Vyatta Blog Post Outline

text.md

Building Secure Networks with Vyatta

What is Vyatta, and why do you want to use it?

• Discussion of key strenths of vyatta, and firewalls in general
• Link to the open-source VyOS version and the commercial Vyatta project
• Talk about Softlayer choices specifically -- why softlayer version is insecure / finnicky with SSL & PPTP options, limitations & cost of the Fortigate appliance

Splitting your public and private traffic

• Show how you can set up private networks inaccessible from the internet
• Show how you can set up public, protected networks that are separated from the private networks
• Highlight VIFs, specifically how they work inside Softlayer, how to support multiple IP ranges

Building failure tolerance into Vyatta

• Show how you can setup VRRP to fail over to another vyatta machine if one goes down
• Talk about benefits like 0-downtime upgrades and infrastructure redundancy
• Show pitfalls in VRRP configuration, which config is targeting your networking vs. vyatta machine-to-machine communication
• Show how you can segment failover into groups, caveats that can cause trouble, simplicity wins here

Connecting to your private networks over OpenVPN

• Discuss OpenVPN, client support for iOS / Android / Mac / Windows
• Mention split tunnels
• Show firewall rules to allow openvpn connections in
• Show openvpn configuration
• Discuss how to generate client configuration for openvpn connection
• Major point about setting up VM networking to reliably work with OpenVPN connections

Wrapup

• Discuss what we learned -- how to set up split networks, how to handle failures at the firewall gateway and why you want to do that, connecting in a secure way through OpenVPN, and why split tunneling is a great match for lots of setups.