Vyatta NOS documentation

Learn how to install, configure, and operate Vyatta Network Operating System (Vyatta NOS), which helps to drive our virtual networking and physical platforms portfolio.

Considerations for remote access VPN

The example that has been shown can be extended by adding a separate zone to handle remote access VPN users. VPN users are treated like users in the private zone (though it is not necessary to do so). To this end, a separate VPN zone is created and policies are applied just like for private zone users.

One difference between VPN users and private zone users is that all remote access VPN users that access the vRouter are presented as separate L2TP or PPTP interfaces so that each interface is defined as “l2tp” or “pptp”, which means it can be either an L2TP or PPTP interface.

The following example assumes that no interaction is required between the VPN zone and the private zone. This configuration shows each of the zones now that the VPN zone has been added.

Table 1. Adding the VPN zone to the zone policy
Step Command

Show the VPN zone policy configuration.

The interface l2tp+ command means any L2TP connection.

The interface pptp+ command means any PPTP connection.

vyatta@R1# show security zone-policy
description "REMOTE ACCESS VPN ZONE"
        interface dp0p256p1
        to private {
            firewall to_private
    }
}
interface l2tp
interface pptp
..
vyatta@R1# show security zone-policy
 zone dmz {
     description DMZ
     interface interface
     to vpn {
         firewall to_vpn
     }
 }

 zone vpn {
     description VPN
     interface dp0p224p1
     to dmz {
         firewall to_dmz
     }
 }
  

Show the DMZ policy configuration (the from vpn section has been added).

vyatta@R1# show security zone-policy zone dmz

description "DMZ Zone"
    interface dp0p1p0
    to private {
    firewall to_private
    firewall to_dmz 
 }

Show the private zone policy configuration (no changes to the private zone as there is no traffic between the private and VPN zones).

vyatta@R1# show security zone-policy zone private

description "PRIVATE ZONE"
    interface dp0p1p1 {
        firewall to_private 
}

Show the public zone policy configuration (the from vpn section has been added).

vyatta@R1# show zone-policy zone public

 description "PUBLIC ZONE"
 from dmz {
    firewall {
        name to_public
    }
 }
 from private {
    firewall {
        name to_public
    }
 }
 from vpn {
    firewall {
        name to_public
    }
 }
 interface dp0p1p4

Show the local zone policy configuration (the from vpn section has been added).

vyatta@R1# show zone-policy zone Vyatta

 from private {
    firewall {
        name private_to_Vyatta
    }
 }
 from public {
    firewall {
        name public_to_Vyatta
    }
 }
 from vpn {
    firewall {
        name private_to_Vyatta
    }
 }
 local-zone