Vyatta Network OS Documentation

Learn how to install, configure and operate the Vyatta NOS, which helps drive our virtual networking & physical platforms portfolio.

Authentication of the client bundle

Authentication of SSL-VPN client bundle is accomplished through a username and password together as the authentication token without TLS client certificates. The authentication can be done against a set of vRouter-maintained local service users or against central identity management systems like cooperating directory servers (for example, LDAP).

Management of local service users and authentication against a central identity management system is covered in Service User Management.

The SSL-VPN client authentication configuration only requires to reference to authentication profiles of central identify management systems or by referring local service users or groups of local service users.

The SSL-VPN client authentication configuration references the following:

  • Authentication profiles of central identity management systems
  • Local service users
  • Groups of local service users

Any change to the service-user authentication, such as adding or removing a new local service user, or changing or adding an LDAP authentication profile, does not require a change to existing client bundles.

Because client bundles are independent of users, no such change requires a change to existing client setups. A change to service-user authentication does not require a restart of the SSL-VPN server, nor does it terminate the existing client connection.

Authentication methods can be combined for the same SSL-VPN instance to provide authentication against multiple LDAP servers and local service users. When one of these authentication resources grants access, the authorization of the SSL-VPN connection is granted and access to that SSL-VPN instance is permitted.