Page MenuHomeVyOS Platform

Docs for vpn anyconnect-server
Closed, ResolvedPublic

Description

  1. Describe creating certificates

1.1. Self-signed

openssl req -newkey rsa:4096 -new -nodes -x509 -days 3650 -keyout /config/auth/server.key -out /config/auth/server.crt
openssl req -new -x509 -key /config/auth/server.key -out /config/auth/ca.crt

1.2 LetsEncrypt

sudo certbot certonly --standalone --preferred-challenges http -d <domain name>
  1. Describe vpn anyconnect server configuration
set vpn anyconnect authentication local-users username user4 password 'SecretPassword'
set vpn anyconnect authentication mode 'local'
set vpn anyconnect network-settings client-ip-settings subnet '100.64.0.0/24'
set vpn anyconnect network-settings name-server '1.1.1.1'
set vpn anyconnect network-settings name-server '8.8.8.8'
set vpn anyconnect ssl ca-cert-file '/config/auth/fullchain.pem'
set vpn anyconnect ssl cert-file '/config/auth/cert.pem'
set vpn anyconnect ssl key-file '/config/auth/privkey.pem'
  1. Describe operational commands
vyos@RTR1:~$ show anyconnect-server sessions 
interface    username    ip            remote IP      RX        TX        state      uptime
-----------  ----------  ------------  -------------  --------  --------  ---------  --------
sslvpn0      user4       100.64.0.105  xx.xxx.49.253  127.3 KB  160.0 KB  connected  12m:28s

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Improvement (missing useful functionality)

Related Objects

Event Timeline

Dmitry triaged this task as Wishlist priority.Aug 18 2020, 9:47 PM
Dmitry created this task.
Dmitry changed the task status from Open to In progress.Sep 8 2020, 3:27 PM
erkin added a project: Restricted Project.Aug 29 2021, 1:22 PM
erkin set Issue type to Improvement (missing useful functionality).
erkin removed a subscriber: Active contributors.