Easy OpenVPN configuration goal suggestions

Turris Omnia
1

A lot of future Omnia owners want to use OpenVPN and there is a goal to make it easy.
I am running both an OpenVPN server and an OpenVPN client in my router (with DD-WRT, and tried Open-WRT long time ago), and the setup is lengthy and not always clear.

OpenVPN client: most online VPN services provide a *.ovpn file, if we can load the ovpn file using the interface, it is going to be a single step configuration. If the ovpn file is not available, then we can have a more advanced interface.

OpenVPN server: at the end of the server configuration, let the user download the ovpn file to load in the clients. This will make the client configuration easy. The client can be another router or a phone or a computer.

2

pfSense has really nice OpenVPN configuration UI. I can paste some screenshots if anybody’s interested.

1 Like
3

Of course we are!

M4x

4

Here’s the main config page:

ovpn-main.png974×347 24.6 KB

Other tabs have similar lists.

Editing or creating a new server looks like this:

ovpn-server.png957×2513 120 KB

Client configuration:
ovpn-client.png957×2038 101 KB

And setting up client-specific overrides:
ovpn-cso.png957×1305 70.6 KB

2 Likes
5

Looks great, thank you!

M4x

6

Please don’t only focus on ipv4-connections - really complicated is getting ipv6 connected. So I’m hoping for that part of our stretch-goals to shed light also to this impact!

2 Likes
7

Just a +1 for anything (whether pfsense or not) that allows us to set up an OpenVPN client and choose which devices attached to the router go through it (and which don’t.)

1 Like
8

The problem with IPv6 is in OpenVPN, not in config tools. There are two problems that I’m aware of:

  1. The IPv6 tunnel network and local network ranges have to be configured statically. If you have your subnets assigned via DHCP-PD, that could be a problem. Current solution: you just hope that it does not change much.

  2. It is impossible to send out IPv6 DHCP info (like DNS servers, WINS servers) via OpenVPN. The current format allows only for IPv4 addresses. Solution: you have to serve AAAA records via IPv4.

The OpenVPN team is aware of these limitations, they are working on them, but the solutions will be not there anytime soon. The are part of their new network architecture.

9

Did you wtite this suggestion dirrectly to developers of turris ?
I think that developers have stopped to watch this forum.
It would be good if the configuration of VPN could look like this.

10

Wait for Turis OS 3.6, is waiting for you there nice surprise :slight_smile:

3 Likes
11

You guess it , or know it ? :smiley:

12

Turris OS 3.6 is already in production branch and available on all Omnia. It is necessary to add this functionality in the Updater.(in Foris)

1 Like
13

I am one of those users who wants to set up an OpenVPN client (especially now in the USA…)

I’m looking at TigerVPN and PrivateInternetAccess.com as options, but open to other suggestions. Most of the info I see is related to making it work on Tomato, or DDWRT, and I’m not sure the differences between the Turris software and those open source routers. Has anyone gotten an easy config process for Turris as a OpenVPN client?