXwl8gGgFzEx4mEpHxHm/igZPVRTnYfGwkPmHu3caF59IWHq4jsUAxRQperRgStAoIBAQDjnJ4dZgcnI4PxiDKDKXeb5ZgjnIL0eyxMZoLtaVYnO2lLG0uMlACUEuRwGz4acQcjRoW4FOh3NSberobSHOVBO9Y3qgEcTtgJvzkso5IXD76/vmpiYFdPo9aGaVR/fr+yPZ0h4S9wFShRBtDZapjAlds68ROQsvF/fdU4kqtfyIAst1lwtqMPeTmiZJxVubE0h2YEXOpwIEFcu3+MUvqtCd8X/T+VyF4ZQqn64NvYvkoWpfIiKmOGsCBc4agYuPs4Cy1QvN6oLXp+0b8mSzp+ot35n1lBGTSY2l4/9k6sIzWY7x23GS2g3AUJ2kYUTpQIq2pow8Sc8ptxLwZSQZwrAoIBABqhW7E3UDp8DO9XmHidVDR1dbCOdiyBvuKn8Fm2jABGCtwSN7ebTOePruzlGuSKxUzcpdjdP1fSPFbRErX8ffaj+JyGbec3kjZhym4+RClLU3i91g1bpYCsL2rPIWr9YZdovdkvBwdJbG6peEnhpKqWGenPUN06LzWApCea+Ch05iGc9Y1Vq0B7wuH2s0CXruP/8mRbQU31usnfAkb25ccI3SwhZ2vtVPGiJSqae1j0yZoDWg2gO2UDZ+xiqFFFQrUa2hirmBPj8y2rDT3ArN2CQfkWweSNVzcQmxXwC3Wuojqg5oMs85rKyeVudHgX6pxgdj6WfNAEjYdwr29E6/ECggEBAIHl7i7k/YwOrsx3aCyGy+ZC39LjDbGtYhiwIGSRy0NUmsDscO9nv/TB23FHeufoPaSaKNJnzEvMH8TSYcskBop2NclK0ptvO8hEQ8MADu3uZHRVna1LQkkHPfUzw6+HjKuSkky1kTcsO/gSJbsPJOI0JAu9becU2NJj4/4HZpqheNUMRpUXBnRcQNI3DSm3cjSCWWyAAqO/JM5hi2dwK/P5QEMWmuVGlr1f2FZ/YbiO0QWf61IoUuiZN78KYb7KQ0U2y8PaJlBgtBoQZkDaiiWfmYNOt8d5NRVO+p8SWM/QwFPpk1Hdora9GnsHARuxxLY17eKgZ2MS6jdsGPV00EUCggEBAPuNZ3peHYhIo2EMb6wpnAFV2fAUajymwenr+Bmv5BlAnW7bE2bSNuK0P342H047On8pSEHD4tk9C/GedKiUyxP2UnaFS24mWpe44X3UlC+KJLqJG+zVGXryC7bvhS3N1KlI6H2pRY1fPAhlfUk2KAe+ZP5C7iWwtR6FlPpjB3JoS77qFVhnYdlfnQEuJ7woEKD1TXQH0Sb2OGfPQW1UjIYoEp+9p2F5scB8rV6WaOIpwLY1H0ODvo1JYdTruWGHMKqhuLs5L2MeOluUOyHW7HkJLdLuyDIR9nA4+vNB1RNF3rz83L4Xs/NA1CW3iFWIyG57oFMX1td3i3xJwhjd40M='
      set pki certificate SRV certificate 'MIIFtTCCA52gAwIBAgIUeZnSAMPohIvKL/1Fy/pW2cV73HkwDQYJKoZIhvcNAQELBQAwVzELMAkGA1UEBhMCR0IxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAcMCVNvbWUtQ2l0eTENMAsGA1UECgwEVnlPUzEQMA4GA1UEAwwHdnlvcy5pbzAeFw0yMzA1MTExMjM4MzFaFw0zMzA1MDgxMjM4MzFaMFsxCzAJBgNVBAYTAkdCMRMwEQYDVQQIDApTb21lLVN0YXRlMRIwEAYDVQQHDAlTb21lLUNpdHkxDTALBgNVBAoMBFZ5T1MxFDASBgNVBAMMC292cG4tc2VydmVyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEApDWzTcB5LFM/tacaRHvpchBKLigJ5FlqNNfJ2vnP87KfCmTA5tkWF7MtuY990tHZtl1vQ3Pim4d6XBOngiQmaw7tZeWAIrv1L2/VBjORUrLrQhkkg9nSpcYFxoyUQzukTY75PcwhYLkS6ZO/vPPSBuh97f3XR645Aauf7ZIk2NsUidP2uGZz/Sr5VC7ovH2l3zz1kIHPCinfvpPEVb5oTt7qEffk4vnKjy9RY+H1hZowvcAp1zfLaOt/dXaK6vfNutbmwDHbYAlIals0EcjtTr+63ymxmupn7RBjgWtK7MgocGZnt6HKJ4J6teP3WgiSd+I9pdFG4wHZOSVL3axf3rBx7q09DMn/Snvfbly+SlhXw9Ebk368J6j6rhNUkxo/M9fbfgxS0JnNjHInRNAvRQW5CgQfT9KyUdxR63BeSnngk2XYX+bDinb0ig+VDpZcr6PgOBR8aNFsCPbXRwDy0bmuFnFYMzs/7ZmFQhzE6rQykHvVvAsyv7FYrlW0E02H4+Xe6bEVpE1fLcH8OCGY2cfuTfq1Ax6R4r+tdHYW1kzFLjwdh3uqTLF11zcbkAwd78E/ItrfEadvgxrYR9gfhX79AkK0VHmZ/hzrLFeGznnVcqoTKgq21dfMfQG2P13QvqS7tCE5swM9N09ASVrifyVDuoL6jaW96wgeqR6eHMECAwEAAaN1MHMwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwHQYDVR0OBBYEFE1U3Zamfuv6ocYiF9q7H//U8h+AMB8GA1UdIwQYMBaAFP5NDac/yC+mQmaTpZDUv9GZMGMBMA0GCSqGSIb3DQEBCwUAA4ICAQBZwHvGj/jziNFwXS2W1Q11I12YANmVhISP39AA7DNhXR+E1hXFs+U52ehurZoLTi5YTjd8PD0KcE58mw8CLsFQB/+pni9EwJuAhpMb6XsmYEp0PeOH7C/q5eOc4TB/NBsvEa5IdTmUoewmjubKeJ8OHdRBMI77Me53lSC6iskc9DGyixSLqQogQW4aiTposFJOW/YugBy7kiuygmFNJv4luDbyRBb9131zH0qSSishLT4Bp5lXQNYWI4AU0JeyQcYaSHWCr0h6H9GN3QOf/emc3/2Tee40FcEMsszJBRnQ3IISzU5xVLlfU02SJMpjvFT2MGfHAs7obrNbwiFeoLZ6fQeGLe53aOQ5M9XeW5bdIeR2ZrLoO1hW33x5jYI8nLnU0FnqpMMY14r7LZE/mjwfdrTsGChFzsLasB0Tj++mGMOXw3DSusppub17AE2bO2uO6J9XMlbkOC8EmDCF1Hetija4D3aunhtu6jRBOcR8DHVBqNae2YgUk1ALqGrNUGFH4bEioTjDDx2GieOtp9rUwJMlkAyUEe0k/wzcBLjZaO8KBCtrmTdr1wMXizPT+XcjAlzRNXvHiZFq0NG5Rnim+LH9tp90EHzO7EeVXV+LegnIKQqboIrY3KOw5Qx8ska+t1WrWHpyzpwsA0WjA6sDTyWthgNYSxb1ikNGO8STCA=='
      set pki certificate SRV private key 'MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCkNbNNwHksUz+1pxpEe+lyEEouKAnkWWo018na+c/zsp8KZMDm2RYXsy25j33S0dm2XW9Dc+Kbh3pcE6eCJCZrDu1l5YAiu/Uvb9UGM5FSsutCGSSD2dKlxgXGjJRDO6RNjvk9zCFguRLpk7+889IG6H3t/ddHrjkBq5/tkiTY2xSJ0/a4ZnP9KvlULui8faXfPPWQgc8KKd++k8RVvmhO3uoR9+Ti+cqPL1Fj4fWFmjC9wCnXN8to6391dorq98261ubAMdtgCUhqWzQRyO1Ov7rfKbGa6mftEGOBa0rsyChwZme3ocongnq14/daCJJ34j2l0UbjAdk5JUvdrF/esHHurT0Myf9Ke99uXL5KWFfD0RuTfrwnqPquE1STGj8z19t+DFLQmc2McidE0C9FBbkKBB9P0rJR3FHrcF5KeeCTZdhf5sOKdvSKD5UOllyvo+A4FHxo0WwI9tdHAPLRua4WcVgzOz/tmYVCHMTqtDKQe9W8CzK/sViuVbQTTYfj5d7psRWkTV8twfw4IZjZx+5N+rUDHpHiv610dhbWTMUuPB2He6pMsXXXNxuQDB3vwT8i2t8Rp2+DGthH2B+Ffv0CQrRUeZn+HOssV4bOedVyqhMqCrbV18x9AbY/XdC+pLu0ITmzAz03T0BJWuJ/JUO6gvqNpb3rCB6pHp4cwQIDAQABAoICAQCgNLAZhFX0E8hNbplnBUltek0VGQUFnuLKaVlLZXwn8zXNCx1UW6l9N9e9eSw1uXzhueiqc247dQLAwIAlrSU6P9cHGdBYku4T+NRpd3gpqdtyolsItEQabccGvfKMYazb6khqrTRHTGkSL47aRzq6eKsbvRMCoQyG/61JN9LxK1SvX3gO0g4Jipq0MgvokeF5mdyuvqaC8PWU1k+vo9PaVwsguqy5cSDZbz3F6BcE4Lj693cavRmb5F52+E9yDI/P4IhCLKIt4QCgmxiC3XgA43fq75+SV21LUTjzc/0mY+VoO9CmzJcQ0vDrclzJnyFfCwBAPZweL5iBc0zAGcNxTA5/k86ejHdLlASH0dRf55F8ALeO22um21F7cEqOSYBtl009LDvpHte9wKWp9MpHABeDCigYMc05/IgVPQemtd6NtQ0ZVWHWUiWWqh5cY4v8d0CHWAv4HJZI5JuGWdWUc1QufMfu9UbTuNJe0RGQ/N9OJZzzwX+Vpuflrg9K0CT47Yo3NGFbYOuxn12JQBEYDNl5VHWZGAe1x/ljD0OjWmw3xkLNyRqwZnSTTJ4salCSW6qLrsqHWEeNyx+J4t2gBY0TNoylQ8hECxozFu/CYNIlY7+dJjFFe29r+FNBK+WOuUcSoyrABbqCkQH3iXOC97SQSyxdXMNvkkl9X8gvQQKCAQEA2VKt5k7HqvUTC26DNswNQGfd89GcQSeWaipzOBe0Oq12QA0G4ZfPTR00F6CqYnEOSuu2Qa++KEkTBsgl9mE0tdWCAXTTWuqmnsvX2FYQ8rD8FMce+Hs8nn3qNtxAkqPjIY0uEe5AJDzeB0ct7A5w5K5f6MUE/2rWhCeBGVqJKQ+qRjgk0KeVTcnTGzyujaHN1akUA1CRKEqtrCCspZjollWhxDygevMbXs/0QlDkUxaflPOzit6B5vDJqLGJUgvPI3Hc+9eDZXeCyCCdXOVGY8FUxMQ84RnDO8sVOthgahHsdbxjdUb0KcgaV5xNuMyuYsA++QG7fnsHCHnKT0c4eQKCAQEAwW8ppE0K/EmTp2OXKq+cuZHRZWaBtm3zDwfOz3FLVBXi3JGX9M6Hv6q/2cgLDudYiE3LCNagNkI7rRRO8Gfqd2i9KVRQHWCTl4mpTOwwmKWONNgS34aTPjD5UptNUzTvIItGGSMfg/DNrYg6G9HA666aIqpvodSfUv1ryJViml/3NtvmlRmRKEYe03txKhAN1Reuq30BoOGs4Tu5Hy8ijws9hOSCdZbOyte4EhDRSNyZB45YXooJOHEWTLjrZZqgGH3B/uUAUmyHbutPF/Wkep7M1LVeU8KS4HeVmwMRgPL10nxoHPE/UGBuqL09p4a1muXQ+TMHvnI59Shkn9cEiQKCAQEA10v/l/BoAse0TFj5iSnx3uKHkmsQX8P2UcsoRmPFW3RJd/7v2EJrTrwlxVqYMdpLDJIkB0MyIfry7H8QjNuUOqgAmazBToq08xCDD4GEXMpVkcgKuKRuU53ukNb26c+Ozshs4bqktMHQPGmZ5wgPc54EyjeVUezoBBiW3yVASPuJ9vLcFhJP6baOe6dMTmgD4S4V84q3o7EICUR9hbjMg1LmZeCiI+wAK5fdJm25JU9+XTRppKP3EXFudr8bibrFRRoikSTauYUCfX1CKKvDZkQ71IuMvHynW+8/YwLF0Y9cMO+noKHgdhwVbMIehXvRL2fBezLqKs17FDyD3rJyEQKCAQAdwFtHShJGe4qaVFcL2bbhU+xBDGMnDAI2bZ0BiwtrA3LBOiOFI779W+XmOT56LFsRm+V+loRN1CIZnOYHU/RcKV/u22j3G8OXqzS/ABT5ZX1Z42IDv08mYaH3cquSALJG7yT4+M4AHSmFZ06IuNpTZaePbWd+HJXkzdWmJFPmKpx7c5cjl6sb5q0XGgVt0spN3Dahabi2Zf+RJP50LWvDVJdBuWPXcjqcOFG3dZ669jMTVnGBGPoSFFK5ujd6iS3WloEgE1jZVJgAF3Ey3jVOJt6aWMsJVwQAQmRgUzh9/OCSX1AkI3b5hdt/WJwDCFUmXfKmYZLvV+JSMsRHUWsBAoIBAC2ZuZ3hYmSFMq+rZme72lIl3PUiOWPO9VVbs+PsRk58/ceCWnGCO647+KGb4jFw0vKPwP5RKmPny9a6ZSpYB2jsgWItKewdah+VPEOSLZQT/aPB5f61eiazCnuUuWrrycQVyLlELD0pj29mMxAJ0Nr1CIVboYp+YYA7dWNVSUT6T+EV6ASEC6jflb//UUUmCjOfxILGMkqvNJ2T7WguaPLOw21wLx0eDvQA/N8ZTiyKmE+GVRkDwGzC/yLeelgzyBgmyr15hfo7Q41VtAso6rzzExc4GasmgQe8z4Y0Gm7t3RDL3GXxBmonZtxNZt0vwvVyS/kAJedmPgcfxJunPnM='
      set pki certificate CLIENT certificate 'MIIFsDCCA5igAwIBAgIUSzQgwzGsfJFecGxCwLXVsGCLMkAwDQYJKoZIhvcNAQELBQAwVzELMAkGA1UEBhMCR0IxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAcMCVNvbWUtQ2l0eTENMAsGA1UECgwEVnlPUzEQMA4GA1UEAwwHdnlvcy5pbzAeFw0yMzA1MTExMjM4MzlaFw0zMzA1MDgxMjM4MzlaMFYxCzAJBgNVBAYTAkdCMRMwEQYDVQQIDApTb21lLVN0YXRlMRIwEAYDVQQHDAlTb21lLUNpdHkxDTALBgNVBAoMBFZ5T1MxDzANBgNVBAMMBmNsaWVudDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANHNJOSwcDbRqziL1gXYnHIq7P7vEUFvS8d/XLYJ1xIpcYTRXTut2CTGRar7fZZicu7x0yoK4TzrHvGVf1o4NC4NSGV5RX6kwRdrfWBmvpIkjSLGtCREFyhb+PHDpnsIS7cfN9udC0vocqVlx/xM/sfcP6Vja/uFp+9TQcneJIxYw34zkF+TtOVbE3pP5VxU7ZAj8F5/q1ONhTMdzG4Ol4/0nBqZfdYA3LVDeSSNIJNF5jlaKXXFHz1EJRemTYDx+f5bfCVcK2Qs8fU9jCFBlATjMu9O5rgk6nMLRwEnJZuZ1gj2tWQvz4e9yo5yUqf1PUhOrn3c81MRliUNHKr+CkxgQJal6P3Ar3q4iftJih3K+/j4o194mQ/Dt/Et+/Qn/DUFk2FB0rTMcQwJLTEAzxtTdmBJeJpipIPDR0u7UMZLNh/raQ8s3FsbY4uYORt2f5YQlCVHbth4dRa9xa+oRbm7eomNACIbWfkLh5Bzud1+qIfdBMZKaZbnf0HEeuH0J5LBJeova8EPxWbYMJPrRHzu5gowkIKl+uIxcy8IiNTA9YEoJVonCjmlr8NEtYShrIVbicdMNSI3pOQR60MFhkHwBjSU2l/z+4wwLxtzq/c2xKw9yrOZ46ZVLwGDFq8rPwp7/P9r6mDKsbn6jIvGOeH71dMZvoc4lCaClw+hKIzLAgMBAAGjdTBzMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMB0GA1UdDgQWBBS6j30FmL6kZW7rDH8QjRMoWoA/njAfBgNVHSMEGDAWgBT+TQ2nP8gvpkJmk6WQ1L/RmTBjATANBgkqhkiG9w0BAQsFAAOCAgEANW2Y4bgaB9oexEjj6rkGvePtQmXRkF/adVQREY9iZDGTe72ePybVzrfMkZHjse3o7JvXWRIVVztWSzEpv5noIOX7lAioGG3wsFTHotTFR0zrYJHXHBcV2Neq4Kx2Ta/TZwD8QnZHAAxEQ1pYb4fxwN/A60VElAZoz9zYsbrJyVrfuHDL9queQxPFzqis+7W1BiVIcv4rn0DMQ560jTGh4t4rImOSu5gUsUrQaih85XDdOBPxViSNwfVdZJIgbvamudpfEaKsIun/uCjcxpNnzIp0rhyYmDeqVat4GnTV7Sy48e/Uvcq71ZWbBYJF4+yW4pylIU2Sh/Uy2sAz4C2M71FlFB7qsmcnPRsFFHf+r1NyD1lkVI9k2371fTG/Kub9V0rOz4pvKz4Em5b4MUPdDbZOqJ8hQ+atGE3ovFJIovA3NFb0OtnyC4l+kG7dfjqFudOnmDa+Qsya+2YOxBZBIRfuhlXhb6Y6Smsk9R6x0jBmcQTPS5ZmvKaTxQCFc53xMdQNAswjiI2L9rw4BcqQfVmf/vpoN+VusD/XEv2V0Ixm10YybA7BI/tixh9vwj3fdQXVLy3jSYjVBd5WOFPizbQZeD10ElvlLqZZyWrP/Wre7Nmi/gEOnhBXXmo034fFF/vXf0JRpQsd2oDs24+4XwZYb8mbM31j7Nx8YvhR+64='
      set pki certificate CLIENT private key 'MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQDRzSTksHA20as4i9YF2JxyKuz+7xFBb0vHf1y2CdcSKXGE0V07rdgkxkWq+32WYnLu8dMqCuE86x7xlX9aODQuDUhleUV+pMEXa31gZr6SJI0ixrQkRBcoW/jxw6Z7CEu3HzfbnQtL6HKlZcf8TP7H3D+lY2v7hafvU0HJ3iSMWMN+M5Bfk7TlWxN6T+VcVO2QI/Bef6tTjYUzHcxuDpeP9JwamX3WANy1Q3kkjSCTReY5Wil1xR89RCUXpk2A8fn+W3wlXCtkLPH1PYwhQZQE4zLvTua4JOpzC0cBJyWbmdYI9rVkL8+HvcqOclKn9T1ITq593PNTEZYlDRyq/gpMYECWpej9wK96uIn7SYodyvv4+KNfeJkPw7fxLfv0J/w1BZNhQdK0zHEMCS0xAM8bU3ZgSXiaYqSDw0dLu1DGSzYf62kPLNxbG2OLmDkbdn+WEJQlR27YeHUWvcWvqEW5u3qJjQAiG1n5C4eQc7ndfqiH3QTGSmmW539BxHrh9CeSwSXqL2vBD8Vm2DCT60R87uYKMJCCpfriMXMvCIjUwPWBKCVaJwo5pa/DRLWEoayFW4nHTDUiN6TkEetDBYZB8AY0lNpf8/uMMC8bc6v3NsSsPcqzmeOmVS8BgxavKz8Ke/z/a+pgyrG5+oyLxjnh+9XTGb6HOJQmgpcPoSiMywIDAQABAoICACNXi396uWyCpXVBGSyi8LfKw2GupBmBxiI1Mkj4H2LP2G+nVS1Ye7C2NcY311AeBX56/jd23bqFYRERPgLUtPWNB0UQyMQsvNpVISm8JR45Sg0xq+bwEXabB7SyYLkZDKgsehxkuCJxZd625pl53vGMCKyzst0MBt4qCEsZQM7jpQr9ZLS1DSQV05InI1wKcnp1k2hX2WSZ0nZp7qYbjyyQ6DsS4D/MpWFjnGSr4XDttXqz1YghTMHlWNpDCYtPN+3BO4iPnj+h0qCdXZ28jlLEczAc+oDKtzPqEmv/TDaKE6Qu6x+VbkBPmG+mkoX4qfokRwCs19CGheR38PxdDx7AgySv7K8hM8gFC0XEqNdjt86KG+N1Ps5Sru4QMrf8j9XXNPUvt0M8wsPVeWa5ubkV7/h0HIEROOFpEFbzWnhBChPVvFObuuEjl5Jnj3KUEnckQFU07mPP/BpysHo3v/p+VTVoo2UkfVvjamnwQOUt3cVlPVC4FzVgkswJa4f75nGmDv8dafyPrCYciOh0qyhD5Pw/EBJkKtDBYHaoxtAw9Ann4A5rvZAveLNTPESOMo90pJwJbQcZyq9H+UGVnde39I4m5vHB5izZJI24Yd3fjRRkRf+/68VYKrkI5B7oH73Z/cl/xgEdI1hag4MLv1gon8wna4yCX/321YPTrDABAoIBAQDpHtvnvpOaoSjkJHUx4EGJkrp5R/mPfEbzzU2Ov5pNIcufv++2lsoUVCTDwgp4+7GngqYO5vVyW/AS4pSrDx7kdWpFaUtJUUCcCHk/5hYcvvourYtW1NR+XPiI28IqRp1P0L1+P0mUaRgpEcw6nEnc37XEujvTB1M/yF2y6xc+kZGjrZTmJeu0V5kkaGcXlAqUv2k0Lj3tEPQR/qj+kMX5hidROGuybNBESgA5ELY6QVnpcOyNDyniWq+RIUyBOuXp7DpUbmUANFEEP8lwjZX+HqwTpSjTSFdcPrsmorc9FpTXA9ktt1Z0ZxBzUvdcWbUeVsFqL0yICiShE7UxlOPBAoIBAQDmZGQ5roSKKY+VnmjIq2+gx8zsMYeliQm0hnKrFw9MM8U+/XOpXlpNHx2ehrGWp/BbmlmrnQaRcbLPJaRtWSEywbWnG77g+zj0w+4BdsYyTtGGFj4tXVZhPPo/DID3FPLn9cSv8MIVWjzg1G/BZcxtCDBDRBhwhZHCPOfd0K/S7rvRBq7IsNNHMTGswWGRMaF+M/trZw7TsQ0BX+5zZUyO8VNBi/NgTV3yoQ8ynBefRt1dmNa2CKXPT+5R19cBtecFEyhc3yo8ryTtM22JzndzA8agQmNPnWmYGivvcNHNikTQ2qUvvcd7Siny6j0+CmFdT9bl64VPyRJrFCw3jaOLAoIBAQCQ/1OyShRO+myPsql+U0kQQ8Zeh0kPWTJclFboMf7MePfJLj3waMvaZxfS9s9CvvKaCSY2YKtL7Sle5bWozCff27Q05jAgszwnkRGxj/AzAwpjnCft40UkL7majm2vk+pm6aPjcYPXnqKbcOmBjxJWIoNRkLCDKqw6IOs+zQDRNwPKNb5GhFGeA1pKjfGJddg6+u95uEVmPcRBqQ79/5hUAoBUAW7jNNE5mHmZBO8DPwCotUc82bCojNVkxLxsKPE2VWtWdq+1t9SoevBVZItl2zgWpATHndhQlOgdONoWUgRT1J3x1HYewrg1suYOd/GypC17WV4Vw5FS6wopg71BAoIBAQC63vDgTGpauk0pOVyab1tSmNzhM2dn4BhMIcU+eqzAzTkO13sKBGrQJQ3cODoxDbSKSE61QN9D92nmVQziWKnxxmb1zS5sw7g15/nTnCg0Q/P0g3QZTZyzsEb1/slYH9jKRnErl+eEdDXu0sB2qIBAa6Th2ojMM7q/RrF3HD6Qo20ZpQb951bnZsJ48j2WDCCGAdnLCsNe9zuqQsphNOf9BUbXYpGcKgSquPJfxXXvjgYdVcvJyIfc+GNAZQaS750bY6eYdLaIlDMqZk1RunLuikCAWni86dvtMEU0qFi0E5Ovp7jWWWNE4CnYSyAzgy3oBssyoG74AQp8addXk/3zAoIBAQC8/7DglQGMcKnk4zX+7jCuc0p+qMcd5RdnfBKlRhcWYNRPup9jyDefdkXCBTumCHXrIil/rJzP6b1IZZdC4xkheQpLXNUcceAidRWIrTypaXKkmhR0D74uckGiLXB4S84HYmIdw89ZiF0gB0yyZH5mZnqVMojwnGmWqcM2sr2N44bNQMfhD+nCSgQmReYKKfMQCdvYMxRLQfseU0pFEOGnh9jAmpn8qWMWxNDmFR/rVl26BXtRPiNPimfwWKrYNYhESN7A5/hWcrNUhE4PI+Pjd74npimqs5TDSst2Jc6DiahdaZ6JNNzp2PMUXNbfsMCVgZx+qtVNnVxVMiEngPRl'
      set pki dh DH parameters 'MIIBCAKCAQEAzPOQWrWaIX2qt4sbV6bRbUnFx4jmeE+WXC8GIvulnC4pIr1nt2Gc/7uNfEPjDZ4X6csD3X6zAWxtSuWeNuml9Yuy+tS8gI7d0FlbQRAFO/9GIlRuVdMcbCtEhg8ja7Y0g3fQjOSQJ9mqFo7sRoXyYQALD+MDEJOxhnV7neCrgDi1pqnN4xZLoR9DLARp0ad30VIvnv0ay55wxFWAKh2iwNRwyeXIEOtUDBkfcLGSNNfK0kQsos/J8Q+7YXmk4cN9tiVX4xR92edVO4z/vhMkjsGKLSDm/E6EMusX+N0UhQ3dv7qDgeSS8vDsqBm8XJonumNZLvFbYt2ARGRZYL6DUwIBAg=='

Once all the required certificates and keys are installed, the remaining 
OpenVPN Server configuration can be carried out.

.. literalinclude:: _include/ovpn-server.conf
   :language: none

Client configuration
====================

One advantage of having the client certificate stored is the ability to create the client configuration.

.. code-block:: none

   vyos@ovpn-server:~$ generate openvpn client-config interface vtun10 ca OVPN-CA certificate CLIENT

save the output to a file and import it in nearly all openvpn clients.

.. code-block:: none

   client
   nobind
   remote 198.51.100.254 1194
   remote-cert-tls server
   proto udp
   dev tun
   dev-type tun
   persist-key
   persist-tun
   verb 3
   
   # Encryption options
   
   keysize 256
   comp-lzo no
   
   <ca>
   -----BEGIN CERTIFICATE-----
   MIIFnTCCA4WgAwIBAgIUIPFIXvCxYdavCnSPFNjr6lUtlsswDQYJKoZIhvcNAQEL
   BQAwVzELMAkGA1UEBhMCR0IxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAcM
   CVNvbWUtQ2l0eTENMAsGA1UECgwEVnlPUzEQMA4GA1UEAwwHdnlvcy5pbzAeFw0y
   MzA1MTExMjM4MjJaFw0zMzA1MDgxMjM4MjJaMFcxCzAJBgNVBAYTAkdCMRMwEQYD
   VQQIDApTb21lLVN0YXRlMRIwEAYDVQQHDAlTb21lLUNpdHkxDTALBgNVBAoMBFZ5
   T1MxEDAOBgNVBAMMB3Z5b3MuaW8wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
   AoICAQDg45vAzS6xNqU+Pa7wk1Imt1/az1C22Sbp3wPJLfgOmy0K3TA5qVsx/c/8
   gatsatMkCsekGnK5BPzCDd5eCCLo//B25HFO6fBYRNvHvVyCUx7QEXw4FHFNG88z
   CIizx114AGtVwZfGGG9xCc53xjLPUpH6iqTXme41cCFFQlqXwZ7fuySieSdoV8SA
   sJTTOsGCEUEcDEnNPn6tX3KWTzNuyFPECy8WCmNgWNyG2nmH+U7WRTX0ehZ5dZyU
   5au7TxpRN4a+JtE0gNqcWJ+nh1A543q2pcRoQpPAzHFclgj8wG/EyauQMY/LC4tL
   c6moPaNlTwA9HJv8s6xUqpzNptDoUHKOqKuw2JRFnno5SCQ788KkKNgVWBy2o3BG
   oewfHFhAdR61CXeLpmuneuhi96GcM031gW8ptXbd4DkCF7H6KRtqeIvwiyG79ttC
   8kZf01Sn1fM5fTjGxaE38dAk/RchtHRC6rtFavHJjB2cUcCkhhQofUE6IR2dYJZ1
   cw0Wy5CI3bXHf43BpvDGmuxIlNGirTq8wf5RCWzDJJgmkQpYhUYe8x4faF4gTo00
   uH4ZvAYjQu3JNZGkb50p4kM9Mu5rQAiZJUeMAz/QD+EIV9xXgOk14+BbnHKWbZ7O
   u5emewFuE/bjl79oNJklpXdc4soRkCPCTEGK3zDBdmUtCYk1DwIDAQABo2EwXzAP
   BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEF
   BQcDAgYIKwYBBQUHAwEwHQYDVR0OBBYEFP5NDac/yC+mQmaTpZDUv9GZMGMBMA0G
   CSqGSIb3DQEBCwUAA4ICAQDEqpF2ibwYFxsF1XDIPS5/Gs0sZTZBuByNm5d2+jTy
   O7d5alZUdbvobbwhxZOhWasmFNyPLr4TYmZm5zF+efFsiOxjyRuEoVU+Fe8rZmpR
   IF/+6+nYX5r9vMI4QxGjeeyP20OHJ85Kvz182CTsITrM15Vw/kVVjAVzFI5Gm/Qo
   lalAoFQza9rAL4kDqaUszjHjPbysvDpGF+NLPjiYDHXcty/BC48bnuzAeEM60SGZ
   7EXvf8l0X8YsO7z39w6780A/3rbZvFhCYMKp/+p5xBRDjnX91dM6DJw73RwYQ1KH
   bHk9wWUwnL1giL71jzp/y4Oj6SSK2PQv+OnO80J6Zg06WIQx9xYcxr108Xh9FotU
   rlG7GYPI3Udf95t6SjuydDhULAVD0lMBxlDe9DHW1k1q1pOXaHZg926tY66xx/ld
   a6dcuwJjA2Dx5JI6L0u9ureQmQAtxvnoTCtf+hR1iX/IkskZCKs34SjNiCnBuw/D
   NfdOpfaABm7y+tWiXBwnu5l/K8poXcQYQByyZj6YMmpgsbVPr5KNsLWOgRA81M6I
   Pof8qxvnFrkazhiQWh1YHSjnaHtA3z5/BdgwHVICuFyrIOlbkKyJOjKcKBsDdMwI
   V0tsnpnyli2xEPZKu1tAQFAavXrK/RGYYhOZ3e0aRSV8hlP8i/mf7p0I45cJiBCq
   Pg==
   -----END CERTIFICATE-----
   
   </ca>
   
   <cert>
   -----BEGIN CERTIFICATE-----
   MIIFsDCCA5igAwIBAgIUSzQgwzGsfJFecGxCwLXVsGCLMkAwDQYJKoZIhvcNAQEL
   BQAwVzELMAkGA1UEBhMCR0IxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAcM
   CVNvbWUtQ2l0eTENMAsGA1UECgwEVnlPUzEQMA4GA1UEAwwHdnlvcy5pbzAeFw0y
   MzA1MTExMjM4MzlaFw0zMzA1MDgxMjM4MzlaMFYxCzAJBgNVBAYTAkdCMRMwEQYD
   VQQIDApTb21lLVN0YXRlMRIwEAYDVQQHDAlTb21lLUNpdHkxDTALBgNVBAoMBFZ5
   T1MxDzANBgNVBAMMBmNsaWVudDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
   ggIBANHNJOSwcDbRqziL1gXYnHIq7P7vEUFvS8d/XLYJ1xIpcYTRXTut2CTGRar7
   fZZicu7x0yoK4TzrHvGVf1o4NC4NSGV5RX6kwRdrfWBmvpIkjSLGtCREFyhb+PHD
   pnsIS7cfN9udC0vocqVlx/xM/sfcP6Vja/uFp+9TQcneJIxYw34zkF+TtOVbE3pP
   5VxU7ZAj8F5/q1ONhTMdzG4Ol4/0nBqZfdYA3LVDeSSNIJNF5jlaKXXFHz1EJRem
   TYDx+f5bfCVcK2Qs8fU9jCFBlATjMu9O5rgk6nMLRwEnJZuZ1gj2tWQvz4e9yo5y
   Uqf1PUhOrn3c81MRliUNHKr+CkxgQJal6P3Ar3q4iftJih3K+/j4o194mQ/Dt/Et
   +/Qn/DUFk2FB0rTMcQwJLTEAzxtTdmBJeJpipIPDR0u7UMZLNh/raQ8s3FsbY4uY
   ORt2f5YQlCVHbth4dRa9xa+oRbm7eomNACIbWfkLh5Bzud1+qIfdBMZKaZbnf0HE
   euH0J5LBJeova8EPxWbYMJPrRHzu5gowkIKl+uIxcy8IiNTA9YEoJVonCjmlr8NE
   tYShrIVbicdMNSI3pOQR60MFhkHwBjSU2l/z+4wwLxtzq/c2xKw9yrOZ46ZVLwGD
   Fq8rPwp7/P9r6mDKsbn6jIvGOeH71dMZvoc4lCaClw+hKIzLAgMBAAGjdTBzMAwG
   A1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMC
   MB0GA1UdDgQWBBS6j30FmL6kZW7rDH8QjRMoWoA/njAfBgNVHSMEGDAWgBT+TQ2n
   P8gvpkJmk6WQ1L/RmTBjATANBgkqhkiG9w0BAQsFAAOCAgEANW2Y4bgaB9oexEjj
   6rkGvePtQmXRkF/adVQREY9iZDGTe72ePybVzrfMkZHjse3o7JvXWRIVVztWSzEp
   v5noIOX7lAioGG3wsFTHotTFR0zrYJHXHBcV2Neq4Kx2Ta/TZwD8QnZHAAxEQ1pY
   b4fxwN/A60VElAZoz9zYsbrJyVrfuHDL9queQxPFzqis+7W1BiVIcv4rn0DMQ560
   jTGh4t4rImOSu5gUsUrQaih85XDdOBPxViSNwfVdZJIgbvamudpfEaKsIun/uCjc
   xpNnzIp0rhyYmDeqVat4GnTV7Sy48e/Uvcq71ZWbBYJF4+yW4pylIU2Sh/Uy2sAz
   4C2M71FlFB7qsmcnPRsFFHf+r1NyD1lkVI9k2371fTG/Kub9V0rOz4pvKz4Em5b4
   MUPdDbZOqJ8hQ+atGE3ovFJIovA3NFb0OtnyC4l+kG7dfjqFudOnmDa+Qsya+2YO
   xBZBIRfuhlXhb6Y6Smsk9R6x0jBmcQTPS5ZmvKaTxQCFc53xMdQNAswjiI2L9rw4
   BcqQfVmf/vpoN+VusD/XEv2V0Ixm10YybA7BI/tixh9vwj3fdQXVLy3jSYjVBd5W
   OFPizbQZeD10ElvlLqZZyWrP/Wre7Nmi/gEOnhBXXmo034fFF/vXf0JRpQsd2oDs
   24+4XwZYb8mbM31j7Nx8YvhR+64=
   -----END CERTIFICATE-----
   
   </cert>
   
   <key>
   -----BEGIN PRIVATE KEY-----
   MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQDRzSTksHA20as4
   i9YF2JxyKuz+7xFBb0vHf1y2CdcSKXGE0V07rdgkxkWq+32WYnLu8dMqCuE86x7x
   lX9aODQuDUhleUV+pMEXa31gZr6SJI0ixrQkRBcoW/jxw6Z7CEu3HzfbnQtL6HKl
   Zcf8TP7H3D+lY2v7hafvU0HJ3iSMWMN+M5Bfk7TlWxN6T+VcVO2QI/Bef6tTjYUz
   HcxuDpeP9JwamX3WANy1Q3kkjSCTReY5Wil1xR89RCUXpk2A8fn+W3wlXCtkLPH1
   PYwhQZQE4zLvTua4JOpzC0cBJyWbmdYI9rVkL8+HvcqOclKn9T1ITq593PNTEZYl
   DRyq/gpMYECWpej9wK96uIn7SYodyvv4+KNfeJkPw7fxLfv0J/w1BZNhQdK0zHEM
   CS0xAM8bU3ZgSXiaYqSDw0dLu1DGSzYf62kPLNxbG2OLmDkbdn+WEJQlR27YeHUW
   vcWvqEW5u3qJjQAiG1n5C4eQc7ndfqiH3QTGSmmW539BxHrh9CeSwSXqL2vBD8Vm
   2DCT60R87uYKMJCCpfriMXMvCIjUwPWBKCVaJwo5pa/DRLWEoayFW4nHTDUiN6Tk
   EetDBYZB8AY0lNpf8/uMMC8bc6v3NsSsPcqzmeOmVS8BgxavKz8Ke/z/a+pgyrG5
   +oyLxjnh+9XTGb6HOJQmgpcPoSiMywIDAQABAoICACNXi396uWyCpXVBGSyi8LfK
   w2GupBmBxiI1Mkj4H2LP2G+nVS1Ye7C2NcY311AeBX56/jd23bqFYRERPgLUtPWN
   B0UQyMQsvNpVISm8JR45Sg0xq+bwEXabB7SyYLkZDKgsehxkuCJxZd625pl53vGM
   CKyzst0MBt4qCEsZQM7jpQr9ZLS1DSQV05InI1wKcnp1k2hX2WSZ0nZp7qYbjyyQ
   6DsS4D/MpWFjnGSr4XDttXqz1YghTMHlWNpDCYtPN+3BO4iPnj+h0qCdXZ28jlLE
   czAc+oDKtzPqEmv/TDaKE6Qu6x+VbkBPmG+mkoX4qfokRwCs19CGheR38PxdDx7A
   gySv7K8hM8gFC0XEqNdjt86KG+N1Ps5Sru4QMrf8j9XXNPUvt0M8wsPVeWa5ubkV
   7/h0HIEROOFpEFbzWnhBChPVvFObuuEjl5Jnj3KUEnckQFU07mPP/BpysHo3v/p+
   VTVoo2UkfVvjamnwQOUt3cVlPVC4FzVgkswJa4f75nGmDv8dafyPrCYciOh0qyhD
   5Pw/EBJkKtDBYHaoxtAw9Ann4A5rvZAveLNTPESOMo90pJwJbQcZyq9H+UGVnde3
   9I4m5vHB5izZJI24Yd3fjRRkRf+/68VYKrkI5B7oH73Z/cl/xgEdI1hag4MLv1go
   n8wna4yCX/321YPTrDABAoIBAQDpHtvnvpOaoSjkJHUx4EGJkrp5R/mPfEbzzU2O
   v5pNIcufv++2lsoUVCTDwgp4+7GngqYO5vVyW/AS4pSrDx7kdWpFaUtJUUCcCHk/
   5hYcvvourYtW1NR+XPiI28IqRp1P0L1+P0mUaRgpEcw6nEnc37XEujvTB1M/yF2y
   6xc+kZGjrZTmJeu0V5kkaGcXlAqUv2k0Lj3tEPQR/qj+kMX5hidROGuybNBESgA5
   ELY6QVnpcOyNDyniWq+RIUyBOuXp7DpUbmUANFEEP8lwjZX+HqwTpSjTSFdcPrsm
   orc9FpTXA9ktt1Z0ZxBzUvdcWbUeVsFqL0yICiShE7UxlOPBAoIBAQDmZGQ5roSK
   KY+VnmjIq2+gx8zsMYeliQm0hnKrFw9MM8U+/XOpXlpNHx2ehrGWp/BbmlmrnQaR
   cbLPJaRtWSEywbWnG77g+zj0w+4BdsYyTtGGFj4tXVZhPPo/DID3FPLn9cSv8MIV
   Wjzg1G/BZcxtCDBDRBhwhZHCPOfd0K/S7rvRBq7IsNNHMTGswWGRMaF+M/trZw7T
   sQ0BX+5zZUyO8VNBi/NgTV3yoQ8ynBefRt1dmNa2CKXPT+5R19cBtecFEyhc3yo8
   ryTtM22JzndzA8agQmNPnWmYGivvcNHNikTQ2qUvvcd7Siny6j0+CmFdT9bl64VP
   yRJrFCw3jaOLAoIBAQCQ/1OyShRO+myPsql+U0kQQ8Zeh0kPWTJclFboMf7MePfJ
   Lj3waMvaZxfS9s9CvvKaCSY2YKtL7Sle5bWozCff27Q05jAgszwnkRGxj/AzAwpj
   nCft40UkL7majm2vk+pm6aPjcYPXnqKbcOmBjxJWIoNRkLCDKqw6IOs+zQDRNwPK
   Nb5GhFGeA1pKjfGJddg6+u95uEVmPcRBqQ79/5hUAoBUAW7jNNE5mHmZBO8DPwCo
   tUc82bCojNVkxLxsKPE2VWtWdq+1t9SoevBVZItl2zgWpATHndhQlOgdONoWUgRT
   1J3x1HYewrg1suYOd/GypC17WV4Vw5FS6wopg71BAoIBAQC63vDgTGpauk0pOVya
   b1tSmNzhM2dn4BhMIcU+eqzAzTkO13sKBGrQJQ3cODoxDbSKSE61QN9D92nmVQzi
   WKnxxmb1zS5sw7g15/nTnCg0Q/P0g3QZTZyzsEb1/slYH9jKRnErl+eEdDXu0sB2
   qIBAa6Th2ojMM7q/RrF3HD6Qo20ZpQb951bnZsJ48j2WDCCGAdnLCsNe9zuqQsph
   NOf9BUbXYpGcKgSquPJfxXXvjgYdVcvJyIfc+GNAZQaS750bY6eYdLaIlDMqZk1R
   unLuikCAWni86dvtMEU0qFi0E5Ovp7jWWWNE4CnYSyAzgy3oBssyoG74AQp8addX
   k/3zAoIBAQC8/7DglQGMcKnk4zX+7jCuc0p+qMcd5RdnfBKlRhcWYNRPup9jyDef
   dkXCBTumCHXrIil/rJzP6b1IZZdC4xkheQpLXNUcceAidRWIrTypaXKkmhR0D74u
   ckGiLXB4S84HYmIdw89ZiF0gB0yyZH5mZnqVMojwnGmWqcM2sr2N44bNQMfhD+nC
   SgQmReYKKfMQCdvYMxRLQfseU0pFEOGnh9jAmpn8qWMWxNDmFR/rVl26BXtRPiNP
   imfwWKrYNYhESN7A5/hWcrNUhE4PI+Pjd74npimqs5TDSst2Jc6DiahdaZ6JNNzp
   2PMUXNbfsMCVgZx+qtVNnVxVMiEngPRl
   -----END PRIVATE KEY-----
   
   </key>


Monitoring
==========

If the client is connect successfully you can check the output with

.. code-block:: none

   vyos@ovpn-server:~$ show openvpn server
   OpenVPN status on vtun10
   
   Client CN    Remote Host         Tunnel IP    Local Host           TX bytes    RX bytes    Connected Since
   -----------  ------------------  -----------  -------------------  ----------  ----------  -------------------
   client       198.51.100.1:55150  10.23.1.6    198.51.100.254:1194  4.7 KB      4.7 KB      2023-05-11 12:47:11
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-22 06:00:13 +0000