- Describe creating certificates
1.1. Self-signed
openssl req -newkey rsa:4096 -new -nodes -x509 -days 3650 -keyout /config/auth/server.key -out /config/auth/server.crt openssl req -new -x509 -key /config/auth/server.key -out /config/auth/ca.crt
1.2 LetsEncrypt
sudo certbot certonly --standalone --preferred-challenges http -d <domain name>
- Describe vpn anyconnect server configuration
set vpn anyconnect authentication local-users username user4 password 'SecretPassword' set vpn anyconnect authentication mode 'local' set vpn anyconnect network-settings client-ip-settings subnet '100.64.0.0/24' set vpn anyconnect network-settings name-server '1.1.1.1' set vpn anyconnect network-settings name-server '8.8.8.8' set vpn anyconnect ssl ca-cert-file '/config/auth/fullchain.pem' set vpn anyconnect ssl cert-file '/config/auth/cert.pem' set vpn anyconnect ssl key-file '/config/auth/privkey.pem'
- Describe operational commands
vyos@RTR1:~$ show anyconnect-server sessions interface username ip remote IP RX TX state uptime ----------- ---------- ------------ ------------- -------- -------- --------- -------- sslvpn0 user4 100.64.0.105 xx.xxx.49.253 127.3 KB 160.0 KB connected 12m:28s