Home / Networking /
This might be specific to the USG 3P, but I assume works on other devices, at least gateways.
ssh into the device
sudo su - at least I think it's optionalconfiguremca-ctrl -t dump-cfg (> config.json if you want to save the file) to get the complete configuration.config.gateway.json placed in /path/to/config/sites/[siteid]/config.gateway.json on the controller.configurerun the following configuration commands (omit the comments):
set interfaces openvpn vtun0 mode site-to-site
set interfaces openvpn vtun0 local-address 10.0.100.2 # this is a newly created address for THIS device on the vpn network
set interfaces openvpn vtun0 remote-address 10.0.100.1 # this is an address for the server device on the vpn network
set interfaces openvpn vtun0 shared-secret-key-file "/config/auth/secretfile" # shared private key file - will need to be saved separately from the config json file - use ssh
set interfaces openvpn vtun0 openvpn-option "--dev tun"
set interfaces openvpn vtun0 openvpn-option "--persist-key"
set interfaces openvpn vtun0 openvpn-option "--persist-tun"
set interfaces openvpn vtun0 openvpn-option "--cipher AES-256-CBC"
set interfaces openvpn vtun0 openvpn-option "--auth SHA512"
set interfaces openvpn vtun0 openvpn-option "--resolv-retry infinite"
set interfaces openvpn vtun0 openvpn-option "--remote remoteHostAddress 1194 udp" # replace `remoteHostAddress` with the IP or url of the host. 1194 is the port that the server is listening to
set interfaces openvpn vtun0 openvpn-option "--route 10.0.69.0 255.255.255.0" # this tells openvpn that anything in the `10.0.69.0/24` subnet is to be routed onto the openvpn network
set interfaces openvpn vtun0 openvpn-option "--user nobody"
set interfaces openvpn vtun0 openvpn-option "--group nogroup"show interfaces openvpn vtun0exit discardcommit (applies the settings)saveexitmca-ctrl -t dump-cfg (see above) method to save to the network controller and deploy your changesthis document last modified: December 29 2024 21:19
Home / Networking /