Vyatta – How to Configure a Remote Access VPN


The purpose of this document is to explain the various steps required in configuring a remote access VPN on a Vyatta appliance.

Vyatta Configuration

The Vyatta configuration steps are pretty straight forward. You enable the outside interface with IPSEC, the IP pool, along with the secret passphrase and usernames and passwords, then your good to go.

set vpn ipsec ipsec-interfaces interface <OUTSIDE PUBLIC INT>
set vpn ipsec nat-traversal enable
set vpn ipsec nat-networks allowed-network

set vpn l2tp remote-access outside-address <OUTSIDE PUBLIC IP>
set vpn l2tp remote-access client-ip-pool start <x.x.x.x>
set vpn l2tp remote-access client-ip-pool stop <x.x.x.x>

set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret
set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret <passphrase>
set vpn l2tp remote-access authentication mode local

set vpn l2tp remote-access authentication local-users username test password abc123

Client Configuration

In terms of the configuration steps required on the client side. The steps required to configure a Windows based machine (in this case Windows 7) are shown below.

1. First initiate the wizard.

2. Next, add the public IP f your Vyatta device.

Create VPN connection

3. Next, add your username and password.

Create VPN connection - username and password

4. Click ‘Connection Now’.

Create VPN connection - Connect

5. Then, go into the available/connected networks and client the recently added ”VPN Connections’.

VPN connection

6. Next, change the ‘Type of VPN’ to what is shown below. Then click ‘Advanced Settings’, and add your secret passphrase.

VPN connection properties


Split Tunneling

By default split tunnelling isn’t enabled. Meaning that all traffic from the client will be sent down the VPN tunnel. To enable split tunneling follow the following steps.

  1. Go to Control Panel / Network Connections.
  2. Right-click on your Vyatta VPN connection, then click Properties.
  3. Click Advanced. Uncheck the “Use default gateway on remove network” checkbox.
  4. Then click OK three times.



The main troubleshooting command is shown below. This allows to see the user that is logged in along with the sent and received packets.

vyatta@lab:~$ show vpn remote-access
Active remote access VPN sessions:

User            Proto Iface     Tunnel IP       TX byte RX byte  Time
----            ----- -----     ---------       ------- -------  ----
felix001        L2TP  l2tp0           74   39.4K  01h08m35s
Rick Donato

Want to become a networking expert?

Here is our hand-picked selection of the best courses you can find online:
Cisco CCNA 200-301 Certification Gold Bootcamp
Complete Cyber Security Course – Network Security
Internet Security Deep Dive course
Python Pro Bootcamp
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial