Supported platforms

Getting started Overview Architecture Supported platforms Release notes White papers

Getting started Overview Architecture Supported platforms Release notes White papers

Vyatta documentation

Learn how to install, configure, and operate the Vyatta Network Operating System (Vyatta NOS) and Orchestrator, which help drive our virtual networking and physical platforms portfolio.

Supported platforms

Supported platforms On this page:

vRouter

Configuration (vRouter)

Security and VPN

IPsec Site-to-Site VPN

IPsec site-to-site VPN configuration

X.509 certificate authentication

Modify EAST's connection to WEST

VNF

UfiSpace S9500-30XS

Physical uCPEs

Modify EAST's connection to WEST

This task modifies the connection from EAST to WEST to use X.509 certificates for authentication.

In this example:

The authentication mode is changed from pre-shared secret to X.509 certificates.
The certificate for the peer is identified using its 'distinguished name' information. This is the information prompted for when creating the certificate signing request (CSR) file.
The locations of the CA certificate, the server certificate, and the private key file for the server are specified.

To modify the site-to-site connection to use X.509 certificate authentication, perform the following steps:

Table 1. Configure EAST for x.509 certificate authentication
Step	Command
Remove the pre-shared key.	`vyatta@EAST# delete security vpn ipsec site-to-site peer 192.0.2.1 authentication pre-shared-secret`
Change the authentication mode.	`vyatta@EAST# set security vpn ipsec site-to-site peer 192.0.2.1 authentication mode x509`
Specify the 'distinguished name' of the certificate for the peer.	`vyatta@EAST# set security vpn ipsec site-to-site peer 192.0.2.1 authentication remote-id “C=US, ST=CA, O=ABC Company, CN=west, emailAddress=root@abc.com”`
Specify the location of the CA certificate.	`vyatta@EAST# set security vpn ipsec site-to-site peer 192.0.2.1 authentication x509 ca-cert-file /config/auth/ca.crt`
Specify the location of the server certificate.	`vyatta@EAST# set security vpn ipsec site-to-site peer 192.0.2.1 authentication x509 cert-file /config/auth/east.crt`
Specify the location of the server key file.	`vyatta@EAST# set security vpn ipsec site-to-site peer 192.0.2.1 authentication x509 key file /config/auth/east.key`
Specify the password for the server key file.	`vyatta@EAST# set security vpn ipsec site-to-site peer 192.0.2.1 authentication x509 key password testpwd-east`
Commit the configuration.	`vyatta@EAST# commit`
View the modified configuration for the site-to-site connection.	`vyatta@EAST# show security vpn ipsec site-to-site peer 192.0.2.1 authentication { mode x509 remote-id “C=US, ST=CA, O=ABC Company, CN=west, emailAddress=root@abc.com” x509 { ca-cert-file /config/auth/ca.crt cert-file /config/auth/east.crt key { file /config/auth/east.key password testpwd-east } } }`
View data plane interface dp0p1p1 address configuration. local-address is set to this address.	`vyatta@EAST# show interfaces dataplane dp0p1p1 address address 192.0.2.33/27`

Last updated: December 22, 2021

Helpful Links

Key Resources

Get Started An introduction to the Ciena Vyatta NOS

The Vyatta NOS Overview Get to know more about how Vyatta NOS is the best solution

Vyatta NOS Architecture Overview An overview of the Vyatta NOS system architecture

Troubleshooting Guide Identify common issues with your configuration and network setup

Copyright © 2023 Ciena Corporation. All rights reserved