Jump to content
TorGuard

Search the Community

Showing results for tags 'VyOS'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • The Lounge
    • General Stuff
    • TorGuard Reviews
    • Member Tutorials
  • TorGuard Software Releases
    • Network Status
    • TorGuard Client Releases
    • Android Client Releases
    • iOS App Releases
    • Chrome Extension Releases
    • Firefox Extension Releases
  • TorGuard VPN Support
    • VPN Questions and General Support
    • VPN Windows Support
    • VPN Mac Support
    • VPN Linux Support
    • VPN Router Support
    • iOS VPN Support
    • Android VPN Support
  • TorGuard Proxy Support
    • Proxy Questions and General Support
    • Firefox Extension Support
    • Chrome Extension Support

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Found 1 result

  1. I recently spent quite a few hours getting Torguard OpenVPN set up on my VyOS router virtual machine, so I thought I would share the configuration with the forums in case anyone else runs into the same issues and is unable to find other guides online (as I did). VyOS is a community fork of Vyatta (which is now Brocade vRouter). Ubiquiti's Edgerouters also use another fork of Vyatta called EdgeOS, so this configuration may be either close to or exactly what you need for one of those devices too (not able to test this as I don’t have one). Credentials On the VyOS shell, go to operational mode and use vi to create a file in /conf/auth containing the Torguard username on line 1 and password on line 2. Mine is called vpn-pass.txt. Certificates VyOS requires that you specify a CA cert file, a host cert file and the host private key file. Torguard don’t check for the latter two, but they still need to be valid files before you will be allowed to commit the openvpn interface configuration in VyOS. Obtain the Torguard Global ca.crt file, which you can find in the ‘Standard UDP Configs’ zip file under Downloads. Upload that to /conf/auth using SFTP. From the /config/auth directory, run the following commands to generate your self signed certificate and key file: openssl genrsa -out host.key 2048 openssl req -new -key host.key -out csr.crt openssl req -x509 -days 365 -key host.key -in csr.crt -out cert.crt chmod 700 host.key VPN Interface Run the following commands in config mode: set interfaces openvpn vtun1 encryption 'bf128' set interfaces openvpn vtun1 mode 'client' set interfaces openvpn vtun1 openvpn-option '--auth-user-pass /config/auth/vpn-pass.txt --persist-key --persist-tun --nobind --pull --route-nopull --comp-lzo --script-security 2' set interfaces openvpn vtun1 protocol 'udp' set interfaces openvpn vtun1 remote-host 'nl.torguardvpnaccess.com' set interfaces openvpn vtun1 remote-port '443' set interfaces openvpn vtun1 tls ca-cert-file '/config/auth/ca.crt' set interfaces openvpn vtun1 tls cert-file '/config/auth/cert.crt' set interfaces openvpn vtun1 tls key-file '/config/auth/host.key' Firewall Rules Create firewall rules: set firewall name vtun1-inbound default-action 'drop' set firewall name vtun1-inbound rule 1 action 'accept' set firewall name vtun1-inbound rule 1 description 'Allow established and related' set firewall name vtun1-inbound rule 1 state established 'enable' set firewall name vtun1-inbound rule 1 state related 'enable' set firewall name vtun1-inbound rule 2 action 'drop' set firewall name vtun1-inbound rule 2 description 'Drop invalid' set firewall name vtun1-inbound rule 2 state invalid 'enable' set firewall name vtun1-local default-action 'drop' set firewall name vtun1-local rule 1 action 'accept' set firewall name vtun1-local rule 1 description 'Allow established and related' set firewall name vtun1-local rule 1 state established 'enable' set firewall name vtun1-local rule 1 state related 'enable' set firewall name vtun1-local rule 2 action 'drop' set firewall name vtun1-local rule 2 description 'Drop invalid' set firewall name vtun1-local rule 2 state invalid 'enable' Bind them to the vtun1 openvpn interface: set interfaces openvpn vtun1 firewall in name 'vtun1-inbound' set interfaces openvpn vtun1 firewall local name 'vtun1-local' NAT Create NAT masquerade rules for outbound traffic from internal network (192.168.20.0/24 in this example): set nat source rule 200 outbound-interface 'vtun1' set nat source rule 200 source address '192.168.20.0/24' set nat source rule 200 translation address 'masquerade' Checking connection Commit all the of the above and then run show interfaces from operational mode to see if your vtun1 interface has picked up the 10.x IP address from the VPN server. You can also run show log openvpn to view the details of the connection. If you don't get a connection, you will find the reasons here. Routing I use policy based routing to send traffic for only specified machines down the VPN tunnel. The example below sends all traffic for 192.168.20.101 only down the tunnel. set policy route src-route rule 10 destination address '0.0.0.0/0' set policy route src-route rule 10 set table '1' set policy route src-route rule 10 source address '192.168.20.101/32' set protocols static table 1 interface-route 0.0.0.0/0 next-hop-interface 'vtun1' If you want to send all traffic down the tunnel, I guess you will need to set vtun1 as the default route interface, but have more specific routes allowing the router to lookup DNS and make the OpenVPN connection, so it can set the tunnel up initially. Good luck!
×