Brocade Communications Systems 5600 Reference Manual

Openvpn

Hide thumbs Also See for 5600:

Configuration manual (187 pages)

Reference manual (96 pages)

Quick start manual (48 pages)

page of 124

/ 124
Contents
Table of Contents
Bookmarks

Table of Contents

Quick Links

Download this manual See also: Configuration Manual, Installation Manual

53-1003719-03

14 September 2015

Brocade 5600 vRouter

OpenVPN

Reference Guide

Supporting Brocade 5600 vRouter 3.5R6

Table of Contents

Need help?

Do you have a question about the 5600 and is the answer not in the manual?

Questions and answers

Summary of Contents for Brocade Communications Systems 5600

Page 1 53-1003719-03 14 September 2015 Brocade 5600 vRouter OpenVPN Reference Guide Supporting Brocade 5600 vRouter 3.5R6...
Page 2 United States government. The authors and Brocade Communications Systems, Inc. assume no liability or responsibility to any person or entity with respect to the accuracy of this document or any loss, cost, liability, or damages arising from the information contained herein or the computer programs that accompany it.
Page 3: Table Of Contents
Brocade SSL-VPN Client Bundler.....................39 Overview......................39 Supported operating systems............. 39 Client bundles..................39 Administration of the client bundle..............40 Generating the client bundle............... 40 Authentication of the client bundle............42 Service-User web portal..............44 Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 4 <vtunx> server name-server <ipv4>......99 interfaces openvpn <vtunx> server push-route <ipv4net>......100 interfaces openvpn <vtunx> server subnet <ipv4net>........ 101 interfaces openvpn <vtunx> server topology <topology>......102 interfaces openvpn <vtunx> shared-secret-key-file <filename>....103 Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 5 <interface>............115 show interfaces openvpn <interface> brief........... 116 show interfaces openvpn detail..............117 show openvpn client status................118 show openvpn server status................. 119 show openvpn site-to-site status..............120 Related commands..................120 List of Acronyms........................121 Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 6 Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 7: Preface
Identifies command names, keywords, and command options. italic text Identifies a variable. value In Fibre Channel products, a fixed value provided as input to a command option is printed in plain text, for example, --show WWN. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 8: Notes, Cautions, And Warnings
DANGER A Danger statement indicates conditions or situations that can be potentially lethal or extremely hazardous to you. Safety labels are also attached directly to products to warn of these conditions or situations. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 9: Brocade Resources
OEM/Solution Provider for all of your product support needs. ® • OEM/Solution Providers are trained and certified by Brocade to support Brocade products. • Brocade provides backline support for issues that cannot be resolved by the OEM/Solution Provider. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 10: Document Feedback
• By sending your feedback to documentation@brocade.com. Provide the publication title, part number, and as much detail as possible, including the topic heading and page number if applicable, as well as your suggestions for improvement. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 11: About This Guide
About This Guide This guide describes how to configure OpenVPN on the Brocade 5600 vRouter (referred to as a virtual router, vRouter, or router in the guide). Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 12 About This Guide Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 13: Openvpn Overview
This code provides data integrity. Transport Layer Security (TLS) is a cryptographic protocol that uses public key cryptography and does not require the two endpoints to have a preshared secret. OpenVPN uses TLS with X.509 certificates Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 14: Openvpn Modes Of Operation
Site-to-site operation The following figure illustrates a simple site-to-site VPN operation. This operation could represent, for example, a connection between a branch office and a data center. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 15: Remote Access Operation
OpenVPN endpoint acts as the server and all remote endpoints operate as clients, which connect to the OpenVPN server to establish VPN tunnels, so that each established client has an independent tunnel to the server. The following figure shows a simple remote access VPN setup. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 16: Client-Side Access To Openvpn Access Server
OpenVPN server. The client requires only configuration information from the server. It does not require client software. NOTE It is possible for OpenVPN Access Server to act as the access server, authentication server, and OpenVPN server. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 17 OpenVPN server. The following figure shows an OpenVPN setup that uses OpenVPN Access Server, an authentication server, and an OpenVPN server. FIGURE 3 Client‐side access to OpenVPN access server Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 18 OpenVPN Overview You can use the show interfaces command to show the assigned IP address on the client side of the OpenVPN tunnel. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 19: Openvpn Configuration
In addition, you must add a static interface route to direct traffic for the remote subnet through the vtun0 tunnel interface. For information on setting up static routes, see Brocade 5600 vRouter Basic Routing Reference Guide.
Page 20 TABLE 2 Site-to-site OpenVPN with preshared secret: V1 static route Step Command vyatta@V1# set protocols static interface-route Create the static route to access the remote subnet through 192.168.101.0/24 next-hop-interface vtun0 the OpenVPN tunnel. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 21 Site-to-site OpenVPN with preshared secret: V2 static route Step Command vyatta@V2# set protocols static interface-route Create the static route to access the remote subnet through the 192.168.100.0/24 next-hop-interface vtun0 OpenVPN tunnel. vyatta@V2# commit Commit the change. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 22: Site-To-Site Mode With Tls
/ Specify the location of the CA certificate file. config/auth/ca.crt vyatta@V1# set interfaces openvpn vtun0 tls cert-file /config/ Specify the location of the host certificate file. auth/V1.crt Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 23 /config/ Specify the location of the host certificate file. auth/V2.crt vyatta@V2# set interfaces openvpn vtun0 tls key-file /config/ Specify the location of the host key file. auth/V2.key vyatta@V2# commit Commit the change. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 24: Client-Server Mode
192.168.200.0/24 subnet and that the tunnel IP address of the server (that is, the address of vtun0 on the server) is 192.168.200.1. • The remote-host option is not set because the clients are actively contacting the server. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 25 /config/ Specify the location of the host certificate file. auth/V2.crt vyatta@V2# set interfaces openvpn vtun0 tls key-file /config/ Specify the location of the host key file. auth/V2.key Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 26: Openvpn Clients On Windows Hosts
OpenVPN tunnel, right-click the icon and select Connect from the drop-down menu. If there are multiple .ovpn configuration files, the actions for each configuration appear in the drop-down menu of each file. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 27: Firewall Configuration
{ firewall { in rules-in For more information on configuring firewall for interfaces, see the firewall chapter in Brocade 5600 vRouter Firewall Reference Guide. OpenVPN access server Another OpenVPN scenario involves connecting to OpenVPN Access Server and using the configuration information it provides to establish an OpenVPN tunnel to an OpenVPN server.
Page 28 This example is valid for a scenario in which Autologin is enabled on the OpenVPN server for tunnel establishment. If Autologin is disabled, the following commands must be used to establish the tunnel: Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 29: Advanced Openvpn Options
• Cryptographic algorithms (Site-to-Site, Client, Server) • Split tunneling (Site-to-Site, Client, Server) • Broadcast network (Site-to-Site, Client, Server) • Multiple remote endpoints (Client only) • Client-server topology (Server only) • Client-specific settings (Server only) Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 30: Transport Protocol (Site-To-Site, Client, Server)
• remote-port: This argument is the UDP or TCP port number on the other endpoint to which OpenVPN initiates sessions. In other words, the other endpoint is accepting sessions on this port. If Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 31: Cryptographic Algorithms (Site-To-Site, Client, Server)
Internet traffic from a remote user travels to and from the user ISP directly without going to the VPN server, company network, firewall, and so on. On the other hand, bypassing these functions can be Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 32: Broadcast Network (Site-To-Site, Client, Server)
To configure an OpenVPN client or server as a tap device, use the configuration shown in the following example. Configuration options related to tap devices for client and server interfaces interfaces { openvpn if_name{ device-type Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 33: Multiple Remote Endpoints (Client Only)
Specify the physical IP address of the third remote host. 12.34.56.80 vyatta@V2# set interfaces openvpn vtun0 firewall in name Set the firewall rule for inbound traffic on the vtun0 interface. rules-in Enter configuration commands. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 34: Client-Server Topology (Server Only)
However, in some environments, the client-server mode is used to implement site-to-site functionality; that is, each client is in fact a site that establishes, in effect, a site-to-site tunnel with the server. The following figure illustrates this functionality. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 35 OpenVPN server. For this reason, a static interface route must be added separately to direct traffic for this subnet to the tunnel interface. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 36 Create the static interface route to access the remote subnet 192.168.100.0/24 next-hop-interface vtun0 through the OpenVPN tunnel. vyatta@V1# commit Commit the change. vyatta@V1# show protocols static Show the static routing configuration. interface-route 192.168.100.0/24 { next-hop-interface vtun0 { Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 37: Using Unsupported Openvpn Options
Create the vtun0 configuration node. Enter configuration commands. vyatta@V1# set interfaces openvpn vtun0 openvpn-option Set another desired OpenVPN option. "--secret /config/auth/secret 1" vyatta@V1# set interfaces openvpn vtun0 openvpn-option Set a desired OpenVPN option. "--verb 5" Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 38 Finally, some OpenVPN options require coordination between the two endpoints (for example, the value must be 0 on one side and 1 on the other), and you must ensure such constraints are met. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 39: Brocade Ssl-Vpn Client Bundler
Vyatta file-system and distribute the bundles to the end users individually. Windows client bundle The SSL-VPN client bundle for Windows operating system includes the SSL-VPN client software and the dedicated SSL-VPN connection. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 40: Administration Of The Client Bundle
Authentication of the client bundle on page 42. vyatta@vyatta# set interfaces openvpn vtunX tls ca- Configure the path to the file that contains the TLS CA certificate, cert-file filename_of_the_TLS_CA_certificate which is part of the client bundle. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 41 When optional settings or mandatory settings are changed, a new version of the SSL-VPN client bundles is generated during the next configuration commit. To enable client bundle configuration, you must specify for which operating systems the bundles needs to be set. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 42: Authentication Of The Client Bundle
The following example shows how to create the alice and bob local service users and grant access for them to the vtunX OpenVPN interface. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 43 LDAP authentication of an SSL-VPN connection requires a service-user LDAP authentication profile, which is configured in the following file: resources service-users ldap profilename Details on how to set up a service LDAP authentication profile are covered in Service User Management. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 44: Service-User Web Portal
The file name of each client bundle includes a suffix to identify the latest version of the client in this form: filename-vversionnumber.exe. For example: ACME HQ-v2.exe. NOTE Only the most recent version of a bundle is kept on the Brocade vRouter persistent volume. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 45: Deploying The Ssl-Vpn Client Bundle
Brocade vRouter. Because the wizard is a Windows OS executable file, various Windows OS or browser security measures display messages to warn the end user about potential known malware risks. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 46: Ssl-Vpn Client Connection
47. Make sure to receive files only from your IT administrator and no other source. If you are in doubt, verify with your administrator that you have the correct files. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 47: Installing The Ssl-Vpn Client Bundle
VPN client bundle for the operating system on your computer. Installing the SSL-VPN client bundle Read the following section that applies to the operating system on which you want to use the SSL-VPN client bundle: Windows, OS X, or Linux. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 48 FIGURE 11 SSL-VPN Setup Wizard dialog After installation, you can either select in the installation wizard to connect directly to the SSL-VPN or uncheck the Connect to box and close the installation wizard by clicking Finish. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 49 FIGURE 12 Completing the SSL-VPN Setup Wizard dialog If the Connect to box is checked, the Brocade SSL-VPN client starts automatically and prompts you for a username and a password. FIGURE 13 Service-Users web portal login page Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 50 SSL-VPN network configuration or maintenance updates are made to the Brocade SSL-VPN client software. To uninstall the Brocade SSL-VPN client, go to the Windows Control Panel and select Uninstall/ Change. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 51 Manager applets to manage network connections and various types of VPN connections. To make a VPN connection and import the configuration file, follow these steps: 1. Enter the tray menu of the Network Manager applet and select Edit Connections. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 52 3. Select Import. In the file dialog, select the location of the unpacked Zip archive. FIGURE 18 Network connections dialog box 4. Select the OpenVPN configuration file (.ovpn) as the file to import. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 53 IT administrator or set your cooperating username. The cooperating username indicates to users that they use their known cooperating credentials. In this example, the username is alice. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 54 7. Leave the Network Connection setup dialog box by saving the configuration. 8. Enter the tray menu of the Network Manager applet again and select VPN Connections and the recently imported SSL‐VPN profile, which has the name of the SSL‐VPN client bundle. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 55 OS X clients. To make use of the SSL-VPN client bundle for OS X, you must first install an OpenVPN client application for OS X. There are various OS X OpenVPN clients available. All of those are compatible with the provided SSL-VPN client bundle configuration for OS X. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 56 OS X platform Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 57: Configuring Openvpn Ldap Authentication
To configure OpenVPN LDAP authentication, perform the following steps: 1. Configure service-user authentication through LDAP, as described in the “Service-User Management” chapter of Brocade 5600 vRouter Basic System Reference Guide. 2. Link an OpenVPN instance or interface to the LDAP service-user profile.
Page 58 Configuring LDAP authentication without client certificates Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 59: Openvpn Commands
● interfaces openvpn <vtunx> server topology <topology>..........102 ● interfaces openvpn <vtunx> shared-secret-key-file <filename>........103 ● interfaces openvpn <vtunx> tls..................104 ● interfaces openvpn <vtunx> tls ca-cert-file <filename>..........105 ● interfaces openvpn <vtunx> tls cert-file <filename>............106 Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 60 ● show interfaces openvpn <interface> brief..............116 ● show interfaces openvpn detail...................117 ● show openvpn client status..................118 ● show openvpn server status..................119 ● show openvpn site-to-site status.................120 ● Related commands..................... 120 Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 61: Generate Openvpn Key
Use this command to generate a shared secret key that is contained in a file with the specified file name. The key is required when the OpenVPN preshared secret mechanism is used. This command is available only to users with administrative privileges. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...

Page 62: Interfaces Openvpn
Use the set form of this command to configure an interface. Use the delete form of this command to remove an existing configuration for an interface. Use the show form of this command to view the configuration for an interface. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...

Page 63: Interfaces Openvpn Description
Use the set form of this command to provide a description for an interface. Use the delete form of this command to remove the description for an interface. Use the show form of this command to view the description for an interface. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...

Page 64: Interfaces Openvpn Device-Type Tap
Use the delete form of this command to return an interface to its default behavior, that is, the interface is configured as a tun device. Use the show form of this command to view the device-type configuration. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 65: Interfaces Openvpn Disable
Use the set form of this command to disable an interface. Use the delete form of this command to enable an interface. Use the show form of this command to view the configuration of an interface. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 66: Interfaces Openvpn Encryption
Use the delete form of this command to remove the encryption algorithm that is used within a tunnel and return to the default algorithm, which is the Blowfish algorithm with 128-bit key. Use the show form of this command to view the encryption algorithm that is used within a tunnel. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...

Page 67: Interfaces Openvpn Firewall
Use the delete form of this command to remove a firewall rule set from an OpenVPN tunnel. Use the show form of this command to display the firewall rule set applied to an OpenVPN tunnel. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...

Page 68: Interfaces Openvpn Hash
Use the delete form of this command to remove the hash algorithm that is used within a tunnel and return to the default algorithm, which is SHA-1. Use the show form of this command to view the hash algorithm that is used within a tunnel. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...

Page 69: Interfaces Openvpn Ipv6 Address
Use the set form of this command to assign an IPv6 address to an interface. Use the delete form of this command to delete an IPv6 address from an interface. Use the show form of this command to view settings of an IPv6 address configuration. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 70: Interfaces Openvpn Ipv6 Disable-Forwarding
Use the delete form of this command to enable IPv6 packet forwarding on an interface. Use the show form of this command to view the configuration of IPv6 packet forwarding on an interface. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 71: Interfaces Openvpn Ipv6 Dup-Addr-Detect-Transmits
Use the delete form of this command to remove the number of times NS packets are transmitted and return to the default number of 1. Use the show form of this command to view the number of times NS packets are transmitted. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...

Page 72: Interfaces Openvpn Ipv6 Router-Advert
If the MTU entered here does not match the MTU configured on the interface, the system issues a warning but does not fail. managed-flag state Specifies whether to use the administered protocol for address autoconfiguration. The state is one of the following: Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 73 RFC 4862. The lifetime is with respect to the time the packet is sent. The lifetime ranges from 1 through 4294967296 plus the infinity keyword, which represents forever. (The actual value of infinity is a byte in Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 74 Use this command to specify the RA to be sent from an OpenVPN interface. Router advertisements are sent by IPv6 routers to advertise their existence to hosts on the network. IPv6 hosts do not send router advertisements. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 75 Use the set form of this command to create the router-advert configuration node and begin to send Use the delete form of this command to remove the router-advert configuration node and stop sending Use the show form of this command to view RA configuration. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 76: Interfaces Openvpn Local-Address
Use the delete form of this command to remove the tunnel IP address from the local end of a tunnel. Use the show form of this command to view the tunnel IP address on the local end of a tunnel. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...

Page 77: Interfaces Openvpn Local-Host
Use the delete form of this command to remove the local IP address to which connections are accepted. Use the show form of this command to view the local IP address to which connections are accepted. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...

Page 78: Interfaces Openvpn Local-Port
Use the delete form of this command to remove the local port on which incoming sessions are accepted. Use the show form of this command to view the local port on which incoming sessions are accepted. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...

Page 79: Interfaces Openvpn Mode
Use the set form of this command to specify the mode in which an interface operates. Use the delete form of this command to remove the mode in which an interface operates. Use the show form of this command to view the mode in which an interface operates. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...

Page 80: Interfaces Openvpn Openvpn-Option
Use the set form of this command to employ additional options. Use the delete form of this command to remove additional options. Use the show form of this command to view additional options. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...

Page 81: Interfaces Openvpn Protocol
Use the set form of this command to specify the communications protocol. Use the delete form of this command to remove the communications protocol. Use the show form of this command to view the communications protocol. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...

Page 82: Interfaces Openvpn Remote-Address
Use the delete form of this command to remove the tunnel IP address from the remote end of the tunnel. Use the show form of this command to view the tunnel IP address on the remote end of the tunnel. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...

Page 83: Interfaces Openvpn Remote-Configuration Password
Use the set form of this command to specify a password. Use the delete form of this command to remove a password. Use the show form of this command to view a password. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...

Page 84: Interfaces Openvpn Remote-Configuration Server
Use the set form of this command to specify the IP address or hostname. Use the delete form of this command to remove the IP address or hostname. Use the show form of this command to view the IP address or hostname. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...

Page 85: Interfaces Openvpn Remote-Configuration Tunnel-Password
Use the set form of this command to specify a password. Use the delete form of this command to remove a password. Use the show form of this command to a view password. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...

Page 86: Interfaces Openvpn Remote-Configuration Tunnel-Username
Use the set form of this command to specify a username. Use the delete form of this command to remove a username. Use the show form of this command to view a username. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...

Page 87: Interfaces Openvpn Remote-Configuration Username
Use the set form of this command to specify a username. Use the delete form of this command to remove a username. Use the show form of this command to view a username. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...

Page 88: Interfaces Openvpn Remote-Host
Use the delete form of this command to remove a remote IP address or hostname to which connections are made. Use the show form of this command to view a remote IP address or hostname to which connections are made. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...

Page 89: Interfaces Openvpn Remote-Port
Use the delete form of this command to remove a remote UDP or TCP port on which outgoing sessions are sent. Use the show form of this command to view a remote UDP or TCP port on which outgoing sessions are sent. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...

Page 90: Interfaces Openvpn Replace-Default-Route
Use the set form of this command to specify that the default route should be through the OpenVPN tunnel. Use the delete form of this command to remove the configuration. Use the show form of this command to view the configuration. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 91: Interfaces Openvpn Server
Use the set form of this command to create the server mode configuration node. Use the delete form of this command to remove the server mode configuration node. Use the show form of this command to view the configuration. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 92: Interfaces Openvpn Server Client
Use the set form of this command to create the client configuration node. Use the delete form of this command to remove the client configuration node. Use the show form of this command to view the configuration. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...

Page 93: Interfaces Openvpn Server Client Disable
Use the delete form of this command to allow the client to connect to the OpenVPN server. NOTE An OpenVPN client needs to be restarted before it will initiate a new connection to the OpenVPN server. Use the show form of this command to view the configuration. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 94: Interfaces Openvpn Server Client Ip
Use the set form of this command to specify the IP address to assign to the client in a client-server environment. Use the delete form of this command to remove the IP address. Use the show form of this command to view the IP address. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...

Page 95: Interfaces Openvpn Server Client Push-Route
Use the set form of this command to specify a route to be pushed to all clients. Use the delete form of this command to remove the route configuration. Use the show form of this command to view the route configuration. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...

Page 96: Interfaces Openvpn Server Client Subnet
Use the set form of this command to specify the subnet. Use the delete form of this command to remove the subnet configuration. Use the show form of this command to view the subnet configuration. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...

Page 97: Interfaces Openvpn Server Domain-Name
Use the set form of this command to specify the domain name to be given to OpenVPN clients connected to this OpenVPN server. Use the delete form of this command to remove the domain name configuration. Use the show form of this command to view the domain name configuration. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...

Page 98: Interfaces Openvpn Server Max-Connections
Use the set form of this command to specify the maximum number of clients that can connect to the server. Use the delete form of this command to return to the default configuration. Use the show form of this command to view the maximum number of client connections configured. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...

Page 99: Interfaces Openvpn Server Name-Server
Use the set form of this command to specify an IPv4 address of a name server to be pushed to clients. Use the delete form of this command to remove the name server configuration. Use the show form of this command to view the name server configuration. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...

Page 100: Interfaces Openvpn Server Push-Route
Use the set form of this command to specify a route to be pushed to all clients. Use the delete form of this command to remove the route configuration. Use the show form of this command to view the route configuration. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...

Page 101: Interfaces Openvpn Server Subnet
Use the set form of this command to specify the subnet. Use the delete form of this command to remove the subnet configuration. Use the show form of this command to view the subnet configuration. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...

Page 102: Interfaces Openvpn Server Topology
Use the set form of this command to specify the topology. Use the delete form of this command to remove the topology configuration. Use the show form of this command to view the topology configuration. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...

Page 103: Interfaces Openvpn Shared-Secret-Key-File
Use the delete form of this command to remove the shared secret key file configuration. Use the show form of this command to view the shared secret key file configuration. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...

Page 104: Interfaces Openvpn Tls
Use the set form of this command to create the TLS configuration node. Use the delete form of this command to remove the TLS configuration node. Use the show form of this command to view the TLS configuration. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 105: Interfaces Openvpn Tls Ca-Cert-File
Use the set form of this command to specify the file containing the certificate authority’s certificate. Use the delete form of this command to remove the pointer to the file containing the certificate authority’s certificate. Use the show form of this command to view the configuration. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...

Page 106: Interfaces Openvpn Tls Cert-File
Use the set form of this command to specify the file containing the endpoint’s certificate. Use the delete form of this command to remove the pointer to the file containing the endpoint’s certificate. Use the show form of this command to view the configuration. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...

Page 107: Interfaces Openvpn Tls Crl-File
Use the set form of this command to specify the file containing a certificate revocation list. Use the delete form of this command to remove the pointer to the file containing a certificate revocation list. Use the show form of this command to view the configuration. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...

Page 108: Interfaces Openvpn Tls Dh-File
Use the set form of this command to specify the file containing Diffie Hellman parameters. Use the delete form of this command to remove the pointer to the file containing Diffie Hellman parameters. Use the show form of this command to view the configuration. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...

Page 109: Interfaces Openvpn Tls Key-File
Use the set form of this command to specify the file containing the endpoint’s own private key. Use the delete form of this command to remove the pointer to the file containing the endpoint’s own private key. Use the show form of this command to view the configuration. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...

Page 110: Interfaces Openvpn Tls Role
Use the set form of this command to specify the TLS role the endpoint will take. Use the delete form of this command to remove the TLS role. Use the show form of this command to view the configuration. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...

Page 111: Monitor Interfaces Openvpn Traffic
Usage Guidelines Use this command to capture traffic on the OpenVPN interface. Examples The following example shows the output of this command. vyatta@vyatta# monitor interfaces openvpn vtun0 traffic Capturing traffic on vtun0 ... Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 112: Reset Openvpn Interface
On the server side, in a client-server environment, all connections are dropped. The server will then wait for the clients to re-establish the connections. NOTE The OpenVPN process does not get restarted by this command, though all tunnel connections are reset. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...

Page 113: Reset Openvpn Interface Client
Use this command to reset the connection to a specific client. The connection to the client will be disconnected and the server will wait for the client to re-establish the connection. NOTE The OpenVPN process does not get restarted by this command. Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...

Page 114: Show Interfaces Openvpn
The following example shows the output of this command. vyatta@vyatta# show interfaces openvpn Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down Interface IP Address Description --------- ---------- ----------- vtun0 192.168.200.1/32 Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 115: Show Interfaces Openvpn
<POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 100 link/[65534] inet 192.168.200.1 peer 192.168.200.2/32 scope global vtun0 bytes packets errors dropped overrun mcast 1216 bytes packets errors dropped carrier collisions Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...

Page 116: Show Interfaces Openvpn Brief
The following example shows the output of this command. vyatta@vyatta# show interfaces openvpn vtun0 brief Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down Interface IP Address Description --------- ---------- ----------- vtun0 192.168.200.1/32 Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 117: Show Interfaces Openvpn Detail
<POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 100 link/[65534] inet 192.168.200.1 peer 192.168.200.2/32 scope global vtun0 bytes packets errors dropped overrun mcast 1216 bytes packets errors dropped carrier collisions Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 118: Show Openvpn Client Status
OpenVPN client status on vtun2 [openvpn client] Server CN Remote IP Tunnel IP TX byte RX byte Connected Since --------------- --------------- --------------- ------- ------- ---------------------- 172.16.117.128 6.8K 8.1K N/A Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 119: Show Openvpn Server Status
OpenVPN server status on vtun0 (last updated on Wed Oct 29 22:34:18 2008) Client Remote IP Tunnel IP TX byte RX byte Connected Since --------------- --------------- --------------- ------- ------- ---------------- vclient1 192.168.252.3 192.168.200.4 16.0K 16.5K Wed Oct 29 21:59:50 2008 Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 120: Show Openvpn Site-To-Site Status
5600 vRouter Firewall Reference Guide. OSPF Commands for configuring the Open Shortest Path First routing protocol on OpenVPN interfaces are described in Brocade 5600 vRouter OSPF Reference Guide. Policy Based Routing Commands for configuring Policy Based Routing on OpenVPN interfaces are described in Brocade 5600 vRouter Policy-based Routing Reference Guide.
Page 121: List Of Acronyms
Domain Name System DSCP Differentiated Services Code Point Digital Subscriber Line eBGP external BGP Amazon Elastic Block Storage Amazon Elastic Compute Cloud Exterior Gateway Protocol ECMP equal-cost multipath Encapsulating Security Payload Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 122 Link Layer Discovery Protocol medium access control mGRE multipoint GRE Management Information Base Multicast Listener Discovery MLPPP multilink PPP MRRU maximum received reconstructed unit maximum transmission unit Network Address Translation NBMA Non-Broadcast Multi-Access Neighbor Discovery Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 123 Reverse Path Forwarding Rivest, Shamir, and Adleman receive Amazon Simple Storage Service SLAAC Stateless Address Auto-Configuration SNMP Simple Network Management Protocol SMTP Simple Mail Transfer Protocol SONET Synchronous Optical Network Shortest Path Tree Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...
Page 124 User Datagram Protocol virtual hard disk virtual interface VLAN virtual LAN Amazon virtual private cloud virtual private network VRRP Virtual Router Redundancy Protocol wide area network wireless access point Wired Protected Access Brocade 5600 vRouter OpenVPN Reference Guide 53-1003719-03...

Brocade Communications Systems 5600 Reference Manual

Preface

About this Guide

Openvpn Overview

Openvpn Configuration

Brocade SSL-VPN Client Bundler

Configuring Openvpn LDAP Authentication

Openvpn Commands

List of Acronyms

Quick Links

Need help?

Questions and answers

Related Manuals for Brocade Communications Systems 5600

Summary of Contents for Brocade Communications Systems 5600

Table of Contents