OpenVPN with LDAP
This LAB shows how to use OpenVPN with a Active Directory authentication method.
- Topology consists of:
Windows Server 2019 with a running Active Directory
VyOS as a OpenVPN Server
VyOS as Client
Active Directory on Windows server
The lab assumes a full running Active Directory on the Windows Server. Here are some PowerShell commands to quickly add a Test Active Directory.
# install the Active Directory Server role
Install-WindowsFeature AD-Domain-Services -IncludeManagementTools
# install the Active Directory Server role
Install-ADDSForest -DomainName "vyos.local" -DomainNetBiosName "VYOS" -InstallDns:$true -NoRebootCompletion:$true
# create test user01 and binduser
New-ADUser binduser -AccountPassword(Read-Host -AsSecureString "Input Password") -Enabled $true
New-ADUser user01 -AccountPassword(Read-Host -AsSecureString "Input Password") -Enabled $true
Configure VyOS as OpenVPN Server
In this example OpenVPN will be setup with a client certificate and username / password authentication.
First a CA, a signed server and client ceftificate and a Diffie-Hellman parameter musst be generated and installed. Please look here for more information.
<LDAP>
URL ldap://192.168.1.10
BindDN [email protected]
Password P4ssw0rd123
Timeout 15
TLSEnable no
FollowReferrals no
</LDAP>
<Authorization>
BaseDN "DC=vyos,DC=local"
SearchFilter "sAMAccountName=%u"
RequireGroup false
</Authorization>
Now generate all required certificates on the ovpn-server:
First the CA
vyos@ovpn-server# run generate pki ca install OVPN-CA
after this create a signed server and a client certificate
vyos@ovpn-server# run generate pki certificate sign OVPN-CA install SRV
vyos@ovpn-server# run generate pki certificate sign OVPN-CA install CLIENT
and last the DH Key
vyos@ovpn-server# run generate pki dh install DH
after all these steps the config look like this:
set pki ca OVPN-CA certificate 'MIIFnTCCA4WgAwIBAgIUIPFIXvCxYdavCnSPFNjr6lUtlsswDQYJKoZIhvcNAQELBQAwVzELMAkGA1UEBhMCR0IxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAcMCVNvbWUtQ2l0eTENMAsGA1UECgwEVnlPUzEQMA4GA1UEAwwHdnlvcy5pbzAeFw0yMzA1MTExMjM4MjJaFw0zMzA1MDgxMjM4MjJaMFcxCzAJBgNVBAYTAkdCMRMwEQYDVQQIDApTb21lLVN0YXRlMRIwEAYDVQQHDAlTb21lLUNpdHkxDTALBgNVBAoMBFZ5T1MxEDAOBgNVBAMMB3Z5b3MuaW8wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDg45vAzS6xNqU+Pa7wk1Imt1/az1C22Sbp3wPJLfgOmy0K3TA5qVsx/c/8gatsatMkCsekGnK5BPzCDd5eCCLo//B25HFO6fBYRNvHvVyCUx7QEXw4FHFNG88zCIizx114AGtVwZfGGG9xCc53xjLPUpH6iqTXme41cCFFQlqXwZ7fuySieSdoV8SAsJTTOsGCEUEcDEnNPn6tX3KWTzNuyFPECy8WCmNgWNyG2nmH+U7WRTX0ehZ5dZyU5au7TxpRN4a+JtE0gNqcWJ+nh1A543q2pcRoQpPAzHFclgj8wG/EyauQMY/LC4tLc6moPaNlTwA9HJv8s6xUqpzNptDoUHKOqKuw2JRFnno5SCQ788KkKNgVWBy2o3BGoewfHFhAdR61CXeLpmuneuhi96GcM031gW8ptXbd4DkCF7H6KRtqeIvwiyG79ttC8kZf01Sn1fM5fTjGxaE38dAk/RchtHRC6rtFavHJjB2cUcCkhhQofUE6IR2dYJZ1cw0Wy5CI3bXHf43BpvDGmuxIlNGirTq8wf5RCWzDJJgmkQpYhUYe8x4faF4gTo00uH4ZvAYjQu3JNZGkb50p4kM9Mu5rQAiZJUeMAz/QD+EIV9xXgOk14+BbnHKWbZ7Ou5emewFuE/bjl79oNJklpXdc4soRkCPCTEGK3zDBdmUtCYk1DwIDAQABo2EwXzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwHQYDVR0OBBYEFP5NDac/yC+mQmaTpZDUv9GZMGMBMA0GCSqGSIb3DQEBCwUAA4ICAQDEqpF2ibwYFxsF1XDIPS5/Gs0sZTZBuByNm5d2+jTyO7d5alZUdbvobbwhxZOhWasmFNyPLr4TYmZm5zF+efFsiOxjyRuEoVU+Fe8rZmpRIF/+6+nYX5r9vMI4QxGjeeyP20OHJ85Kvz182CTsITrM15Vw/kVVjAVzFI5Gm/QolalAoFQza9rAL4kDqaUszjHjPbysvDpGF+NLPjiYDHXcty/BC48bnuzAeEM60SGZ7EXvf8l0X8YsO7z39w6780A/3rbZvFhCYMKp/+p5xBRDjnX91dM6DJw73RwYQ1KHbHk9wWUwnL1giL71jzp/y4Oj6SSK2PQv+OnO80J6Zg06WIQx9xYcxr108Xh9FotUrlG7GYPI3Udf95t6SjuydDhULAVD0lMBxlDe9DHW1k1q1pOXaHZg926tY66xx/lda6dcuwJjA2Dx5JI6L0u9ureQmQAtxvnoTCtf+hR1iX/IkskZCKs34SjNiCnBuw/DNfdOpfaABm7y+tWiXBwnu5l/K8poXcQYQByyZj6YMmpgsbVPr5KNsLWOgRA81M6IPof8qxvnFrkazhiQWh1YHSjnaHtA3z5/BdgwHVICuFyrIOlbkKyJOjKcKBsDdMwIV0tsnpnyli2xEPZKu1tAQFAavXrK/RGYYhOZ3e0aRSV8hlP8i/mf7p0I45cJiBCqPg=='
set pki ca OVPN-CA private key 'MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDg45vAzS6xNqU+Pa7wk1Imt1/az1C22Sbp3wPJLfgOmy0K3TA5qVsx/c/8gatsatMkCsekGnK5BPzCDd5eCCLo//B25HFO6fBYRNvHvVyCUx7QEXw4FHFNG88zCIizx114AGtVwZfGGG9xCc53xjLPUpH6iqTXme41cCFFQlqXwZ7fuySieSdoV8SAsJTTOsGCEUEcDEnNPn6tX3KWTzNuyFPECy8WCmNgWNyG2nmH+U7WRTX0ehZ5dZyU5au7TxpRN4a+JtE0gNqcWJ+nh1A543q2pcRoQpPAzHFclgj8wG/EyauQMY/LC4tLc6moPaNlTwA9HJv8s6xUqpzNptDoUHKOqKuw2JRFnno5SCQ788KkKNgVWBy2o3BGoewfHFhAdR61CXeLpmuneuhi96GcM031gW8ptXbd4DkCF7H6KRtqeIvwiyG79ttC8kZf01Sn1fM5fTjGxaE38dAk/RchtHRC6rtFavHJjB2cUcCkhhQofUE6IR2dYJZ1cw0Wy5CI3bXHf43BpvDGmuxIlNGirTq8wf5RCWzDJJgmkQpYhUYe8x4faF4gTo00uH4ZvAYjQu3JNZGkb50p4kM9Mu5rQAiZJUeMAz/QD+EIV9xXgOk14+BbnHKWbZ7Ou5emewFuE/bjl79oNJklpXdc4soRkCPCTEGK3zDBdmUtCYk1DwIDAQABAoICACVsewzYmD6RU2pKJYSPX4pl1aO6ADqNZHZi0GR4K+FyXUqDiHTwA+cLz8K7aWV/WWeUC6j5ZcH4XH+Gg0yumfCgNsnyNhDlyUNHIjPZBT4Cywvg/QTwEfK8//wEHYudT6aam0IIF1O12UW8VgmEiAwMN5Kz476lNQjbgg3efujmJaQhpnULKE2q3V51BC8qhe05JdafDOEE11vOmGj/ARYcbCQhoFJQpDzyTLB8RuEj0cTCe7oVXwwTUF1O4wcmoMCHNvsJxqKwFrER5m+giu83NcKTT13yRlg9LVg094XoGDFtRgmW1dD6ONHzi3Yd28UOIoII8sRYugLU6YcnjXfrgxvKJHJywEEJobfS2o/2/mHh6kjv7pvppWdDhjkf+dWZ0frx2YyF5/dUgGG6e94hzOwRunEu4JVKl0Qr+Vfsqt/STVDA3vbhaMdMuIR2Ir0OkoYiqGBdiEGVx82lf4uDy2TXveqKUADXU5SchjP0JZpBANO4RVoxFpY2r1tEh/sRBu9wY+Fjk4FqdjjOmsbmFwhyG/j2VvKkVsq5itsxG/Rg1nTThE2LN+R6LUquujtn94rIaz6lukEr7Yq9qy14Prj5A7tYnuHbcN36b0A3xN7bxxeX6w12naVp0KZPmey6W4HNeNOOfTLh8BpG+TMPZLJq6U+fryHD2nIhk1mxAoIBAQD88A7vo3LIzas83bYaCa1BgjtJ6WUsqsriuG55pt8olzF/X0THkcDiozCy1IJchL4+GxxA0dp+NBispflvbFWZFAHMnbJx4cc7qMR9k8DDSHNQVgfV6nBa4xBvjBp+sanOOOLV4p+fQZW+n6VMzCcKC74awjbIKgPY0LhUQxIVjtzFyor+MLLoqeavxWzBVVBslwR2oyjbTtTMkeNuTyC4kQAJcfWDN/s2bl6P8Mldpik2WhW0GdxHyK3sgZWXIrnkTlQg3EMPb2sPhFZm6pQKpxXwl8gGgFzEx4mEpHxHm/igZPVRTnYfGwkPmHu3caF59IWHq4jsUAxRQperRgStAoIBAQDjnJ4dZgcnI4PxiDKDKXeb5ZgjnIL0eyxMZoLtaVYnO2lLG0uMlACUEuRwGz4acQcjRoW4FOh3NSberobSHOVBO9Y3qgEcTtgJvzkso5IXD76/vmpiYFdPo9aGaVR/fr+yPZ0h4S9wFShRBtDZapjAlds68ROQsvF/fdU4kqtfyIAst1lwtqMPeTmiZJxVubE0h2YEXOpwIEFcu3+MUvqtCd8X/T+VyF4ZQqn64NvYvkoWpfIiKmOGsCBc4agYuPs4Cy1QvN6oLXp+0b8mSzp+ot35n1lBGTSY2l4/9k6sIzWY7x23GS2g3AUJ2kYUTpQIq2pow8Sc8ptxLwZSQZwrAoIBABqhW7E3UDp8DO9XmHidVDR1dbCOdiyBvuKn8Fm2jABGCtwSN7ebTOePruzlGuSKxUzcpdjdP1fSPFbRErX8ffaj+JyGbec3kjZhym4+RClLU3i91g1bpYCsL2rPIWr9YZdovdkvBwdJbG6peEnhpKqWGenPUN06LzWApCea+Ch05iGc9Y1Vq0B7wuH2s0CXruP/8mRbQU31usnfAkb25ccI3SwhZ2vtVPGiJSqae1j0yZoDWg2gO2UDZ+xiqFFFQrUa2hirmBPj8y2rDT3ArN2CQfkWweSNVzcQmxXwC3Wuojqg5oMs85rKyeVudHgX6pxgdj6WfNAEjYdwr29E6/ECggEBAIHl7i7k/YwOrsx3aCyGy+ZC39LjDbGtYhiwIGSRy0NUmsDscO9nv/TB23FHeufoPaSaKNJnzEvMH8TSYcskBop2NclK0ptvO8hEQ8MADu3uZHRVna1LQkkHPfUzw6+HjKuSkky1kTcsO/gSJbsPJOI0JAu9becU2NJj4/4HZpqheNUMRpUXBnRcQNI3DSm3cjSCWWyAAqO/JM5hi2dwK/P5QEMWmuVGlr1f2FZ/YbiO0QWf61IoUuiZN78KYb7KQ0U2y8PaJlBgtBoQZkDaiiWfmYNOt8d5NRVO+p8SWM/QwFPpk1Hdora9GnsHARuxxLY17eKgZ2MS6jdsGPV00EUCggEBAPuNZ3peHYhIo2EMb6wpnAFV2fAUajymwenr+Bmv5BlAnW7bE2bSNuK0P342H047On8pSEHD4tk9C/GedKiUyxP2UnaFS24mWpe44X3UlC+KJLqJG+zVGXryC7bvhS3N1KlI6H2pRY1fPAhlfUk2KAe+ZP5C7iWwtR6FlPpjB3JoS77qFVhnYdlfnQEuJ7woEKD1TXQH0Sb2OGfPQW1UjIYoEp+9p2F5scB8rV6WaOIpwLY1H0ODvo1JYdTruWGHMKqhuLs5L2MeOluUOyHW7HkJLdLuyDIR9nA4+vNB1RNF3rz83L4Xs/NA1CW3iFWIyG57oFMX1td3i3xJwhjd40M='
set pki certificate SRV certificate 'MIIFtTCCA52gAwIBAgIUeZnSAMPohIvKL/1Fy/pW2cV73HkwDQYJKoZIhvcNAQELBQAwVzELMAkGA1UEBhMCR0IxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAcMCVNvbWUtQ2l0eTENMAsGA1UECgwEVnlPUzEQMA4GA1UEAwwHdnlvcy5pbzAeFw0yMzA1MTExMjM4MzFaFw0zMzA1MDgxMjM4MzFaMFsxCzAJBgNVBAYTAkdCMRMwEQYDVQQIDApTb21lLVN0YXRlMRIwEAYDVQQHDAlTb21lLUNpdHkxDTALBgNVBAoMBFZ5T1MxFDASBgNVBAMMC292cG4tc2VydmVyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEApDWzTcB5LFM/tacaRHvpchBKLigJ5FlqNNfJ2vnP87KfCmTA5tkWF7MtuY990tHZtl1vQ3Pim4d6XBOngiQmaw7tZeWAIrv1L2/VBjORUrLrQhkkg9nSpcYFxoyUQzukTY75PcwhYLkS6ZO/vPPSBuh97f3XR645Aauf7ZIk2NsUidP2uGZz/Sr5VC7ovH2l3zz1kIHPCinfvpPEVb5oTt7qEffk4vnKjy9RY+H1hZowvcAp1zfLaOt/dXaK6vfNutbmwDHbYAlIals0EcjtTr+63ymxmupn7RBjgWtK7MgocGZnt6HKJ4J6teP3WgiSd+I9pdFG4wHZOSVL3axf3rBx7q09DMn/Snvfbly+SlhXw9Ebk368J6j6rhNUkxo/M9fbfgxS0JnNjHInRNAvRQW5CgQfT9KyUdxR63BeSnngk2XYX+bDinb0ig+VDpZcr6PgOBR8aNFsCPbXRwDy0bmuFnFYMzs/7ZmFQhzE6rQykHvVvAsyv7FYrlW0E02H4+Xe6bEVpE1fLcH8OCGY2cfuTfq1Ax6R4r+tdHYW1kzFLjwdh3uqTLF11zcbkAwd78E/ItrfEadvgxrYR9gfhX79AkK0VHmZ/hzrLFeGznnVcqoTKgq21dfMfQG2P13QvqS7tCE5swM9N09ASVrifyVDuoL6jaW96wgeqR6eHMECAwEAAaN1MHMwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwHQYDVR0OBBYEFE1U3Zamfuv6ocYiF9q7H//U8h+AMB8GA1UdIwQYMBaAFP5NDac/yC+mQmaTpZDUv9GZMGMBMA0GCSqGSIb3DQEBCwUAA4ICAQBZwHvGj/jziNFwXS2W1Q11I12YANmVhISP39AA7DNhXR+E1hXFs+U52ehurZoLTi5YTjd8PD0KcE58mw8CLsFQB/+pni9EwJuAhpMb6XsmYEp0PeOH7C/q5eOc4TB/NBsvEa5IdTmUoewmjubKeJ8OHdRBMI77Me53lSC6iskc9DGyixSLqQogQW4aiTposFJOW/YugBy7kiuygmFNJv4luDbyRBb9131zH0qSSishLT4Bp5lXQNYWI4AU0JeyQcYaSHWCr0h6H9GN3QOf/emc3/2Tee40FcEMsszJBRnQ3IISzU5xVLlfU02SJMpjvFT2MGfHAs7obrNbwiFeoLZ6fQeGLe53aOQ5M9XeW5bdIeR2ZrLoO1hW33x5jYI8nLnU0FnqpMMY14r7LZE/mjwfdrTsGChFzsLasB0Tj++mGMOXw3DSusppub17AE2bO2uO6J9XMlbkOC8EmDCF1Hetija4D3aunhtu6jRBOcR8DHVBqNae2YgUk1ALqGrNUGFH4bEioTjDDx2GieOtp9rUwJMlkAyUEe0k/wzcBLjZaO8KBCtrmTdr1wMXizPT+XcjAlzRNXvHiZFq0NG5Rnim+LH9tp90EHzO7EeVXV+LegnIKQqboIrY3KOw5Qx8ska+t1WrWHpyzpwsA0WjA6sDTyWthgNYSxb1ikNGO8STCA=='
set pki certificate SRV private key 'MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCkNbNNwHksUz+1pxpEe+lyEEouKAnkWWo018na+c/zsp8KZMDm2RYXsy25j33S0dm2XW9Dc+Kbh3pcE6eCJCZrDu1l5YAiu/Uvb9UGM5FSsutCGSSD2dKlxgXGjJRDO6RNjvk9zCFguRLpk7+889IG6H3t/ddHrjkBq5/tkiTY2xSJ0/a4ZnP9KvlULui8faXfPPWQgc8KKd++k8RVvmhO3uoR9+Ti+cqPL1Fj4fWFmjC9wCnXN8to6391dorq98261ubAMdtgCUhqWzQRyO1Ov7rfKbGa6mftEGOBa0rsyChwZme3ocongnq14/daCJJ34j2l0UbjAdk5JUvdrF/esHHurT0Myf9Ke99uXL5KWFfD0RuTfrwnqPquE1STGj8z19t+DFLQmc2McidE0C9FBbkKBB9P0rJR3FHrcF5KeeCTZdhf5sOKdvSKD5UOllyvo+A4FHxo0WwI9tdHAPLRua4WcVgzOz/tmYVCHMTqtDKQe9W8CzK/sViuVbQTTYfj5d7psRWkTV8twfw4IZjZx+5N+rUDHpHiv610dhbWTMUuPB2He6pMsXXXNxuQDB3vwT8i2t8Rp2+DGthH2B+Ffv0CQrRUeZn+HOssV4bOedVyqhMqCrbV18x9AbY/XdC+pLu0ITmzAz03T0BJWuJ/JUO6gvqNpb3rCB6pHp4cwQIDAQABAoICAQCgNLAZhFX0E8hNbplnBUltek0VGQUFnuLKaVlLZXwn8zXNCx1UW6l9N9e9eSw1uXzhueiqc247dQLAwIAlrSU6P9cHGdBYku4T+NRpd3gpqdtyolsItEQabccGvfKMYazb6khqrTRHTGkSL47aRzq6eKsbvRMCoQyG/61JN9LxK1SvX3gO0g4Jipq0MgvokeF5mdyuvqaC8PWU1k+vo9PaVwsguqy5cSDZbz3F6BcE4Lj693cavRmb5F52+E9yDI/P4IhCLKIt4QCgmxiC3XgA43fq75+SV21LUTjzc/0mY+VoO9CmzJcQ0vDrclzJnyFfCwBAPZweL5iBc0zAGcNxTA5/k86ejHdLlASH0dRf55F8ALeO22um21F7cEqOSYBtl009LDvpHte9wKWp9MpHABeDCigYMc05/IgVPQemtd6NtQ0ZVWHWUiWWqh5cY4v8d0CHWAv4HJZI5JuGWdWUc1QufMfu9UbTuNJe0RGQ/N9OJZzzwX+Vpuflrg9K0CT47Yo3NGFbYOuxn12JQBEYDNl5VHWZGAe1x/ljD0OjWmw3xkLNyRqwZnSTTJ4salCSW6qLrsqHWEeNyx+J4t2gBY0TNoylQ8hECxozFu/CYNIlY7+dJjFFe29r+FNBK+WOuUcSoyrABbqCkQH3iXOC97SQSyxdXMNvkkl9X8gvQQKCAQEA2VKt5k7HqvUTC26DNswNQGfd89GcQSeWaipzOBe0Oq12QA0G4ZfPTR00F6CqYnEOSuu2Qa++KEkTBsgl9mE0tdWCAXTTWuqmnsvX2FYQ8rD8FMce+Hs8nn3qNtxAkqPjIY0uEe5AJDzeB0ct7A5w5K5f6MUE/2rWhCeBGVqJKQ+qRjgk0KeVTcnTGzyujaHN1akUA1CRKEqtrCCspZjollWhxDygevMbXs/0QlDkUxaflPOzit6B5vDJqLGJUgvPI3Hc+9eDZXeCyCCdXOVGY8FUxMQ84RnDO8sVOthgahHsdbxjdUb0KcgaV5xNuMyuYsA++QG7fnsHCHnKT0c4eQKCAQEAwW8ppE0K/EmTp2OXKq+cuZHRZWaBtm3zDwfOz3FLVBXi3JGX9M6Hv6q/2cgLDudYiE3LCNagNkI7rRRO8Gfqd2i9KVRQHWCTl4mpTOwwmKWONNgS34aTPjD5UptNUzTvIItGGSMfg/DNrYg6G9HA666aIqpvodSfUv1ryJViml/3NtvmlRmRKEYe03txKhAN1Reuq30BoOGs4Tu5Hy8ijws9hOSCdZbOyte4EhDRSNyZB45YXooJOHEWTLjrZZqgGH3B/uUAUmyHbutPF/Wkep7M1LVeU8KS4HeVmwMRgPL10nxoHPE/UGBuqL09p4a1muXQ+TMHvnI59Shkn9cEiQKCAQEA10v/l/BoAse0TFj5iSnx3uKHkmsQX8P2UcsoRmPFW3RJd/7v2EJrTrwlxVqYMdpLDJIkB0MyIfry7H8QjNuUOqgAmazBToq08xCDD4GEXMpVkcgKuKRuU53ukNb26c+Ozshs4bqktMHQPGmZ5wgPc54EyjeVUezoBBiW3yVASPuJ9vLcFhJP6baOe6dMTmgD4S4V84q3o7EICUR9hbjMg1LmZeCiI+wAK5fdJm25JU9+XTRppKP3EXFudr8bibrFRRoikSTauYUCfX1CKKvDZkQ71IuMvHynW+8/YwLF0Y9cMO+noKHgdhwVbMIehXvRL2fBezLqKs17FDyD3rJyEQKCAQAdwFtHShJGe4qaVFcL2bbhU+xBDGMnDAI2bZ0BiwtrA3LBOiOFI779W+XmOT56LFsRm+V+loRN1CIZnOYHU/RcKV/u22j3G8OXqzS/ABT5ZX1Z42IDv08mYaH3cquSALJG7yT4+M4AHSmFZ06IuNpTZaePbWd+HJXkzdWmJFPmKpx7c5cjl6sb5q0XGgVt0spN3Dahabi2Zf+RJP50LWvDVJdBuWPXcjqcOFG3dZ669jMTVnGBGPoSFFK5ujd6iS3WloEgE1jZVJgAF3Ey3jVOJt6aWMsJVwQAQmRgUzh9/OCSX1AkI3b5hdt/WJwDCFUmXfKmYZLvV+JSMsRHUWsBAoIBAC2ZuZ3hYmSFMq+rZme72lIl3PUiOWPO9VVbs+PsRk58/ceCWnGCO647+KGb4jFw0vKPwP5RKmPny9a6ZSpYB2jsgWItKewdah+VPEOSLZQT/aPB5f61eiazCnuUuWrrycQVyLlELD0pj29mMxAJ0Nr1CIVboYp+YYA7dWNVSUT6T+EV6ASEC6jflb//UUUmCjOfxILGMkqvNJ2T7WguaPLOw21wLx0eDvQA/N8ZTiyKmE+GVRkDwGzC/yLeelgzyBgmyr15hfo7Q41VtAso6rzzExc4GasmgQe8z4Y0Gm7t3RDL3GXxBmonZtxNZt0vwvVyS/kAJedmPgcfxJunPnM='
set pki certificate CLIENT certificate 'MIIFsDCCA5igAwIBAgIUSzQgwzGsfJFecGxCwLXVsGCLMkAwDQYJKoZIhvcNAQELBQAwVzELMAkGA1UEBhMCR0IxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAcMCVNvbWUtQ2l0eTENMAsGA1UECgwEVnlPUzEQMA4GA1UEAwwHdnlvcy5pbzAeFw0yMzA1MTExMjM4MzlaFw0zMzA1MDgxMjM4MzlaMFYxCzAJBgNVBAYTAkdCMRMwEQYDVQQIDApTb21lLVN0YXRlMRIwEAYDVQQHDAlTb21lLUNpdHkxDTALBgNVBAoMBFZ5T1MxDzANBgNVBAMMBmNsaWVudDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANHNJOSwcDbRqziL1gXYnHIq7P7vEUFvS8d/XLYJ1xIpcYTRXTut2CTGRar7fZZicu7x0yoK4TzrHvGVf1o4NC4NSGV5RX6kwRdrfWBmvpIkjSLGtCREFyhb+PHDpnsIS7cfN9udC0vocqVlx/xM/sfcP6Vja/uFp+9TQcneJIxYw34zkF+TtOVbE3pP5VxU7ZAj8F5/q1ONhTMdzG4Ol4/0nBqZfdYA3LVDeSSNIJNF5jlaKXXFHz1EJRemTYDx+f5bfCVcK2Qs8fU9jCFBlATjMu9O5rgk6nMLRwEnJZuZ1gj2tWQvz4e9yo5yUqf1PUhOrn3c81MRliUNHKr+CkxgQJal6P3Ar3q4iftJih3K+/j4o194mQ/Dt/Et+/Qn/DUFk2FB0rTMcQwJLTEAzxtTdmBJeJpipIPDR0u7UMZLNh/raQ8s3FsbY4uYORt2f5YQlCVHbth4dRa9xa+oRbm7eomNACIbWfkLh5Bzud1+qIfdBMZKaZbnf0HEeuH0J5LBJeova8EPxWbYMJPrRHzu5gowkIKl+uIxcy8IiNTA9YEoJVonCjmlr8NEtYShrIVbicdMNSI3pOQR60MFhkHwBjSU2l/z+4wwLxtzq/c2xKw9yrOZ46ZVLwGDFq8rPwp7/P9r6mDKsbn6jIvGOeH71dMZvoc4lCaClw+hKIzLAgMBAAGjdTBzMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMB0GA1UdDgQWBBS6j30FmL6kZW7rDH8QjRMoWoA/njAfBgNVHSMEGDAWgBT+TQ2nP8gvpkJmk6WQ1L/RmTBjATANBgkqhkiG9w0BAQsFAAOCAgEANW2Y4bgaB9oexEjj6rkGvePtQmXRkF/adVQREY9iZDGTe72ePybVzrfMkZHjse3o7JvXWRIVVztWSzEpv5noIOX7lAioGG3wsFTHotTFR0zrYJHXHBcV2Neq4Kx2Ta/TZwD8QnZHAAxEQ1pYb4fxwN/A60VElAZoz9zYsbrJyVrfuHDL9queQxPFzqis+7W1BiVIcv4rn0DMQ560jTGh4t4rImOSu5gUsUrQaih85XDdOBPxViSNwfVdZJIgbvamudpfEaKsIun/uCjcxpNnzIp0rhyYmDeqVat4GnTV7Sy48e/Uvcq71ZWbBYJF4+yW4pylIU2Sh/Uy2sAz4C2M71FlFB7qsmcnPRsFFHf+r1NyD1lkVI9k2371fTG/Kub9V0rOz4pvKz4Em5b4MUPdDbZOqJ8hQ+atGE3ovFJIovA3NFb0OtnyC4l+kG7dfjqFudOnmDa+Qsya+2YOxBZBIRfuhlXhb6Y6Smsk9R6x0jBmcQTPS5ZmvKaTxQCFc53xMdQNAswjiI2L9rw4BcqQfVmf/vpoN+VusD/XEv2V0Ixm10YybA7BI/tixh9vwj3fdQXVLy3jSYjVBd5WOFPizbQZeD10ElvlLqZZyWrP/Wre7Nmi/gEOnhBXXmo034fFF/vXf0JRpQsd2oDs24+4XwZYb8mbM31j7Nx8YvhR+64='
set pki certificate CLIENT private key 'MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQDRzSTksHA20as4i9YF2JxyKuz+7xFBb0vHf1y2CdcSKXGE0V07rdgkxkWq+32WYnLu8dMqCuE86x7xlX9aODQuDUhleUV+pMEXa31gZr6SJI0ixrQkRBcoW/jxw6Z7CEu3HzfbnQtL6HKlZcf8TP7H3D+lY2v7hafvU0HJ3iSMWMN+M5Bfk7TlWxN6T+VcVO2QI/Bef6tTjYUzHcxuDpeP9JwamX3WANy1Q3kkjSCTReY5Wil1xR89RCUXpk2A8fn+W3wlXCtkLPH1PYwhQZQE4zLvTua4JOpzC0cBJyWbmdYI9rVkL8+HvcqOclKn9T1ITq593PNTEZYlDRyq/gpMYECWpej9wK96uIn7SYodyvv4+KNfeJkPw7fxLfv0J/w1BZNhQdK0zHEMCS0xAM8bU3ZgSXiaYqSDw0dLu1DGSzYf62kPLNxbG2OLmDkbdn+WEJQlR27YeHUWvcWvqEW5u3qJjQAiG1n5C4eQc7ndfqiH3QTGSmmW539BxHrh9CeSwSXqL2vBD8Vm2DCT60R87uYKMJCCpfriMXMvCIjUwPWBKCVaJwo5pa/DRLWEoayFW4nHTDUiN6TkEetDBYZB8AY0lNpf8/uMMC8bc6v3NsSsPcqzmeOmVS8BgxavKz8Ke/z/a+pgyrG5+oyLxjnh+9XTGb6HOJQmgpcPoSiMywIDAQABAoICACNXi396uWyCpXVBGSyi8LfKw2GupBmBxiI1Mkj4H2LP2G+nVS1Ye7C2NcY311AeBX56/jd23bqFYRERPgLUtPWNB0UQyMQsvNpVISm8JR45Sg0xq+bwEXabB7SyYLkZDKgsehxkuCJxZd625pl53vGMCKyzst0MBt4qCEsZQM7jpQr9ZLS1DSQV05InI1wKcnp1k2hX2WSZ0nZp7qYbjyyQ6DsS4D/MpWFjnGSr4XDttXqz1YghTMHlWNpDCYtPN+3BO4iPnj+h0qCdXZ28jlLEczAc+oDKtzPqEmv/TDaKE6Qu6x+VbkBPmG+mkoX4qfokRwCs19CGheR38PxdDx7AgySv7K8hM8gFC0XEqNdjt86KG+N1Ps5Sru4QMrf8j9XXNPUvt0M8wsPVeWa5ubkV7/h0HIEROOFpEFbzWnhBChPVvFObuuEjl5Jnj3KUEnckQFU07mPP/BpysHo3v/p+VTVoo2UkfVvjamnwQOUt3cVlPVC4FzVgkswJa4f75nGmDv8dafyPrCYciOh0qyhD5Pw/EBJkKtDBYHaoxtAw9Ann4A5rvZAveLNTPESOMo90pJwJbQcZyq9H+UGVnde39I4m5vHB5izZJI24Yd3fjRRkRf+/68VYKrkI5B7oH73Z/cl/xgEdI1hag4MLv1gon8wna4yCX/321YPTrDABAoIBAQDpHtvnvpOaoSjkJHUx4EGJkrp5R/mPfEbzzU2Ov5pNIcufv++2lsoUVCTDwgp4+7GngqYO5vVyW/AS4pSrDx7kdWpFaUtJUUCcCHk/5hYcvvourYtW1NR+XPiI28IqRp1P0L1+P0mUaRgpEcw6nEnc37XEujvTB1M/yF2y6xc+kZGjrZTmJeu0V5kkaGcXlAqUv2k0Lj3tEPQR/qj+kMX5hidROGuybNBESgA5ELY6QVnpcOyNDyniWq+RIUyBOuXp7DpUbmUANFEEP8lwjZX+HqwTpSjTSFdcPrsmorc9FpTXA9ktt1Z0ZxBzUvdcWbUeVsFqL0yICiShE7UxlOPBAoIBAQDmZGQ5roSKKY+VnmjIq2+gx8zsMYeliQm0hnKrFw9MM8U+/XOpXlpNHx2ehrGWp/BbmlmrnQaRcbLPJaRtWSEywbWnG77g+zj0w+4BdsYyTtGGFj4tXVZhPPo/DID3FPLn9cSv8MIVWjzg1G/BZcxtCDBDRBhwhZHCPOfd0K/S7rvRBq7IsNNHMTGswWGRMaF+M/trZw7TsQ0BX+5zZUyO8VNBi/NgTV3yoQ8ynBefRt1dmNa2CKXPT+5R19cBtecFEyhc3yo8ryTtM22JzndzA8agQmNPnWmYGivvcNHNikTQ2qUvvcd7Siny6j0+CmFdT9bl64VPyRJrFCw3jaOLAoIBAQCQ/1OyShRO+myPsql+U0kQQ8Zeh0kPWTJclFboMf7MePfJLj3waMvaZxfS9s9CvvKaCSY2YKtL7Sle5bWozCff27Q05jAgszwnkRGxj/AzAwpjnCft40UkL7majm2vk+pm6aPjcYPXnqKbcOmBjxJWIoNRkLCDKqw6IOs+zQDRNwPKNb5GhFGeA1pKjfGJddg6+u95uEVmPcRBqQ79/5hUAoBUAW7jNNE5mHmZBO8DPwCotUc82bCojNVkxLxsKPE2VWtWdq+1t9SoevBVZItl2zgWpATHndhQlOgdONoWUgRT1J3x1HYewrg1suYOd/GypC17WV4Vw5FS6wopg71BAoIBAQC63vDgTGpauk0pOVyab1tSmNzhM2dn4BhMIcU+eqzAzTkO13sKBGrQJQ3cODoxDbSKSE61QN9D92nmVQziWKnxxmb1zS5sw7g15/nTnCg0Q/P0g3QZTZyzsEb1/slYH9jKRnErl+eEdDXu0sB2qIBAa6Th2ojMM7q/RrF3HD6Qo20ZpQb951bnZsJ48j2WDCCGAdnLCsNe9zuqQsphNOf9BUbXYpGcKgSquPJfxXXvjgYdVcvJyIfc+GNAZQaS750bY6eYdLaIlDMqZk1RunLuikCAWni86dvtMEU0qFi0E5Ovp7jWWWNE4CnYSyAzgy3oBssyoG74AQp8addXk/3zAoIBAQC8/7DglQGMcKnk4zX+7jCuc0p+qMcd5RdnfBKlRhcWYNRPup9jyDefdkXCBTumCHXrIil/rJzP6b1IZZdC4xkheQpLXNUcceAidRWIrTypaXKkmhR0D74uckGiLXB4S84HYmIdw89ZiF0gB0yyZH5mZnqVMojwnGmWqcM2sr2N44bNQMfhD+nCSgQmReYKKfMQCdvYMxRLQfseU0pFEOGnh9jAmpn8qWMWxNDmFR/rVl26BXtRPiNPimfwWKrYNYhESN7A5/hWcrNUhE4PI+Pjd74npimqs5TDSst2Jc6DiahdaZ6JNNzp2PMUXNbfsMCVgZx+qtVNnVxVMiEngPRl'
set pki dh DH parameters 'MIIBCAKCAQEAzPOQWrWaIX2qt4sbV6bRbUnFx4jmeE+WXC8GIvulnC4pIr1nt2Gc/7uNfEPjDZ4X6csD3X6zAWxtSuWeNuml9Yuy+tS8gI7d0FlbQRAFO/9GIlRuVdMcbCtEhg8ja7Y0g3fQjOSQJ9mqFo7sRoXyYQALD+MDEJOxhnV7neCrgDi1pqnN4xZLoR9DLARp0ad30VIvnv0ay55wxFWAKh2iwNRwyeXIEOtUDBkfcLGSNNfK0kQsos/J8Q+7YXmk4cN9tiVX4xR92edVO4z/vhMkjsGKLSDm/E6EMusX+N0UhQ3dv7qDgeSS8vDsqBm8XJonumNZLvFbYt2ARGRZYL6DUwIBAg=='
Once all the required certificates and keys are installed, the remaining OpenVPN Server configuration can be carried out.
set interface ethernet eth1 address '192.168.1.1/24'
set interface ethernet eth2 address '198.51.100.254/24'
set interfaces openvpn vtun10 local-host '198.51.100.254'
set interfaces openvpn vtun10 local-port '1194'
set interfaces openvpn vtun10 mode 'server'
set interfaces openvpn vtun10 openvpn-option '--plugin /usr/lib/openvpn/openvpn-auth-ldap.so /config/auth/ldap-auth.config'
set interfaces openvpn vtun10 persistent-tunnel
set interfaces openvpn vtun10 protocol 'udp'
set interfaces openvpn vtun10 server push-route '192.168.1.0/24'
set interfaces openvpn vtun10 server subnet '10.23.1.0/24'
set interfaces openvpn vtun10 tls ca-certificate OVPN-CA
set interfaces openvpn vtun10 tls certificate SRV
set interfaces openvpn vtun10 tls dh-params DH
set protocols static route 10.1.1.0/24 interface vtun10
Client configuration
One advantage of having the client certificate stored is the ability to create the client configuration.
vyos@ovpn-server:~$ generate openvpn client-config interface vtun10 ca OVPN-CA certificate CLIENT
save the output to a file and import it in nearly all openvpn clients.
client
nobind
remote 198.51.100.254 1194
remote-cert-tls server
proto udp
dev tun
dev-type tun
persist-key
persist-tun
verb 3
# Encryption options
keysize 256
comp-lzo no
<ca>
-----BEGIN CERTIFICATE-----
MIIFnTCCA4WgAwIBAgIUIPFIXvCxYdavCnSPFNjr6lUtlsswDQYJKoZIhvcNAQEL
BQAwVzELMAkGA1UEBhMCR0IxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAcM
CVNvbWUtQ2l0eTENMAsGA1UECgwEVnlPUzEQMA4GA1UEAwwHdnlvcy5pbzAeFw0y
MzA1MTExMjM4MjJaFw0zMzA1MDgxMjM4MjJaMFcxCzAJBgNVBAYTAkdCMRMwEQYD
VQQIDApTb21lLVN0YXRlMRIwEAYDVQQHDAlTb21lLUNpdHkxDTALBgNVBAoMBFZ5
T1MxEDAOBgNVBAMMB3Z5b3MuaW8wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
AoICAQDg45vAzS6xNqU+Pa7wk1Imt1/az1C22Sbp3wPJLfgOmy0K3TA5qVsx/c/8
gatsatMkCsekGnK5BPzCDd5eCCLo//B25HFO6fBYRNvHvVyCUx7QEXw4FHFNG88z
CIizx114AGtVwZfGGG9xCc53xjLPUpH6iqTXme41cCFFQlqXwZ7fuySieSdoV8SA
sJTTOsGCEUEcDEnNPn6tX3KWTzNuyFPECy8WCmNgWNyG2nmH+U7WRTX0ehZ5dZyU
5au7TxpRN4a+JtE0gNqcWJ+nh1A543q2pcRoQpPAzHFclgj8wG/EyauQMY/LC4tL
c6moPaNlTwA9HJv8s6xUqpzNptDoUHKOqKuw2JRFnno5SCQ788KkKNgVWBy2o3BG
oewfHFhAdR61CXeLpmuneuhi96GcM031gW8ptXbd4DkCF7H6KRtqeIvwiyG79ttC
8kZf01Sn1fM5fTjGxaE38dAk/RchtHRC6rtFavHJjB2cUcCkhhQofUE6IR2dYJZ1
cw0Wy5CI3bXHf43BpvDGmuxIlNGirTq8wf5RCWzDJJgmkQpYhUYe8x4faF4gTo00
uH4ZvAYjQu3JNZGkb50p4kM9Mu5rQAiZJUeMAz/QD+EIV9xXgOk14+BbnHKWbZ7O
u5emewFuE/bjl79oNJklpXdc4soRkCPCTEGK3zDBdmUtCYk1DwIDAQABo2EwXzAP
BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEF
BQcDAgYIKwYBBQUHAwEwHQYDVR0OBBYEFP5NDac/yC+mQmaTpZDUv9GZMGMBMA0G
CSqGSIb3DQEBCwUAA4ICAQDEqpF2ibwYFxsF1XDIPS5/Gs0sZTZBuByNm5d2+jTy
O7d5alZUdbvobbwhxZOhWasmFNyPLr4TYmZm5zF+efFsiOxjyRuEoVU+Fe8rZmpR
IF/+6+nYX5r9vMI4QxGjeeyP20OHJ85Kvz182CTsITrM15Vw/kVVjAVzFI5Gm/Qo
lalAoFQza9rAL4kDqaUszjHjPbysvDpGF+NLPjiYDHXcty/BC48bnuzAeEM60SGZ
7EXvf8l0X8YsO7z39w6780A/3rbZvFhCYMKp/+p5xBRDjnX91dM6DJw73RwYQ1KH
bHk9wWUwnL1giL71jzp/y4Oj6SSK2PQv+OnO80J6Zg06WIQx9xYcxr108Xh9FotU
rlG7GYPI3Udf95t6SjuydDhULAVD0lMBxlDe9DHW1k1q1pOXaHZg926tY66xx/ld
a6dcuwJjA2Dx5JI6L0u9ureQmQAtxvnoTCtf+hR1iX/IkskZCKs34SjNiCnBuw/D
NfdOpfaABm7y+tWiXBwnu5l/K8poXcQYQByyZj6YMmpgsbVPr5KNsLWOgRA81M6I
Pof8qxvnFrkazhiQWh1YHSjnaHtA3z5/BdgwHVICuFyrIOlbkKyJOjKcKBsDdMwI
V0tsnpnyli2xEPZKu1tAQFAavXrK/RGYYhOZ3e0aRSV8hlP8i/mf7p0I45cJiBCq
Pg==
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
MIIFsDCCA5igAwIBAgIUSzQgwzGsfJFecGxCwLXVsGCLMkAwDQYJKoZIhvcNAQEL
BQAwVzELMAkGA1UEBhMCR0IxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAcM
CVNvbWUtQ2l0eTENMAsGA1UECgwEVnlPUzEQMA4GA1UEAwwHdnlvcy5pbzAeFw0y
MzA1MTExMjM4MzlaFw0zMzA1MDgxMjM4MzlaMFYxCzAJBgNVBAYTAkdCMRMwEQYD
VQQIDApTb21lLVN0YXRlMRIwEAYDVQQHDAlTb21lLUNpdHkxDTALBgNVBAoMBFZ5
T1MxDzANBgNVBAMMBmNsaWVudDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
ggIBANHNJOSwcDbRqziL1gXYnHIq7P7vEUFvS8d/XLYJ1xIpcYTRXTut2CTGRar7
fZZicu7x0yoK4TzrHvGVf1o4NC4NSGV5RX6kwRdrfWBmvpIkjSLGtCREFyhb+PHD
pnsIS7cfN9udC0vocqVlx/xM/sfcP6Vja/uFp+9TQcneJIxYw34zkF+TtOVbE3pP
5VxU7ZAj8F5/q1ONhTMdzG4Ol4/0nBqZfdYA3LVDeSSNIJNF5jlaKXXFHz1EJRem
TYDx+f5bfCVcK2Qs8fU9jCFBlATjMu9O5rgk6nMLRwEnJZuZ1gj2tWQvz4e9yo5y
Uqf1PUhOrn3c81MRliUNHKr+CkxgQJal6P3Ar3q4iftJih3K+/j4o194mQ/Dt/Et
+/Qn/DUFk2FB0rTMcQwJLTEAzxtTdmBJeJpipIPDR0u7UMZLNh/raQ8s3FsbY4uY
ORt2f5YQlCVHbth4dRa9xa+oRbm7eomNACIbWfkLh5Bzud1+qIfdBMZKaZbnf0HE
euH0J5LBJeova8EPxWbYMJPrRHzu5gowkIKl+uIxcy8IiNTA9YEoJVonCjmlr8NE
tYShrIVbicdMNSI3pOQR60MFhkHwBjSU2l/z+4wwLxtzq/c2xKw9yrOZ46ZVLwGD
Fq8rPwp7/P9r6mDKsbn6jIvGOeH71dMZvoc4lCaClw+hKIzLAgMBAAGjdTBzMAwG
A1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMC
MB0GA1UdDgQWBBS6j30FmL6kZW7rDH8QjRMoWoA/njAfBgNVHSMEGDAWgBT+TQ2n
P8gvpkJmk6WQ1L/RmTBjATANBgkqhkiG9w0BAQsFAAOCAgEANW2Y4bgaB9oexEjj
6rkGvePtQmXRkF/adVQREY9iZDGTe72ePybVzrfMkZHjse3o7JvXWRIVVztWSzEp
v5noIOX7lAioGG3wsFTHotTFR0zrYJHXHBcV2Neq4Kx2Ta/TZwD8QnZHAAxEQ1pY
b4fxwN/A60VElAZoz9zYsbrJyVrfuHDL9queQxPFzqis+7W1BiVIcv4rn0DMQ560
jTGh4t4rImOSu5gUsUrQaih85XDdOBPxViSNwfVdZJIgbvamudpfEaKsIun/uCjc
xpNnzIp0rhyYmDeqVat4GnTV7Sy48e/Uvcq71ZWbBYJF4+yW4pylIU2Sh/Uy2sAz
4C2M71FlFB7qsmcnPRsFFHf+r1NyD1lkVI9k2371fTG/Kub9V0rOz4pvKz4Em5b4
MUPdDbZOqJ8hQ+atGE3ovFJIovA3NFb0OtnyC4l+kG7dfjqFudOnmDa+Qsya+2YO
xBZBIRfuhlXhb6Y6Smsk9R6x0jBmcQTPS5ZmvKaTxQCFc53xMdQNAswjiI2L9rw4
BcqQfVmf/vpoN+VusD/XEv2V0Ixm10YybA7BI/tixh9vwj3fdQXVLy3jSYjVBd5W
OFPizbQZeD10ElvlLqZZyWrP/Wre7Nmi/gEOnhBXXmo034fFF/vXf0JRpQsd2oDs
24+4XwZYb8mbM31j7Nx8YvhR+64=
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQDRzSTksHA20as4
i9YF2JxyKuz+7xFBb0vHf1y2CdcSKXGE0V07rdgkxkWq+32WYnLu8dMqCuE86x7x
lX9aODQuDUhleUV+pMEXa31gZr6SJI0ixrQkRBcoW/jxw6Z7CEu3HzfbnQtL6HKl
Zcf8TP7H3D+lY2v7hafvU0HJ3iSMWMN+M5Bfk7TlWxN6T+VcVO2QI/Bef6tTjYUz
HcxuDpeP9JwamX3WANy1Q3kkjSCTReY5Wil1xR89RCUXpk2A8fn+W3wlXCtkLPH1
PYwhQZQE4zLvTua4JOpzC0cBJyWbmdYI9rVkL8+HvcqOclKn9T1ITq593PNTEZYl
DRyq/gpMYECWpej9wK96uIn7SYodyvv4+KNfeJkPw7fxLfv0J/w1BZNhQdK0zHEM
CS0xAM8bU3ZgSXiaYqSDw0dLu1DGSzYf62kPLNxbG2OLmDkbdn+WEJQlR27YeHUW
vcWvqEW5u3qJjQAiG1n5C4eQc7ndfqiH3QTGSmmW539BxHrh9CeSwSXqL2vBD8Vm
2DCT60R87uYKMJCCpfriMXMvCIjUwPWBKCVaJwo5pa/DRLWEoayFW4nHTDUiN6Tk
EetDBYZB8AY0lNpf8/uMMC8bc6v3NsSsPcqzmeOmVS8BgxavKz8Ke/z/a+pgyrG5
+oyLxjnh+9XTGb6HOJQmgpcPoSiMywIDAQABAoICACNXi396uWyCpXVBGSyi8LfK
w2GupBmBxiI1Mkj4H2LP2G+nVS1Ye7C2NcY311AeBX56/jd23bqFYRERPgLUtPWN
B0UQyMQsvNpVISm8JR45Sg0xq+bwEXabB7SyYLkZDKgsehxkuCJxZd625pl53vGM
CKyzst0MBt4qCEsZQM7jpQr9ZLS1DSQV05InI1wKcnp1k2hX2WSZ0nZp7qYbjyyQ
6DsS4D/MpWFjnGSr4XDttXqz1YghTMHlWNpDCYtPN+3BO4iPnj+h0qCdXZ28jlLE
czAc+oDKtzPqEmv/TDaKE6Qu6x+VbkBPmG+mkoX4qfokRwCs19CGheR38PxdDx7A
gySv7K8hM8gFC0XEqNdjt86KG+N1Ps5Sru4QMrf8j9XXNPUvt0M8wsPVeWa5ubkV
7/h0HIEROOFpEFbzWnhBChPVvFObuuEjl5Jnj3KUEnckQFU07mPP/BpysHo3v/p+
VTVoo2UkfVvjamnwQOUt3cVlPVC4FzVgkswJa4f75nGmDv8dafyPrCYciOh0qyhD
5Pw/EBJkKtDBYHaoxtAw9Ann4A5rvZAveLNTPESOMo90pJwJbQcZyq9H+UGVnde3
9I4m5vHB5izZJI24Yd3fjRRkRf+/68VYKrkI5B7oH73Z/cl/xgEdI1hag4MLv1go
n8wna4yCX/321YPTrDABAoIBAQDpHtvnvpOaoSjkJHUx4EGJkrp5R/mPfEbzzU2O
v5pNIcufv++2lsoUVCTDwgp4+7GngqYO5vVyW/AS4pSrDx7kdWpFaUtJUUCcCHk/
5hYcvvourYtW1NR+XPiI28IqRp1P0L1+P0mUaRgpEcw6nEnc37XEujvTB1M/yF2y
6xc+kZGjrZTmJeu0V5kkaGcXlAqUv2k0Lj3tEPQR/qj+kMX5hidROGuybNBESgA5
ELY6QVnpcOyNDyniWq+RIUyBOuXp7DpUbmUANFEEP8lwjZX+HqwTpSjTSFdcPrsm
orc9FpTXA9ktt1Z0ZxBzUvdcWbUeVsFqL0yICiShE7UxlOPBAoIBAQDmZGQ5roSK
KY+VnmjIq2+gx8zsMYeliQm0hnKrFw9MM8U+/XOpXlpNHx2ehrGWp/BbmlmrnQaR
cbLPJaRtWSEywbWnG77g+zj0w+4BdsYyTtGGFj4tXVZhPPo/DID3FPLn9cSv8MIV
Wjzg1G/BZcxtCDBDRBhwhZHCPOfd0K/S7rvRBq7IsNNHMTGswWGRMaF+M/trZw7T
sQ0BX+5zZUyO8VNBi/NgTV3yoQ8ynBefRt1dmNa2CKXPT+5R19cBtecFEyhc3yo8
ryTtM22JzndzA8agQmNPnWmYGivvcNHNikTQ2qUvvcd7Siny6j0+CmFdT9bl64VP
yRJrFCw3jaOLAoIBAQCQ/1OyShRO+myPsql+U0kQQ8Zeh0kPWTJclFboMf7MePfJ
Lj3waMvaZxfS9s9CvvKaCSY2YKtL7Sle5bWozCff27Q05jAgszwnkRGxj/AzAwpj
nCft40UkL7majm2vk+pm6aPjcYPXnqKbcOmBjxJWIoNRkLCDKqw6IOs+zQDRNwPK
Nb5GhFGeA1pKjfGJddg6+u95uEVmPcRBqQ79/5hUAoBUAW7jNNE5mHmZBO8DPwCo
tUc82bCojNVkxLxsKPE2VWtWdq+1t9SoevBVZItl2zgWpATHndhQlOgdONoWUgRT
1J3x1HYewrg1suYOd/GypC17WV4Vw5FS6wopg71BAoIBAQC63vDgTGpauk0pOVya
b1tSmNzhM2dn4BhMIcU+eqzAzTkO13sKBGrQJQ3cODoxDbSKSE61QN9D92nmVQzi
WKnxxmb1zS5sw7g15/nTnCg0Q/P0g3QZTZyzsEb1/slYH9jKRnErl+eEdDXu0sB2
qIBAa6Th2ojMM7q/RrF3HD6Qo20ZpQb951bnZsJ48j2WDCCGAdnLCsNe9zuqQsph
NOf9BUbXYpGcKgSquPJfxXXvjgYdVcvJyIfc+GNAZQaS750bY6eYdLaIlDMqZk1R
unLuikCAWni86dvtMEU0qFi0E5Ovp7jWWWNE4CnYSyAzgy3oBssyoG74AQp8addX
k/3zAoIBAQC8/7DglQGMcKnk4zX+7jCuc0p+qMcd5RdnfBKlRhcWYNRPup9jyDef
dkXCBTumCHXrIil/rJzP6b1IZZdC4xkheQpLXNUcceAidRWIrTypaXKkmhR0D74u
ckGiLXB4S84HYmIdw89ZiF0gB0yyZH5mZnqVMojwnGmWqcM2sr2N44bNQMfhD+nC
SgQmReYKKfMQCdvYMxRLQfseU0pFEOGnh9jAmpn8qWMWxNDmFR/rVl26BXtRPiNP
imfwWKrYNYhESN7A5/hWcrNUhE4PI+Pjd74npimqs5TDSst2Jc6DiahdaZ6JNNzp
2PMUXNbfsMCVgZx+qtVNnVxVMiEngPRl
-----END PRIVATE KEY-----
</key>
Configure VyOS as client
set interfaces openvpn vtun10 authentication username 'user01'
set interfaces openvpn vtun10 authentication password '$ecret'
set interfaces openvpn vtun10 encryption cipher 'aes256'
set interfaces openvpn vtun10 hash 'sha512'
set interfaces openvpn vtun10 mode 'client'
set interfaces openvpn vtun10 persistent-tunnel
set interfaces openvpn vtun10 protocol 'udp'
set interfaces openvpn vtun10 remote-host '198.51.100.254'
set interfaces openvpn vtun10 remote-port '1194'
set interfaces openvpn vtun10 tls ca-certificate 'OVPN-CA'
set interfaces openvpn vtun10 tls certificate 'CLIENT'
Monitoring
If the client is connected successfully you can check the status
vyos@ovpn-server:~$ show openvpn server
OpenVPN status on vtun10
Client CN Remote Host Tunnel IP Local Host TX bytes RX bytes Connected Since
----------- ------------------ ----------- ------------------- ---------- ---------- -------------------
client 198.51.100.1:55150 10.23.1.6 198.51.100.254:1194 4.7 KB 4.7 KB 2023-05-11 12:47:11