.. _examples-OpenVPN-with-LDAP: ################# OpenVPN with LDAP ################# | Testdate: 2023-05-10 | Version: 1.4-rolling-202304280615 This LAB show how to uwe OpenVPN with a Active Directory authentication backend. The Topology are consists of: * Windows Server 2019 with a running Active Directory * VyOS as a OpenVPN Server * VyOS as Client .. image:: _include/topology.png :alt: OpenVPN with LDAP topology image Active Directory on Windows server ================================== The Lab asume a full running Active Directory on the Windows Server. Here are some PowerShell commands to quickly add a Test Active Directory. .. code-block:: powershell # install the Active Directory Server role Install-WindowsFeature AD-Domain-Services -IncludeManagementTools # install the Active Directory Server role Install-ADDSForest -DomainName "vyos.local" -DomainNetBiosName "VYOS" -InstallDns:$true -NoRebootCompletion:$true # create test user01 and binduser New-ADUser binduser -AccountPassword(Read-Host -AsSecureString "Input Password") -Enabled $true New-ADUser user01 -AccountPassword(Read-Host -AsSecureString "Input Password") -Enabled $true Configuration VyOS as OpenVPN Server ==================================== In this example OpenVPN will be setup with a client certificate and username / password authentication. First a CA, a signed server and client ceftificate and a Diffie-Hellman parameter musst be generated and installed. Please look :ref:`here ` for more information. | Add the LDAP plugin configuration file `/config/auth/ldap-auth.config` | Check all possible settings `here `_ .. literalinclude:: _include/ldap-auth.config :language: none Now generate all required certificates on the ovpn-server: first the PCA .. code-block:: none vyos@ovpn-server# run generate pki ca install OVPN-CA after this create a signed server and a client certificate .. code-block:: none vyos@ovpn-server# run generate pki certificate sign OVPN-CA install SRV vyos@ovpn-server# run generate pki certificate sign OVPN-CA install CLIENT and last the DH Key .. code-block:: none vyos@ovpn-server# run generate pki dh install DH after all these steps the config look like this: .. code-block:: none set pki ca OVPN-CA certificate 'MIIFnTCCA4WgAwIBAgIUORUZbBsuy0QupoJFJgXenSJ9AQQwDQYJKoZIhvcNAQELBQAwVzELMAkGA1UEBhMCR0IxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAcMCVNvbWUtQ2l0eTENMAsGA1UECgwEVnlPUzEQMA4GA1UEAwwHdnlvcy5pbzAeFw0yMzA1MTAxMzQ5MDlaFw0zMzA1MDcxMzQ5MDlaMFcxCzAJBgNVBAYTAkdCMRMwEQYDVQQIDApTb21lLVN0YXRlMRIwEAYDVQQHDAlTb21lLUNpdHkxDTALBgNVBAoMBFZ5T1MxEDAOBgNVBAMMB3Z5b3MuaW8wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCsL2Xui58HXpl+jreqRxYfNDx1ER7umJ0iPw2dyBuJhP1Hy7vlwyZRvdRQd2AexK1BU2lTkYMWh58BU/dxmnnVhfwr34wUYP6Cs10tKhOxTNj/87wfCBU1sCfvO77lPSNP9q/Ad7ZCF3K5Aruc6yO7i8Kx5mR9wysgNaVQQWCsZHKB91ZsviIsK51rVYNxF9WDxAP0Ms0pO/faSAFf70JbMG2jvRTAgQJ/+R+XXB/Rvg3cJrTYeSeFn+9len5N4HQgraw3tq/OLePYaZBew7a+GZ7YRsVdJbwq2Ch5lRN/jZxAyv4WJoMNEGJvb5I8pj/F3ECg6NcEmXaSnRXIO6eaq1v/huIsxNnWT9ns+/JB7OBDmZ88iMKP9z37X/AMwLKhcqjMGE9tR8zOMld2vqNgk6bhBzz28WJ6FT3bI30RT2fq+mnvS7rVFVyCMlruRg8jIkwa0sictXsO8rl+5i1L+44DC+L7YIlGykAMhc+V1AD3nXRz6sQH6O8Esr5hS2t3zEjcQ/jN0amlAKs8KLPaYh+Ui0E1gx0H7wGfVEVQ48IweIrRrZ0h9BG2i/9eHaM0kQjUP+I+P00dP6LdOawLWhzNQ8+9ES+1EAP088XpKK4jw9m+o6goqaLqHN0QBrfW8wSyMFE4wYin3dYGcykWqyx6Up14DGbF0iBCKSRVQwIDAQABo2EwXzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwHQYDVR0OBBYEFG1bKeDc0O/cCwaarX59BCMSJDujMA0GCSqGSIb3DQEBCwUAA4ICAQBWI+p8tBzy6CO8ImP5DBQFwnVBv+6T59na2JrEq7nZk0aBITWh9PRp5w+ZOe+cL9jHZEJNoaSjq3/bkF/CSKCIoa0YiZX/MAs4d/EnttRhcudwgTbE6q0tIKDLlxoYI0Gpo7j48W1rPd0FKAc7igy4eQKOwDmqqG9gVmNTyyrT1pVvaic7Ok/c1QmVOEub0f7kW2EA4Zk9+HUVGHYdp3WfOX8QCI5nTrAO6YJrw+d1BUly6krnb7NWDkWarJ51e6TAR1dz4zp++jhNVssEHbLQyA7+HzWnRSbxYndxCPBnoXjQRwx8/3uUubj9l3CDIb1424D0sm8TNslhElD41/Ir1uQ/RRt15O1CKQJg6mpvDtgrOik+vpUMqBDYGQ38XgqzHYV1klCjo5NlNP33TRvlQe9B6LtxzBZvoxBfxYDIheSRdPbKP8DEHZ6z9d0d1Ubo/waExlcrUfBt4bbxNebsx9nuvVl8hl0R0iEInMjN3jaPrSrUEsPcXpBVL+VhzuWG7zTfGGUVIB+5UC/VCiFP+9LPqsfgBvXKIfIlj2dbLJOsoxZrJtXq7Jvdn7NqFo7vR0hw+YIzmnCFAGpTx6yuWpjuf2y5dY48iTfMuP2vUoGRxoO+8wFQONj4psAD524SnOpEwYw+3fuw+P5zC6hT9y4XkZKsEnu6nJjB8T0BlA==' set pki ca OVPN-CA private key 'MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCsL2Xui58HXpl+jreqRxYfNDx1ER7umJ0iPw2dyBuJhP1Hy7vlwyZRvdRQd2AexK1BU2lTkYMWh58BU/dxmnnVhfwr34wUYP6Cs10tKhOxTNj/87wfCBU1sCfvO77lPSNP9q/Ad7ZCF3K5Aruc6yO7i8Kx5mR9wysgNaVQQWCsZHKB91ZsviIsK51rVYNxF9WDxAP0Ms0pO/faSAFf70JbMG2jvRTAgQJ/+R+XXB/Rvg3cJrTYeSeFn+9len5N4HQgraw3tq/OLePYaZBew7a+GZ7YRsVdJbwq2Ch5lRN/jZxAyv4WJoMNEGJvb5I8pj/F3ECg6NcEmXaSnRXIO6eaq1v/huIsxNnWT9ns+/JB7OBDmZ88iMKP9z37X/AMwLKhcqjMGE9tR8zOMld2vqNgk6bhBzz28WJ6FT3bI30RT2fq+mnvS7rVFVyCMlruRg8jIkwa0sictXsO8rl+5i1L+44DC+L7YIlGykAMhc+V1AD3nXRz6sQH6O8Esr5hS2t3zEjcQ/jN0amlAKs8KLPaYh+Ui0E1gx0H7wGfVEVQ48IweIrRrZ0h9BG2i/9eHaM0kQjUP+I+P00dP6LdOawLWhzNQ8+9ES+1EAP088XpKK4jw9m+o6goqaLqHN0QBrfW8wSyMFE4wYin3dYGcykWqyx6Up14DGbF0iBCKSRVQwIDAQABAoICABBB3L90WlxmmlqLMhyMirJWixtzNYxJ8j2As5HsChbmwh1XHKjEehKUuFOtTxuImWKGHsyU/B9n8w474IH5l7rz5CE7rFe46BRCHYWSp/pWav9mWCLxRJi68az9DfifWFKyqYR5fnFovQcVPXlC8FmYXWvQ+OMGRu+gcQ6N+wk75giPEw9rDQHw+kjfRuz/gZmSgTG7jDMc+47AvAnT/DFs9fp+81MmZdcxwpcBdpWl+rFdzDcg3/zrYr3zngekrizvCPLXt8C2r4EdnSkoFHyIIb8s63HwiqmG8Edj2SFIJx0tArw9AE7+9t8BAKSOU+N5eMwDQANUqWU4Gg2Q/bGNX7G8E9nm4/DvGarNjSitVaLeLeJqLxSOz2jmCq1rvi92m4sY42kAhM8JXTfN5KnZOF9TUumm4CbzO1zuP/E8QFQZL2BJCpYKIKJ5fNjDvHMSehodGxYV3nbmfNqQpFq1I33OwDteJf6mjEZVrbF3CutM0+lDXeR+Vhp/6MeuDC4FJ0ZF2Ixpw0o3OBn9Yb808TwAmLgFGycTD1OFujvR0K30fhwJ2HPkUnQmErUWjuCZ/qlohmX7RM3ffioq7LyeeHeSykwrd4v2BJjW711lLvnp1Stfj+xLO1RdbKjh6q8TxJj9+NHAvVguPVNGkvs5o2UAfE1bvFDCd1mSBxFVAoIBAQDTMXs6xE/RcSlecV544Pq0NRYMidO3M2cqox19vxSJf1U2AyPYD5SHeDwyAwMP6cJ4kd8rK4yoXWruKpNSt7BAvy0q0TWBjFsbTRH6aPsE1S9hyIXj3GKoBt6j1SzNiIGsU5V+t0c7JTTCbxnvRNfhFth7Kqymh/37NIDm+iE/HILA/yBfafvQF/a3HsmwdkcvWiZLNIVYMGZsn5G1eNfJw5M7m/15qYBDf6iV2bCuj+VowIDLHh9jGyNyxJ0u906De9w/0wiD50Bm8G31W5dIsz9UzBHBKwTe9Ubnd4cearxqpi0Zc7EBSNJExR8FGeQJ/5QFGWabKLm0VzRbBbHfAoIBAQDQt0WfPgQ5Gw5bfpyYygNi2snFSkkFkf9Ch2SOhWrTLGhmFlhBTdd4wjIUyNKuQe09keKhPBrMc4yMLmSQZTKocry2ydzOqXFq+ECWhVixvbp0nFpH1ClMh5EnabbLcOAQdZyysy7/Lt//L7pKTpFuJrk9TxAzLRa5QG8tussJMNC0xJxCYc+rZ4087JCxOFEwbCArIIqqLQu3CEmURdroniNybHIArAyPyHkbEDvEusuPU/uk7jc94djbM6s2BN9Y8gOWbw7K+swm0NCUH5pend1OHIMlI83SfEjCjFzwrRl+VhcLjRhCW9UXUV36LI1hQ+c9FfGSKPY7oyRu/LEdAoIBAEO/KLeWR8B423tnRJXkHaf3K4aEI/0tqRd9UbWHuS/OP+heo33oqY23XR/x5WaSZwbETGGNy8YqiWWzFKVBNXHfob6Nc+uFuagNVgoM6REIzfVBHOoWRTN/WKYXeRLJikdcXKVUZ64qZj1E5H3jiJi0+mawLsgQ8cFGe18ct9OF8s+0R48z8Uo0lbjyUGKh3n3rHkObqna6t/B6U4RyKk6XxUAm7u27GOEOL2c6eLnWgRHURrxhglIJX5quRXnObUoyTlnO+XlOklMzJyLA6cuxbExoVf2wLhTTe5Y+uoJgXOadPfRfL1WpJYJX9XZucr9eU/46wrZdHw0huDLGpeMCggEAWgwoMor8IXMl352hjF3j1huU39Sr6oZRve9SGBdBvngzVpAfZZVi+Eu4dbUrCFmTNHQjdfLLkRftNHGzm4S9tWVDPA2dgWAjecY/f3FqkczMjBEE9mZ3pvf6TSnT3rQFR7SmdYbPKPOdWqjJ09NP9VkppGTfFWVHn4dIME+d14pDESqeTBmNEmNr0TQzPPKSPLT5sAGrMb6bhk1CCYGV77SCkJRvHxEbnlEcxutbDgaVWnIeaMsJ9F3jRLdnD7hMcECCAb5KgJJxz/FZe/6iiF3NpCyy/CwVWdGbRqxuULwt+o7EBIzMQZ0DM7s8M3pTSPqV4on8HlYj3hkF2AiXlQKCAQEAl/1xRGHZ1yGkX812AVfy4tZaPImhGcM3tQdBvfAIuEWb6veoBC50BoCO6hyO5yEHQWWniSDcueIUNJuRxOHES+UUV0c7JtI5BaTUYiMuFlYoAJoUann9fpMnxRdKKvWNyVg/j4cLjO5jcYVLfQAPGujJyPAPlWvNZYSuRHcIWs+bX1hsv26047gAmOHlxkvgQicD805AX9G02pHTpoYF436HCSneOrUm6z3xKbVJCKsAGgYch67R1rC9Z8USLRB5mKZ8G8LPQRKjgW5bFM8oDUbmcmy56LKQeOEqC59LGClEWoYyR6vMQBXPg7de+2zzQyh+zk1paXHc+s3p4vc7dQ==' set pki certificate SRV certificate 'MIIFtTCCA52gAwIBAgIUZJNkauiY/nr9YRSXB0LGtSaCay0wDQYJKoZIhvcNAQELBQAwVzELMAkGA1UEBhMCR0IxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAcMCVNvbWUtQ2l0eTENMAsGA1UECgwEVnlPUzEQMA4GA1UEAwwHdnlvcy5pbzAeFw0yMzA1MTAxMzQ5MTlaFw0zMzA1MDcxMzQ5MTlaMFsxCzAJBgNVBAYTAkdCMRMwEQYDVQQIDApTb21lLVN0YXRlMRIwEAYDVQQHDAlTb21lLUNpdHkxDTALBgNVBAoMBFZ5T1MxFDASBgNVBAMMC292cG4tc2VydmVyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAsSiZK5zaOJrtCiWAsQFZaGtbAOM4xzfwW871A/p1cfmEsQ2sso71TVY6j2VHzN+LyZe8nfyUK+tTx0PrkoHaH3e2S4/3hqiPFhedLXffjMEqEfTfYjNLyzFc6Zfmez4UB+ehLlSWlOkhqIUTiWVz7HyI51C68vYkH7jpgkM8AZta98F/SbgvViFZAcrq3Tq8zO/lrd9/8heScYAgmBLxklKXxYW2GDwBFOnbITz/nFSgg8w+Y3pDPOnXe7H0aufI5GK8SvuxNK2Is8g3YvyF9UQwIJPZYy2Pn8Av5i/GHZC0qu/d76+18OdrXELC5dSCyGfqj2DQ/SJXPqlgwgVBqPcp3lhoycD68aGf+uedu6aWUldglYlij8ubxIL8kHnJK32MDoIGq5wDwdKBmknLkt+ja3uOG+9lyjbh40im+u2efkzK0cVBfJzOQQhs0cSbWSjhebsvzFZGg6G3gGhnRo13s2DVJJKm+5VruUFxmRRgTM3TpKz/YZHvtapfyOiTs63ezG/OR1pUk1u2HuFDmfbY4ytAWkJrjK1R9ap9p0t9QenXgHAzPd/GudYnJ3FS0SUrjWswbg5HrhZupjvP3X04pQ0LRfU6VimykyXBeP2qd2wPDGywIQmGG+O0lnWo4GZcwHbFJOq/eGCvMFMWlY+Wvc9bPCCgsFOcn8aM34sCAwEAAaN1MHMwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwHQYDVR0OBBYEFFnsRTERh8wQZAHlQE0cvQgINyHmMB8GA1UdIwQYMBaAFG1bKeDc0O/cCwaarX59BCMSJDujMA0GCSqGSIb3DQEBCwUAA4ICAQCY/ZezExvFSXU3Y+vKHlL9AJp25yaVn6MdQmpX/YTM19HQcL64MP2M0uMTUzi0OlG7WP3Ka5wYH+3R++4VLPqygZ5DArFxtv34matKQVTKmf3S+0iVReLqyFBfTlvHBXXce+ksOqyHrg9B0teND7wNmpbL/Dzg41jacZTeWAY+8PShDY5wVFfp3MJt1Lm19nNcMbe/hMeffBY2CQgGx3Lp7YQepxwGhTxf/w2kNBjVUXkXqIGNc9/cQMU+HWnMGTMa1XREXAH9dSM7ME2JD/HKIPNgVkQuXs7AsGCbCTrXfIjEv7/4uSE6cMM/0WoU/Cj2gddnLsHcsrBu0WfoRbeR6+ZCeoDDz5ZRnGkkOXFldRswZRun9gh5MMjcHw3y4zeGm8YwxIDA6GzE03D8ROFrFiCHqylkCy8kSP/B0Uw5Nu8WuQPN6RfX90RMKf+BwHdipqL1g30ILgy6yZ2Geb9zJfwGoN0w1IKesEubJwAXp1iyujwPH+QvvH3HK0p83hyiHpkRqKWs6xTEPdtlDEf+w6bKO67yySIpdSlBGopNmG/1Y5gXheMcIUu152VuwJRxdyld1RmN1vG/5UWZqwO4XZJ8CUO5VWMDtCOOUOIezuquU0d11Lj0cj/bKnHcW6V7YUIWazgJLnrA9aYVfN5ErKWPK+ceQeLf6mhStwLcqA==' set pki certificate SRV private key 'MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCxKJkrnNo4mu0KJYCxAVloa1sA4zjHN/BbzvUD+nVx+YSxDayyjvVNVjqPZUfM34vJl7yd/JQr61PHQ+uSgdofd7ZLj/eGqI8WF50td9+MwSoR9N9iM0vLMVzpl+Z7PhQH56EuVJaU6SGohROJZXPsfIjnULry9iQfuOmCQzwBm1r3wX9JuC9WIVkByurdOrzM7+Wt33/yF5JxgCCYEvGSUpfFhbYYPAEU6dshPP+cVKCDzD5jekM86dd7sfRq58jkYrxK+7E0rYizyDdi/IX1RDAgk9ljLY+fwC/mL8YdkLSq793vr7Xw52tcQsLl1ILIZ+qPYND9Ilc+qWDCBUGo9yneWGjJwPrxoZ/65527ppZSV2CViWKPy5vEgvyQeckrfYwOggarnAPB0oGaScuS36Nre44b72XKNuHjSKb67Z5+TMrRxUF8nM5BCGzRxJtZKOF5uy/MVkaDobeAaGdGjXezYNUkkqb7lWu5QXGZFGBMzdOkrP9hke+1ql/I6JOzrd7Mb85HWlSTW7Ye4UOZ9tjjK0BaQmuMrVH1qn2nS31B6deAcDM938a51icncVLRJSuNazBuDkeuFm6mO8/dfTilDQtF9TpWKbKTJcF4/ap3bA8MbLAhCYYb47SWdajgZlzAdsUk6r94YK8wUxaVj5a9z1s8IKCwU5yfxozfiwIDAQABAoICAC+4fWX7lua3iNF6X6uObvyLKpTXICS9wz+fxG1BaqB8c4tT4SiqDJa7+wNEZ25e6yMu/e5aqrkX51XeTFcHJm/iidbZ3XXG8uAjFUI5r5yVLdVvbjrgEXMXBW2g7sNU6gVlFgxKWdOb5uajjistCmhx9VjF7M3kkr9+ylu966yNIhhp5XVAqXOcgQLUG6bjGxdjKa3H7gmS4u4y8tS0CaF+IQbiaTYm962f/th5u2rret91xXp7ZSBD5zkZKvsfG4S1uf3Cxa2obxHqhUzjM9xo9UPZP64RCEaieOSbCtVM9PW0rkZRwQM2+zr7es95Co+cOllL3Y/KT9D/xCIPU2uSrVisdqi3TPHOn96GOlYvenIMsIauuR1KI2Ai9H380xVdFUv655eJZ5ASIosr8AL9hOxZNV/VeYHPWajhSa+P6MFZx4jFeXIbxt1BioeL6izbmFdxTgYDAhjZGWw2irnBuIcM6j8r6xom0Nfa8SbTgkf3M4yjYk4MP+rkCW8jhpZMqcvQPpWCbq5HEgNIKBrxkQo87Rphocn4KuxZ70lTpPE/4iOABadqreLPYqp9VTd5bvApKCdFZdnF9DdoHUBpDbNqbj85W8E2WMCJBrZZfTUIV05klQ0JM1cbQXyRz1BwhvuGDxEP2nQRQYbWeBfbDg0tXBuIwOZqIp9Om/kVAoIBAQDEwjW8YDAjKbgOvcd18pGG7E8xB6s0Tpo3AKvOezg4Z1yWeCx4eM6kKXxsHBAHb1fpxL0mkDusr0NgZyW4EuTl+EdQHu0i03YfayfLMSKLPtcqtamyPlCsRnHw6TdfblRfVk5URpF656M6fIKXokc/4yhYOCAWGHPQWgZpWeOlWtTMKRiDqJGO+VbRw8rNBcq5i7hnvH8ESLQrwS4EIOVvmdypod4UpML26EEfNKJD2zaMLaMMqbMGt/q/HUIcB+PRgV0oaM4HB59DNrdFbeZuU3PEXofU9uYFiv1MJzzfVPVBKjEXuqUDe0R5Op4K0KasdqQop5Oh55NxGxb1JttvAoIBAQDmf6c/xz1hjfOTGxZydgD210GVYEFB2EdZnn47TuNXOjPFk8FRva6qU6txezU7DmF356jE0NlAWgD6SoFtpqSKbrxrvxPjGHOYS3fXHD6FK9vlv3jqcoiQBPy2KP59wpkIpcQ+gKqgR/nfaWvfOb3IfqER6QtqvSxK5hInbj6xcZ32cCeSAEG0EH5Mh3DiMuctwZY/l1PKCvt0fn5N0KBvLMCTZBkqQcTL635yLMgDs0PtkKzf8k2FjCjkXZ4nYoQcZ41/bzfnxjitzGiSYp6V/Oq71ZKjjNyjEBOoFRXY1THVpONc1Afct2j54p74mKxcKZaGF2Df7xszvf3TgR+lAoIBAG95QIyLSnqBhmADsV/nn/97Hpq+p4apCcIjxTLkqMN7+/7b8wYGG7zyLCXr+EDeGka9ShTxHn4Fhfy2M66INdr8wRppixxyBbhjM1ZxbgrJ/YmbBpuPppEUEDXXS6Hrli21bgddO8sQNXBLXomeTROrFQ52LeeWzva6KmvBm7HxNiK9HcBp3p3MMh4B+YISx/o7aKyNJME+l6U6e2GnaZXC7DvHE1VKy5Krn0mYvl4Hcm4U5Q2lj2I9Ffj1EKFk7vOhgTAFwMRG0zp3Y3oYe7cB3NLiY76Ka2O0jTF6AYjeT10uFEZHXnoMeozcYvHpqKSJSxQlbQULeINaP7WA4E0CggEADy4A+bZJWI9cpyd1hvw2fAsZCplYMtnneQNzFLzRRAFVP4HHjXaMdjMka0jN7KG50Ye0GaIXbKGAxvr5IxuCYouAZSgkSyRlGHZ/4e6+P07wIGVHtUjtrW5mpih0+htCsMsZ7XPTyNJ0pj3vGLhYw0dznBZY5iKnNBeKwoYEIvN0j7I7KOZTbWRYrPmOeZcYmm7RUkbJAdlPThC2iLFgn3G3DP3emmXSbAuKPEKuuW+o3ZBVkjoG2PCuELwJmlZmlOhM7UOJzv3C5c88Y8eS4hXR76TVD2hLb4GzibI5yhngOk2tm4NrMSHzC+Hczkpfr4Ido58OhjDc/b9ZZABw8QKCAQEAlJNCdC5rFwg7AoHfobbRnpYjs+avaLUj6EV0AAqbSFM3+o3UVOxRGkbHqLm4DqcRRyMoRXxgeKFx5dInK9rrVGRaoTzE7c/Atp2N7SXgodz3jrcPhTHqF1Z4eBjbwvNPumYK7N2U8PtV4OTvihUSpPRN0IgPuGvo9OFVuKenag1rDu1pZlxOQ2uuiostAkdZ6qS45tf0rjCjcpq1DYqgVm785GXCgBMZATZyLzg4nhDpoKWIZevFFCek1CAO7s9X1kHUin/uDutX/lvWMed8TpP0yD7IZ6yh3CYD2Nus+8P3Mla6lMrwyY1VJzq7wXGr9P6u47tUcCgjyRT24EHjlg==' set pki certificate CLIENT certificate 'MIIFsDCCA5igAwIBAgIUXOnWUTwh0zWkUX+LTlftlfkEGqAwDQYJKoZIhvcNAQELBQAwVzELMAkGA1UEBhMCR0IxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAcMCVNvbWUtQ2l0eTENMAsGA1UECgwEVnlPUzEQMA4GA1UEAwwHdnlvcy5pbzAeFw0yMzA1MTAxMzQ5MjhaFw0zMzA1MDcxMzQ5MjhaMFYxCzAJBgNVBAYTAkdCMRMwEQYDVQQIDApTb21lLVN0YXRlMRIwEAYDVQQHDAlTb21lLUNpdHkxDTALBgNVBAoMBFZ5T1MxDzANBgNVBAMMBmNsaWVudDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJgTHdmee0dFlbohSBF+Xy8XjWpCKnfXGNgr9JgU9+lzQ8SR+Z83XcRocvJXasSf4gDZK05pGhyXTx9KzTaYAZi1ZCK4pZ1fXZ+TdHgThLdLW7h/xDF3WU0omydCGiBkua3kldcRfhPnBYrWZwvHkeUOYNybRezM/fIGpnp74+YBXybGZ8YRLmRhc/j1QDJt0DLvVxfb6YkfU/vuSLnPtu40Ye/EsOhuPcStC9Mmctxx3msZH417z2wWQNvY926ZUQCXophkkhNA3kxUcz+gdV5ECCO+KPa7r305olFgv7c4KSNih7MmYBEyKMS7pA+CF9etEJs3VmHT9avGtKvDMW8XhoqpxTWQ15CNaEFGTxCejPuI+nFCoqtAN9Y9O/A6rsLuM6EuaDX2qjSUfDMnUVVclE7yL8JDZEOQZw970Mi+TnhbXfYEyvX8HJLk4Vg2JUc67jTDRiQfgWuJHiaPyrYX2ssP8LU/oOis638mHo+7YpJCSeqF0R4m6lSiQJNOz8knawp40Uu1iA9RqQrYT8MRt2quCRn2aUolvRmNB4dHS/2TUdHChBdDxylLzbFtZLkCiWwKKNvu3ZjxMua2AjYe904r+S4duow4MxfKUFsoMY6GlscGeReMXJVVx2i+580wF/tn+3k/9PUS90FoFhQCidfxib/Eo4rOT03awPGBAgMBAAGjdTBzMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMB0GA1UdDgQWBBTTt3dGY9D07BI8V/0QmVI25bC+gDAfBgNVHSMEGDAWgBRtWyng3NDv3AsGmq1+fQQjEiQ7ozANBgkqhkiG9w0BAQsFAAOCAgEAKz+MT9JlvwUope8xrUuf+6s/fyiAvmQfGOAN6aBVyxO1+ZIAau6CXGJ9/MaJKF/Ju+V2zTpBVz2bFNxPHceY1z9rtQb0l+CG4elcsQY4vhouvDH+HoI8rP/jzFD25zsUmAlMaTZuLWU4WnVT2WhO5X1GZFKl5fT8ulyLx3rcb/CaiC6Kg+yi/tktFgpyWyjTMSVp9QBGYRudKVwKx585nb5a5Z+uLYBmYcYrRQvLWSQKGLb84qE8gOfek47FZCfoh7rlLpt8prFIW60xEarR4Ul/1xhs+2AqMw3mHuQrIxJgHvKoQHBkS/RadsRWglWasE0qm09BtoLeso1hZIXO2O830jXOYEZEuhE63iIHxBZUEUpurXt6he/IBL1l8UuRM6ArHtDo2awlnWlLUz34e1pSzLAtSfS9Iop+zxt/UDQtMCW/a2MQGB7m/kgCtICC0p8QsuGa8k/+SQOtTI1VAj/dJ2O5XFhfFYgDtT/XXa6o3nEmWW+KTtggcvGIyP0Huxq+6ShxrwKkXI0nWVffhVafcIkJnsUYTJu+Cx4KpilKV6+lzRQhK7UHfS0hErs0UQoZA4Fpz2uWukNe2fezl0IJThWPklGKOYriZyKb4i81i3occ1+9YpzKUrBD2ZI+t0Exp73/cfuQbiCOiIu80S44myiZMfD2OPvjR0lBSoE=' set pki certificate CLIENT private key 'MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCYEx3ZnntHRZW6IUgRfl8vF41qQip31xjYK/SYFPfpc0PEkfmfN13EaHLyV2rEn+IA2StOaRocl08fSs02mAGYtWQiuKWdX12fk3R4E4S3S1u4f8Qxd1lNKJsnQhogZLmt5JXXEX4T5wWK1mcLx5HlDmDcm0XszP3yBqZ6e+PmAV8mxmfGES5kYXP49UAybdAy71cX2+mJH1P77ki5z7buNGHvxLDobj3ErQvTJnLccd5rGR+Ne89sFkDb2PdumVEAl6KYZJITQN5MVHM/oHVeRAgjvij2u699OaJRYL+3OCkjYoezJmARMijEu6QPghfXrRCbN1Zh0/WrxrSrwzFvF4aKqcU1kNeQjWhBRk8Qnoz7iPpxQqKrQDfWPTvwOq7C7jOhLmg19qo0lHwzJ1FVXJRO8i/CQ2RDkGcPe9DIvk54W132BMr1/ByS5OFYNiVHOu40w0YkH4FriR4mj8q2F9rLD/C1P6DorOt/Jh6Pu2KSQknqhdEeJupUokCTTs/JJ2sKeNFLtYgPUakK2E/DEbdqrgkZ9mlKJb0ZjQeHR0v9k1HRwoQXQ8cpS82xbWS5AolsCijb7t2Y8TLmtgI2HvdOK/kuHbqMODMXylBbKDGOhpbHBnkXjFyVVcdovufNMBf7Z/t5P/T1EvdBaBYUAonX8Ym/xKOKzk9N2sDxgQIDAQABAoICAA4nLuhOc620TOHn1nCEwNbXcjQfi7R5VcwXxymr2RvzO/oPr3PBPN5Nh2+FC20L1J/i/KdNaJgDMvw4EEI49ZXg2wlqNhIGSpnSQnNcaaxML9fLa31CqZJ6dkbtXXro6BwsqA9Xuh9sqQ585rxpBFIVIcmjDJs9w5KVsNyF92jnQfpDWjjlgQ2BjlmiRY+/IMwxi/r7kgM1FOVfWon3sJ0AGtWsPUSpSEfFTR9UUDmyjt8lYiASRw5WdQ6g5WJExyeiQe69FjIDH803Yz4Nym6NliGLDjGF646tevnoFaxqsyI8BmITbu4BK48nrkMG05fUeQIURw6Cu5xf7JE7Vzgy7mBwujtkEuRmXz9LsJTaWt5I/sXDUh0Uwe0BGYj5O+8MB7yzQFBjhv6pLJZdySSVgSlmupbwtY2BcV48KuvPkzKngHXR8jA6p8XAQV2Xq2njQLsOKJrgEhbIp99h61ao5K6gtW056hSN4q01YA00JQZGKZRviUOuQGP71SNDPCl3uvvElVwBFtfEYV12VzFKye1fF2CcRThCEML91Qo/IueqrNEBVQHxnCO7R5uwKSkXZNJ5pNArMsAdMfLzXApDF3Dcctz/C9I0RG18EdtoW4RjPxEZ1wXHGVkvCpUCwNImsvxWOy78klnfEUyKtOCMdnn1flp0CiZzjGAMSiGbAoIBAQC9ZpY4XZ4v68KnaHyiqKjNQDU64wrONGK1XrMSwOl5a6Cg8S3n3d51E2AguFKilKZ1LJ721WGdEIO4+J9nFKvXYUSCl711cCh+njyaE3a9H6louFVZ2X3NxjLUSJtqUyBEOE/NzNxhTt9BoiiR3cKUmhLLlYkHmLnqBv3jw4Trl/rU3rDemAf6zOB0eXKM946qjQpfB2LsokCWWsOhnT1XBcSEvkHvSrWv4EH/6IDFAROBGtlCW2C8BiosRdpj8thsdnW1lvGAvHs27nLMXz3/NNBX03dlA8YRaelml0EDo0IwrXI7/u4Zy8wL3gfn/NPr0ST3jXz9K8nxvohPxwcfAoIBAQDNjIZs/HT6Y2rTMH++rC3ZNfLUm/3aNsVl1TB8nkEvfBQHU5HEyqqeE4d/b3+7bRwWhVpfNHLerMV8qNr8iAjvpeL5nvnmUPHLT0CpsI+wUvOlnluHGsCfyLWDNVBPcDL10scediYMkKGJGiQSbl355JbIrYxA5AgA7qUGcLQ7mGmwzXyJgmBMOJbDyYvoezh4iogWxC4Clh834UgmGWJp2Bi20VuqF00HClN+z1QELQN2Pu2SVK5XTlfXmuYHc3Bi1xvD2KaLyqT2BtWVRS9RDG0LOzgOAnG9Mx7SEtPAnRhpydx28HWEwGaFKas6QaIuDo92Blpo40ti2Yav4hNfAoIBAQC0m0SYDz2u+KQvuwVOnoII5zdbJfHB3FZcGSettGNus2EC17ksp3dgMM+zo9C41AM/LQOQ4L0qZvsUwZBPXXjX8xq/ZS7287LJut6TFgheI/kJsO1CtpCuTldd8raw1v+nzgLbfoSQDgP6tET3g33u8lUF6Vw38D0omu4z6NexSMWZg5kpSdQiJofKyZygK9jRbZj8MTD18WqhdX+jdyts9kUFR9/b7WP/iFunSfCw62vL6uxNyJEf+sjwWtP8BzC1jOiF9p/oYNMl+I9jr1aRK62YckAiBU00gchdWdJXQ7D0dhC+gURPOPUkQ99KKt9yuYcEwNj1GnKBoWyelm2FAoIBAHoj2bEjZuNudgjeVdpYd7oNm6kItJSZXT0ArJowc62ivkgIOaNFhpL+KdLoz27xC/K59RSDlwqIgaVstQvATgcRfMk11WstiDB2fIcY2pk9AXjVm6+xjuqjmnBIGtvJYQ6/3ABW1o861jIg7XRiTsdyNMM0lRXuKm9bX4ZvLDoJfCxKPol7hntkWPooZlGT/t9p+ioFEw4IZK6Q2I2DIf6hITZpO13cELJxSWIeEt+UW+1EwWjllt9cN0hvy+Z7iznAdsgukfCZTuK+9uWHQfGYP6ef3dQ9UZbKrLLJ6zgWYW5jO/UVN8/VgFX6h7vLSnKxxj+s0MZo4d/wQF99KGMCggEACAWOCIerQRC51zo8eXOB65mmpR0nX/VuWCZw4uIo5tVZ47JskPIH9MTyd/OLbHDa3esJjmZawSl0lI0j7p/yY+J9TEJyOCUU9PCDUw+BeJ39/VqW/fyBn8gI1cC3BnPkDf2HnbgHxaCP37sy/aHs7Xn/bNDaLksEDWDblFCQ5tYqGbZhxUNnsx2x3z/aYJVmx0lkKXSA+8rKeAk+OnDHUjlJjpRIcAsQJE6Ni+2cHbYygVPXiFbbKk+2ekNwYkhMZ+DP+t+uY5ZRfwq0jjIrh+5fyw26yG9PoXspGoqPCTcQ9BEqU88J6ziFrxWXbmsYdR1dnKCZXcKJVKqJIFCnyg==' set pki dh DH parameters 'MIIBCAKCAQEArXG91W69LiDsmnDvXjXl9eJzEY0f/SLuipxqYRYdplgWbD3IQlMBtp66onNrb11ZVJa0jkddq3qJbJPZ4mTkb+wGH2bpdAgWx48k+c/JCBSF56NoAHLUhn/+UWHvzfOQOLYVJD4maTxWw4f9WlInANS/B/BQY+Z7zWuEX2F5dnBij5hlMHwgRxq86m4Wm3WNXyux4plVqtW0Htrm0Cl5m+SV04bDA4D5SK22hW8L4FnnPQmlzBb1nRdpolw6SdZKs/bgSfV2wGMfe3Yh0afdOLg5AI2sfgAl/7fCPOXUwaDuqSOkXAEnGqzD+XbuMdJ7947HMumODkOty5j3ysn/hwIBAg==' Once all the required certificates and keys are installed, the remaining OpenVPN Server configuration can be carried out. .. literalinclude:: _include/ovpn-server.conf :language: none Client configuration ==================== One advantage of having the client certificate stored is the ability to create the client configuration. .. code-block:: none vyos@ovpn-server:~$ generate openvpn client-config interface vtun10 ca OVPN-CA certificate CLIENT save the output to a file and import it in nearly all openvpn clients. .. code-block:: none client nobind remote 198.51.100.254 1194 remote-cert-tls server proto udp dev tun dev-type tun persist-key persist-tun verb 3 # Encryption options keysize 256 comp-lzo no -----BEGIN CERTIFICATE----- MIIFnTCCA4WgAwIBAgIUORUZbBsuy0QupoJFJgXenSJ9AQQwDQYJKoZIhvcNAQEL BQAwVzELMAkGA1UEBhMCR0IxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAcM CVNvbWUtQ2l0eTENMAsGA1UECgwEVnlPUzEQMA4GA1UEAwwHdnlvcy5pbzAeFw0y MzA1MTAxMzQ5MDlaFw0zMzA1MDcxMzQ5MDlaMFcxCzAJBgNVBAYTAkdCMRMwEQYD VQQIDApTb21lLVN0YXRlMRIwEAYDVQQHDAlTb21lLUNpdHkxDTALBgNVBAoMBFZ5 T1MxEDAOBgNVBAMMB3Z5b3MuaW8wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK AoICAQCsL2Xui58HXpl+jreqRxYfNDx1ER7umJ0iPw2dyBuJhP1Hy7vlwyZRvdRQ d2AexK1BU2lTkYMWh58BU/dxmnnVhfwr34wUYP6Cs10tKhOxTNj/87wfCBU1sCfv O77lPSNP9q/Ad7ZCF3K5Aruc6yO7i8Kx5mR9wysgNaVQQWCsZHKB91ZsviIsK51r VYNxF9WDxAP0Ms0pO/faSAFf70JbMG2jvRTAgQJ/+R+XXB/Rvg3cJrTYeSeFn+9l en5N4HQgraw3tq/OLePYaZBew7a+GZ7YRsVdJbwq2Ch5lRN/jZxAyv4WJoMNEGJv b5I8pj/F3ECg6NcEmXaSnRXIO6eaq1v/huIsxNnWT9ns+/JB7OBDmZ88iMKP9z37 X/AMwLKhcqjMGE9tR8zOMld2vqNgk6bhBzz28WJ6FT3bI30RT2fq+mnvS7rVFVyC MlruRg8jIkwa0sictXsO8rl+5i1L+44DC+L7YIlGykAMhc+V1AD3nXRz6sQH6O8E sr5hS2t3zEjcQ/jN0amlAKs8KLPaYh+Ui0E1gx0H7wGfVEVQ48IweIrRrZ0h9BG2 i/9eHaM0kQjUP+I+P00dP6LdOawLWhzNQ8+9ES+1EAP088XpKK4jw9m+o6goqaLq HN0QBrfW8wSyMFE4wYin3dYGcykWqyx6Up14DGbF0iBCKSRVQwIDAQABo2EwXzAP BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEF BQcDAgYIKwYBBQUHAwEwHQYDVR0OBBYEFG1bKeDc0O/cCwaarX59BCMSJDujMA0G CSqGSIb3DQEBCwUAA4ICAQBWI+p8tBzy6CO8ImP5DBQFwnVBv+6T59na2JrEq7nZ k0aBITWh9PRp5w+ZOe+cL9jHZEJNoaSjq3/bkF/CSKCIoa0YiZX/MAs4d/EnttRh cudwgTbE6q0tIKDLlxoYI0Gpo7j48W1rPd0FKAc7igy4eQKOwDmqqG9gVmNTyyrT 1pVvaic7Ok/c1QmVOEub0f7kW2EA4Zk9+HUVGHYdp3WfOX8QCI5nTrAO6YJrw+d1 BUly6krnb7NWDkWarJ51e6TAR1dz4zp++jhNVssEHbLQyA7+HzWnRSbxYndxCPBn oXjQRwx8/3uUubj9l3CDIb1424D0sm8TNslhElD41/Ir1uQ/RRt15O1CKQJg6mpv DtgrOik+vpUMqBDYGQ38XgqzHYV1klCjo5NlNP33TRvlQe9B6LtxzBZvoxBfxYDI heSRdPbKP8DEHZ6z9d0d1Ubo/waExlcrUfBt4bbxNebsx9nuvVl8hl0R0iEInMjN 3jaPrSrUEsPcXpBVL+VhzuWG7zTfGGUVIB+5UC/VCiFP+9LPqsfgBvXKIfIlj2db LJOsoxZrJtXq7Jvdn7NqFo7vR0hw+YIzmnCFAGpTx6yuWpjuf2y5dY48iTfMuP2v UoGRxoO+8wFQONj4psAD524SnOpEwYw+3fuw+P5zC6hT9y4XkZKsEnu6nJjB8T0B lA== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFsDCCA5igAwIBAgIUXOnWUTwh0zWkUX+LTlftlfkEGqAwDQYJKoZIhvcNAQEL BQAwVzELMAkGA1UEBhMCR0IxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAcM CVNvbWUtQ2l0eTENMAsGA1UECgwEVnlPUzEQMA4GA1UEAwwHdnlvcy5pbzAeFw0y MzA1MTAxMzQ5MjhaFw0zMzA1MDcxMzQ5MjhaMFYxCzAJBgNVBAYTAkdCMRMwEQYD VQQIDApTb21lLVN0YXRlMRIwEAYDVQQHDAlTb21lLUNpdHkxDTALBgNVBAoMBFZ5 T1MxDzANBgNVBAMMBmNsaWVudDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC ggIBAJgTHdmee0dFlbohSBF+Xy8XjWpCKnfXGNgr9JgU9+lzQ8SR+Z83XcRocvJX asSf4gDZK05pGhyXTx9KzTaYAZi1ZCK4pZ1fXZ+TdHgThLdLW7h/xDF3WU0omydC GiBkua3kldcRfhPnBYrWZwvHkeUOYNybRezM/fIGpnp74+YBXybGZ8YRLmRhc/j1 QDJt0DLvVxfb6YkfU/vuSLnPtu40Ye/EsOhuPcStC9Mmctxx3msZH417z2wWQNvY 926ZUQCXophkkhNA3kxUcz+gdV5ECCO+KPa7r305olFgv7c4KSNih7MmYBEyKMS7 pA+CF9etEJs3VmHT9avGtKvDMW8XhoqpxTWQ15CNaEFGTxCejPuI+nFCoqtAN9Y9 O/A6rsLuM6EuaDX2qjSUfDMnUVVclE7yL8JDZEOQZw970Mi+TnhbXfYEyvX8HJLk 4Vg2JUc67jTDRiQfgWuJHiaPyrYX2ssP8LU/oOis638mHo+7YpJCSeqF0R4m6lSi QJNOz8knawp40Uu1iA9RqQrYT8MRt2quCRn2aUolvRmNB4dHS/2TUdHChBdDxylL zbFtZLkCiWwKKNvu3ZjxMua2AjYe904r+S4duow4MxfKUFsoMY6GlscGeReMXJVV x2i+580wF/tn+3k/9PUS90FoFhQCidfxib/Eo4rOT03awPGBAgMBAAGjdTBzMAwG A1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMC MB0GA1UdDgQWBBTTt3dGY9D07BI8V/0QmVI25bC+gDAfBgNVHSMEGDAWgBRtWyng 3NDv3AsGmq1+fQQjEiQ7ozANBgkqhkiG9w0BAQsFAAOCAgEAKz+MT9JlvwUope8x rUuf+6s/fyiAvmQfGOAN6aBVyxO1+ZIAau6CXGJ9/MaJKF/Ju+V2zTpBVz2bFNxP HceY1z9rtQb0l+CG4elcsQY4vhouvDH+HoI8rP/jzFD25zsUmAlMaTZuLWU4WnVT 2WhO5X1GZFKl5fT8ulyLx3rcb/CaiC6Kg+yi/tktFgpyWyjTMSVp9QBGYRudKVwK x585nb5a5Z+uLYBmYcYrRQvLWSQKGLb84qE8gOfek47FZCfoh7rlLpt8prFIW60x EarR4Ul/1xhs+2AqMw3mHuQrIxJgHvKoQHBkS/RadsRWglWasE0qm09BtoLeso1h ZIXO2O830jXOYEZEuhE63iIHxBZUEUpurXt6he/IBL1l8UuRM6ArHtDo2awlnWlL Uz34e1pSzLAtSfS9Iop+zxt/UDQtMCW/a2MQGB7m/kgCtICC0p8QsuGa8k/+SQOt TI1VAj/dJ2O5XFhfFYgDtT/XXa6o3nEmWW+KTtggcvGIyP0Huxq+6ShxrwKkXI0n WVffhVafcIkJnsUYTJu+Cx4KpilKV6+lzRQhK7UHfS0hErs0UQoZA4Fpz2uWukNe 2fezl0IJThWPklGKOYriZyKb4i81i3occ1+9YpzKUrBD2ZI+t0Exp73/cfuQbiCO iIu80S44myiZMfD2OPvjR0lBSoE= -----END CERTIFICATE----- -----BEGIN PRIVATE KEY----- MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCYEx3ZnntHRZW6 IUgRfl8vF41qQip31xjYK/SYFPfpc0PEkfmfN13EaHLyV2rEn+IA2StOaRocl08f Ss02mAGYtWQiuKWdX12fk3R4E4S3S1u4f8Qxd1lNKJsnQhogZLmt5JXXEX4T5wWK 1mcLx5HlDmDcm0XszP3yBqZ6e+PmAV8mxmfGES5kYXP49UAybdAy71cX2+mJH1P7 7ki5z7buNGHvxLDobj3ErQvTJnLccd5rGR+Ne89sFkDb2PdumVEAl6KYZJITQN5M VHM/oHVeRAgjvij2u699OaJRYL+3OCkjYoezJmARMijEu6QPghfXrRCbN1Zh0/Wr xrSrwzFvF4aKqcU1kNeQjWhBRk8Qnoz7iPpxQqKrQDfWPTvwOq7C7jOhLmg19qo0 lHwzJ1FVXJRO8i/CQ2RDkGcPe9DIvk54W132BMr1/ByS5OFYNiVHOu40w0YkH4Fr iR4mj8q2F9rLD/C1P6DorOt/Jh6Pu2KSQknqhdEeJupUokCTTs/JJ2sKeNFLtYgP UakK2E/DEbdqrgkZ9mlKJb0ZjQeHR0v9k1HRwoQXQ8cpS82xbWS5AolsCijb7t2Y 8TLmtgI2HvdOK/kuHbqMODMXylBbKDGOhpbHBnkXjFyVVcdovufNMBf7Z/t5P/T1 EvdBaBYUAonX8Ym/xKOKzk9N2sDxgQIDAQABAoICAA4nLuhOc620TOHn1nCEwNbX cjQfi7R5VcwXxymr2RvzO/oPr3PBPN5Nh2+FC20L1J/i/KdNaJgDMvw4EEI49ZXg 2wlqNhIGSpnSQnNcaaxML9fLa31CqZJ6dkbtXXro6BwsqA9Xuh9sqQ585rxpBFIV IcmjDJs9w5KVsNyF92jnQfpDWjjlgQ2BjlmiRY+/IMwxi/r7kgM1FOVfWon3sJ0A GtWsPUSpSEfFTR9UUDmyjt8lYiASRw5WdQ6g5WJExyeiQe69FjIDH803Yz4Nym6N liGLDjGF646tevnoFaxqsyI8BmITbu4BK48nrkMG05fUeQIURw6Cu5xf7JE7Vzgy 7mBwujtkEuRmXz9LsJTaWt5I/sXDUh0Uwe0BGYj5O+8MB7yzQFBjhv6pLJZdySSV gSlmupbwtY2BcV48KuvPkzKngHXR8jA6p8XAQV2Xq2njQLsOKJrgEhbIp99h61ao 5K6gtW056hSN4q01YA00JQZGKZRviUOuQGP71SNDPCl3uvvElVwBFtfEYV12VzFK ye1fF2CcRThCEML91Qo/IueqrNEBVQHxnCO7R5uwKSkXZNJ5pNArMsAdMfLzXApD F3Dcctz/C9I0RG18EdtoW4RjPxEZ1wXHGVkvCpUCwNImsvxWOy78klnfEUyKtOCM dnn1flp0CiZzjGAMSiGbAoIBAQC9ZpY4XZ4v68KnaHyiqKjNQDU64wrONGK1XrMS wOl5a6Cg8S3n3d51E2AguFKilKZ1LJ721WGdEIO4+J9nFKvXYUSCl711cCh+njya E3a9H6louFVZ2X3NxjLUSJtqUyBEOE/NzNxhTt9BoiiR3cKUmhLLlYkHmLnqBv3j w4Trl/rU3rDemAf6zOB0eXKM946qjQpfB2LsokCWWsOhnT1XBcSEvkHvSrWv4EH/ 6IDFAROBGtlCW2C8BiosRdpj8thsdnW1lvGAvHs27nLMXz3/NNBX03dlA8YRaelm l0EDo0IwrXI7/u4Zy8wL3gfn/NPr0ST3jXz9K8nxvohPxwcfAoIBAQDNjIZs/HT6 Y2rTMH++rC3ZNfLUm/3aNsVl1TB8nkEvfBQHU5HEyqqeE4d/b3+7bRwWhVpfNHLe rMV8qNr8iAjvpeL5nvnmUPHLT0CpsI+wUvOlnluHGsCfyLWDNVBPcDL10scediYM kKGJGiQSbl355JbIrYxA5AgA7qUGcLQ7mGmwzXyJgmBMOJbDyYvoezh4iogWxC4C lh834UgmGWJp2Bi20VuqF00HClN+z1QELQN2Pu2SVK5XTlfXmuYHc3Bi1xvD2KaL yqT2BtWVRS9RDG0LOzgOAnG9Mx7SEtPAnRhpydx28HWEwGaFKas6QaIuDo92Blpo 40ti2Yav4hNfAoIBAQC0m0SYDz2u+KQvuwVOnoII5zdbJfHB3FZcGSettGNus2EC 17ksp3dgMM+zo9C41AM/LQOQ4L0qZvsUwZBPXXjX8xq/ZS7287LJut6TFgheI/kJ sO1CtpCuTldd8raw1v+nzgLbfoSQDgP6tET3g33u8lUF6Vw38D0omu4z6NexSMWZ g5kpSdQiJofKyZygK9jRbZj8MTD18WqhdX+jdyts9kUFR9/b7WP/iFunSfCw62vL 6uxNyJEf+sjwWtP8BzC1jOiF9p/oYNMl+I9jr1aRK62YckAiBU00gchdWdJXQ7D0 dhC+gURPOPUkQ99KKt9yuYcEwNj1GnKBoWyelm2FAoIBAHoj2bEjZuNudgjeVdpY d7oNm6kItJSZXT0ArJowc62ivkgIOaNFhpL+KdLoz27xC/K59RSDlwqIgaVstQvA TgcRfMk11WstiDB2fIcY2pk9AXjVm6+xjuqjmnBIGtvJYQ6/3ABW1o861jIg7XRi TsdyNMM0lRXuKm9bX4ZvLDoJfCxKPol7hntkWPooZlGT/t9p+ioFEw4IZK6Q2I2D If6hITZpO13cELJxSWIeEt+UW+1EwWjllt9cN0hvy+Z7iznAdsgukfCZTuK+9uWH QfGYP6ef3dQ9UZbKrLLJ6zgWYW5jO/UVN8/VgFX6h7vLSnKxxj+s0MZo4d/wQF99 KGMCggEACAWOCIerQRC51zo8eXOB65mmpR0nX/VuWCZw4uIo5tVZ47JskPIH9MTy d/OLbHDa3esJjmZawSl0lI0j7p/yY+J9TEJyOCUU9PCDUw+BeJ39/VqW/fyBn8gI 1cC3BnPkDf2HnbgHxaCP37sy/aHs7Xn/bNDaLksEDWDblFCQ5tYqGbZhxUNnsx2x 3z/aYJVmx0lkKXSA+8rKeAk+OnDHUjlJjpRIcAsQJE6Ni+2cHbYygVPXiFbbKk+2 ekNwYkhMZ+DP+t+uY5ZRfwq0jjIrh+5fyw26yG9PoXspGoqPCTcQ9BEqU88J6ziF rxWXbmsYdR1dnKCZXcKJVKqJIFCnyg== -----END PRIVATE KEY----- Monitoring ========== If the client is connect successfully you can check the output with .. code-block:: none vyos@ovpn-server:~$ show openvpn server OpenVPN status on vtun10 Client CN Remote Host Tunnel IP Local Host TX bytes RX bytes Connected Since ----------- ------------------ ----------- ------------------- ---------- ---------- ------------------- client 198.51.100.1:40297 10.23.1.6 198.51.100.254:1194 4.8 KB 4.8 KB 2023-05-10 13:52:01