Category Archives: Vyatta

Linux IPSec Site-to-Site VPN: AWS VPC & Vyatta Firewall

In this tutorial, we will use the Site-to-Site VPN scenario with the modification and one of the customer site that is using Vyatta firewall, which is also acting as gateway for LAN plus the vpn gateway while from the AWS side, we are using the exact same Ubuntu Linux router.

Please review the previous tutorial before starting this tutorial, as I’ll use the previous tutorial as the base for this one.

vyatta-vpn-sNote: Please don’t waste your time in hacking, all these public devices and IP(s) are Temporary, I have destroyed them after finished this tutorial.

VPN Configuration on Vyatta Site: Read more of this post


Secure RDP connection through Vyatta using PuTTY

vyatta-rdpConnecting to SSH Server as gateway instead of directly RDP to a PC is safer way and add another layer of encryption.With this method,we can connect to any client that is behind the firewall provided that we have open the port 22 (or any other SSH port) to the SSH Server.

In First step, we’ll configure the vyatta, so that it will forward the ssh request to the internal Linux server that it will receive on it’s port 222.

(From the Configuration Mode, issue these commands)

set nat destination rule 110 description "SSH to internal Host"
set nat destination rule 110 inbound-interface eth0
set nat destination rule 110 protocol tcp
set nat destination rule 110 translation address
set nat destination rule 110 translation port 22
set nat destination rule 110 destination port 222
set nat destination rule 110 destination address X.X.X.X


Read more of this post

How to Configure Vyatta as DHCP Server for LAN



Vyatta dhcp server with 2 network cards (eth0 & eth1), eth0 is connected to Internet, while eth1 is connected to the LAN and serve as dhcp server for subnet.

Configuring the LAN–facing Ethernet interface:

Connect to the Vyatta Firewall, then enter the configuration mode and list the configuration of eth1 interface(which will serve the ip address(es) to the LAN hosts):

show interfaces ethernet eth1


Read more of this post

How to Configure NTP Server and Timezone on Vyatta

Out of the box the Vyatta Firewall will sync to Vyatta’s NTP server pool. It really important to set your NTP server address to the standard time sources for your organization and delete the default NTP server.

Reason:This will make it easier to correlate the Vyatta logs with logs from other systems that are receiving time from the same NTP source. A difference of a  few seconds sometime can make it very difficult to compare the logs of separate systems.

By default, Vyatta set its internal clock in Universal time (UTC) a.k.a GMT:

show date


Before proceeding, verify that the Vyatta Firewall synchronize with default NTP server:

show ntp


Read more of this post

Vyatta – Basic Configuration after installation

Vyatta is a routing/firewall/VPN platform based on a Debian GNU/Linux that runs on x86 or amd64 hardware and many virtual machine hypervisors. It is widely used in cloud infrastructure. It is appreciated by its robustness, reliability and the services it provides. Vyatta is more like IOS, JunOS and other enterprise platforms.


We’ll use the following scenario, to understand the basic configuration of vyatta.


Booting the Vyatta:

After starting the Vyatta machine. It should go through the usual Linux boot process. Log in with the username vyatta and the password vyatta (or any other password that you have configured during the installation).


Read more of this post
%d bloggers like this: