Professional Documents
Culture Documents
Step by Step Configure Router Vyata 6.5.18
Step by Step Configure Router Vyata 6.5.18
Syntax
set vpn pptp remote-access mtu mtu
delete vpn pptp remote-access mtu
show vpn pptp remote-access mtu
Command Mode
Configuration mode.
Configuration Statement
vpn {
pptp {
remote‐access {
mtu mtu
}
}
}
Parameters
mtu Sets the MTU, in octets, for the interface as a whole, including any
logical interfaces configured for it. The range is 128 to 16384.
Default
If this value is not set, fragmentation is never performed.
Usage Guidelines
Use this command to set the maximum transmission unit (MTU) for an PPTP
connection.
When forwarding, IPv4 packets larger than the MTU will be fragmented unless the DF
bit is set. In that case, the packets will be dropped and an ICMP “Packet too big”
message is returned to the sender.
Use the set form of this command to specify the MTU.
Use the delete form of this command to remove MTU value and disable
fragmentation.
Use the show form of this command to view MTU configuration.
Syntax
set vpn pptp remote-access outside-address ipv4
delete vpn pptp remote-access
show vpn pptp remote-access
Command Mode
Configuration mode.
Configuration Statement
vpn {
pptp {
remote‐access {
outside‐address ipv4
}
}
Parameters
ipv4 Mandatory. The IPv4 address to which the PPTP server should
bind.
Default
None.
Usage Guidelines
Use this command to set the outside address for a remote access PPTP VPN
connection.
The outside address is the address of the interface facing the external network. This is
the address to which the PPTP server binds, and only remote connections coming into
the address will be accepted.
NOTE This option cannot be used if vpn pptp remote‐access dhcp‐interface <interface> is also set.
Use the set form of this command to set the PPTP VPN outside address.
Use the delete form of this command to remove the PPTP VPN outside address.
Use the show form of this command to display PPTP VPN outside address
configuration.
Syntax
set vpn pptp remote-access wins-servers server-1 ipv4
delete vpn pptp remote-access wins-servers server-1
show vpn pptp remote-access wins-servers server-1
Command Mode
Configuration mode.
Configuration Statement
vpn {
pptp {
remote‐access {
wins‐servers {
server‐1 ipv4
}
}
}
Parameters
ipv4 The IP address of the primary WINS server for remote clients.
Default
None.
Usage Guidelines
Use this command to specify the primary WINS server to be associated with remote
PPTP VPN clients.
The Windows Internet Net Service (WINS) is used to support environments in which
users access resources that have NetBIOS names.
Use the set form of this command to specify the primary WINS server IP address.
Use the delete form of this command to remove the primary WINS server IP address.
Use the show form of this command to display the primary WINS server IP address.
Syntax
set vpn pptp remote-access wins-servers server-2 ipv4
delete vpn pptp remote-access wins-servers server-2
show vpn pptp remote-access wins-servers server-2
Command Mode
Configuration mode.
Configuration Statement
vpn {
pptp {
remote‐access {
wins‐servers {
server‐2 ipv4
}
}
}
Parameters
ipv4 The IP address of the secondary WINS server for remote clients.
Default
None.
Usage Guidelines
Use this command to specify the secondary WINS server to be associated with remote
PPTP VPN clients.
The Windows Internet Net Service (WINS) is used to support environments in which
users access resources that have NetBIOS names.
Use the set form of this command to specify the secondary WINS server IP address.
Use the delete form of this command to remove the secondary WINS server IP
address.
Use the show form of this command to display the secondary WINS server IP
address.
Chapter 5: OpenVPN
This chapter explains how to set up both site-to-site and remote access OpenVPN
virtual private networks on the Vyatta System.
This chapter presents the following topics:
• OpenVPN Configuration
• OpenVPN Commands
OpenVPN Configuration
This section presents the following topics:
• OpenVPN Security Mechanisms
• OpenVPN Modes of Operation
• Configuration Examples for Basic Usage
• Configuration Examples for Advanced Options
• Unsupported OpenVPN Options
• Bridging
NOTE Committing changes to the OpenVPN configuration will cause the OpenVPN process for the
specified OpenVPN interface (e.g. vtun0) to restart. This will result in all existing OpenVPN
tunnels on the OpenVPN interface being reset. The exceptions to this are commands under the
interfaces openvpn <vtunx> server client configuration node and the interfaces openvpn
<vtunx> description command.
Pre‐Shared Secret
When pre-shared secret is used for security, OpenVPN works as follows:
1 The administrator uses the Vyatta operational command generate vpn openvpn-key
to generate a file containing a certain number of random data bytes; that is, the secret
to be used to provide security.
2 The administrator transfers the secret file to each of the two tunnel endpoints using
pre-established secure channels. For example, the file can be generated on one of the
endpoints and then transferred to the other endpoint using a secure file transfer
protocol, such as SCP.
VPN 6.5R1 v01
Vyatta