Vyatta Network OS Documentation

Learn how to install, configure and operate the Vyatta NOS, which helps drive our virtual networking & physical platforms portfolio.

Client-Side access to OpenVPN access server

OpenVPN Access Server is a server that authenticates remote client access requests (either locally or through an authentication server) and provides OpenVPN tunnel configuration information to the requesting client. It also provides OpenVPN client software if the client requires it, although this is not required for vRouter clients. The configuration information allows the client to then establish an OpenVPN tunnel and an OpenVPN server with minimal configuration on the client side.

The sequence of events is as follows:

  1. An administrator configures OpenVPN Access Server for vRouter client access and, potentially, configures a separate authentication server and OpenVPN server. The client requires only configuration information from the server. It does not require client software.
    Note: It is possible for OpenVPN Access Server to act as the access server, authentication server, and OpenVPN server.
    Note: OpenVPN Access Server is not available from Ciena. It is available from OpenVPN Technologies, Inc. at http://openvpn.net.
  2. The vRouter client accesses OpenVPN Access Server and provides a username and password.
  3. OpenVPN Access Server authenticates the user, either acting as its own authentication server or by using an external authentication server, such as a RADIUS server.
  4. After authentication, OpenVPN Access Server sends the Vyatta routervRouter client device the configuration information needed to establish an OpenVPN tunnel with an OpenVPN server.
  5. The vRouter client then establishes an OpenVPN tunnel with the OpenVPN server specified in the downloaded configuration and is provided an IP address on the OpenVPN tunnel subnet.
Note: If the OpenVPN server is configured such that Autologin is enabled, then a tunnel username and tunnel password are not required; otherwise, they are required to establish the VPN tunnel.

The vRouter has the OpenVPN client software preloaded and can use OpenVPN Access Server to obtain the information needed to establish an OpenVPN tunnel with an OpenVPN server. The only required configuration information is the IP address or host name of OpenVPN Access Server, a username and password for OpenVPN Access Server, and, potentially, the tunnel username and tunnel password for establishing the tunnel with the OpenVPN server.

The following figure shows an OpenVPN setup that uses OpenVPN Access Server, an authentication server, and an OpenVPN server.

Figure 1. Client‐side access to OpenVPN access server

You can use the show interfaces command to show the assigned IP address on the client side of the OpenVPN tunnel.