khayama-zz/vyatta OpenVPN config

## vyatta OpenVPN config
#intial configuration
mkdir ~/openvpn
cp /usr/share/doc/openvpn/examples/easy-rsa/2.0/* ~/openvpn/ -r
cd ~/openvpn
. ./vars
./clean-all
./build-ca
./build-key-server key-server-name
./build-key key-client-name
./build-dh

#add the second key
cd ~/openvpn
. ./vars
./build-key key-second-client-name

#firewall rule
set firewall name LOCAL_RULE rule 1000 action accept
set firewall name LOCAL_RULE rule 1000 description For-OpenVPN
set firewall name LOCAL_RULE rule 1000 destination port 1194
set firewall name LOCAL_RULE rule 1000 protocol udp

#OpenVPN interface
set interfaces openvpn vtun0
set interfaces openvpn vtun0 description remote-access-for-user1
set interfaces openvpn vtun0 local-port 1194
set interfaces openvpn vtun0 protocol udp
###set interfaces openvpn vtun0 local-port 443
###set interfaces openvpn vtun0 protocol tcp-passive
set interfaces openvpn vtun0 mode server
set interfaces openvpn vtun0 server subnet 192.168.111.0/24
set interfaces openvpn vtun0 tls ca-cert-file ~/openvpn/keys/ca.crt
set interfaces openvpn vtun0 tls cert-file ~/openvpn/keys/cert-server-common-name.crt
set interfaces openvpn vtun0 tls dh-file ~/openvpn/keys/dh1024.pem
set interfaces openvpn vtun0 tls key-file ~/openvpn/keys/key-server-common-name.key
set interfaces openvpn vtun0 server client client-key-common-name-1 ip 192.168.111.10
set interfaces openvpn vtun0 server client client-key-common-name-2 ip 192.168.111.20
set interfaces openvpn vtun0 server push-route 10.133.126.128/28
#set interfaces openvpn vtun0 server domain-name softlayer.com
#set interfaces openvpn vtun0 server name-server 10.0.80.11
#set interfaces openvpn vtun0 server name-server 10.0.80.12

#download key files (directory=o+x, file=o+r)
cd ~/openvpn/keys
ls -l && ls -ld
-rw-rw-r-- 1 vyos vyattacfg 1224 May 30 11:00 ca.crt(664)
-rw-rw-r-- 1 vyos vyattacfg 3794 May 30 11:03 client-common-name-1.crt(664)
-rw------- 1 vyos vyattacfg  887 May 30 11:03 client-common-name-1.key(600)———>(604)
drwx------ 2 vyos vyattacfg 4096 May 31 16:47 /home/vyos/openvpn/keys(700)———>(701)
chmod 604 client-common-name-1.key
chmod 701 /home/vyos/openvpn/keys
scp -P 20022 vyos@10.xx.xx.xx:/home/vyos/openvpn/keys/client-common-name-1.crt .
scp -P 20022 vyos@10.xx.xx.xx:/home/vyos/openvpn/keys/client-common-name-1.key .
scp -P 20022 vyos@10.xx.xx.xx:/home/vyos/openvpn/keys/ca.crt .
chmod 600 client-common-name-1.key
chmod 700 /home/vyos/openvpn/keys
	#intial configuration
	mkdir ~/openvpn
	cp /usr/share/doc/openvpn/examples/easy-rsa/2.0/* ~/openvpn/ -r
	cd ~/openvpn
	. ./vars
	./clean-all
	./build-ca
	./build-key-server key-server-name
	./build-key key-client-name
	./build-dh

	#add the second key
	cd ~/openvpn
	. ./vars
	./build-key key-second-client-name

	#firewall rule
	set firewall name LOCAL_RULE rule 1000 action accept
	set firewall name LOCAL_RULE rule 1000 description For-OpenVPN
	set firewall name LOCAL_RULE rule 1000 destination port 1194
	set firewall name LOCAL_RULE rule 1000 protocol udp

	#OpenVPN interface
	set interfaces openvpn vtun0
	set interfaces openvpn vtun0 description remote-access-for-user1
	set interfaces openvpn vtun0 local-port 1194
	set interfaces openvpn vtun0 protocol udp
	###set interfaces openvpn vtun0 local-port 443
	###set interfaces openvpn vtun0 protocol tcp-passive
	set interfaces openvpn vtun0 mode server
	set interfaces openvpn vtun0 server subnet 192.168.111.0/24
	set interfaces openvpn vtun0 tls ca-cert-file ~/openvpn/keys/ca.crt
	set interfaces openvpn vtun0 tls cert-file ~/openvpn/keys/cert-server-common-name.crt
	set interfaces openvpn vtun0 tls dh-file ~/openvpn/keys/dh1024.pem
	set interfaces openvpn vtun0 tls key-file ~/openvpn/keys/key-server-common-name.key
	set interfaces openvpn vtun0 server client client-key-common-name-1 ip 192.168.111.10
	set interfaces openvpn vtun0 server client client-key-common-name-2 ip 192.168.111.20
	set interfaces openvpn vtun0 server push-route 10.133.126.128/28
	#set interfaces openvpn vtun0 server domain-name softlayer.com
	#set interfaces openvpn vtun0 server name-server 10.0.80.11
	#set interfaces openvpn vtun0 server name-server 10.0.80.12

	#download key files (directory=o+x, file=o+r)
	cd ~/openvpn/keys
	ls -l && ls -ld
	-rw-rw-r-- 1 vyos vyattacfg 1224 May 30 11:00 ca.crt(664)
	-rw-rw-r-- 1 vyos vyattacfg 3794 May 30 11:03 client-common-name-1.crt(664)
	-rw------- 1 vyos vyattacfg 887 May 30 11:03 client-common-name-1.key(600)———>(604)
	drwx------ 2 vyos vyattacfg 4096 May 31 16:47 /home/vyos/openvpn/keys(700)———>(701)
	chmod 604 client-common-name-1.key
	chmod 701 /home/vyos/openvpn/keys
	scp -P 20022 vyos@10.xx.xx.xx:/home/vyos/openvpn/keys/client-common-name-1.crt .
	scp -P 20022 vyos@10.xx.xx.xx:/home/vyos/openvpn/keys/client-common-name-1.key .
	scp -P 20022 vyos@10.xx.xx.xx:/home/vyos/openvpn/keys/ca.crt .
	chmod 600 client-common-name-1.key
	chmod 700 /home/vyos/openvpn/keys