Vyatta NOS documentation

Learn how to install, configure, and operate Vyatta Network Operating System (Vyatta NOS), which helps to drive our virtual networking and physical platforms portfolio.

Using unsupported OpenVPN options

OpenVPN has over two hundred options, not all of which are feasible to support in the vRouter. At the same time, the administrator of a particular environment might require OpenVPN options not supported by the vRouter configuration. For these cases, the vRouter provides the openvpn-option configuration attribute; this attribute allows any OpenVPN option to be specified, as shown in the following example.

The openvpn-option configuration attribute

interfaces {
    openvpn if_name{
        openvpn-option options
    }
}

The text of the openvpn-option attribute is passed directly (without any validation) to OpenVPN when OpenVPN is invoked, as if the text had been typed on the OpenVPN command line by the user. Therefore, multiple options can be entered together as shown in the following example.

To configure this example, perform the following steps in configuration mode.

Table 1. Entering multiple OpenVPN options using openvpn-option
Step Command

Create the vtun0 configuration node.

vyatta@V1# set interfaces openvpn vtun0

Enter configuration commands.

...

Set the desired OpenVPN options.

vyatta@V1# set interfaces openvpn vtun0 openvpn-option "--verb 5 --secret /config/auth/secret 1"

Enter configuration commands.

...

Commit the change.

vyatta@V1# commit

Show the OpenVPN configuration.

vyatta@V1# show interfaces openvpn vtun0
 ...
 openvpn-option "--verb 5 --secret /config/auth/secret 1"
 ...

It is also possible to enter the commands separately as shown in the example that follows.

To configure this example, perform the following steps in configuration mode.

Table 2. Entering multiple OpenVPN options through multiple commands using openvpn-option
Step Command

Create the vtun0 configuration node.

vyatta@V1# set interfaces openvpn vtun0

Enter configuration commands.

...

Set another desired OpenVPN option.

vyatta@V1# set interfaces openvpn vtun0 openvpn-option "--secret /config/auth/secret 1"

Set a desired OpenVPN option.

vyatta@V1# set interfaces openvpn vtun0 openvpn-option "--verb 5"

Enter configuration commands.

...

Commit the change.

vyatta@V1# commit

Show the OpenVPN configuration.

vyatta@V1# show interfaces openvpn vtun0
 ...
 openvpn-option "--secret /config/auth/secret 1"
 openvpn-option "--verb 5"
 ...

No validation is done on this setting; therefore, when using it, you should make sure that the specified OpenVPN options and their values (if any) are valid. Furthermore, because many OpenVPN options conflict with one another, you should also ensure that the specified options do not conflict with one another or with any other OpenVPN options that are configured through the vRouter configuration. Finally, some OpenVPN options require coordination between the two endpoints (for example, the value must be 0 on one side and 1 on the other), and you must ensure such constraints are met.