OpenVPN server easy and fast

Do you need to connect remotely and securely to your network? OpenVPN is a great tool whose Turris configuration needed a lot of settings. Now there is a simple configuration of OpenVPN server from the Forris interface in Turris OS starting with version 3.6.
Continue (in english)…

Czech version…

2 Likes

Hi there,
are these 2 problems know to the team?


The wizzard inserts firewall rules automatically.

Can someone help me please, how to configure if i want routing all clients communications over VPN? Thank you

VPN is for access from outside, not from internal clients. What is your scenario? You want to connect via VPN some remote network itself?

Yes I know, but if you are outside and use VPN witch route all your communications over VPN then you are able to tunnel ipv6 services to networks witch is not ipv6 ready or use this for increase you security on public Wi-Fis.

1 Like

Yes, but what “all clients” you would like to route? If these “all clients” are external on different networks, then everybody needs his configuration file. Or you have them on same external network and then you can make router-to-router connection via VPN. Was also discussed in another thread.

I’m sorry, i’m not good in english - i mean route all internet communication from client. I understand that i need one server configuration on turris and then configuration for every single client.

Can I both run the OpenVPN server a well as an OpenVPN tunnel on a specific wireless network without any problem or should I do something to avoid problem?

How about other protocols like IKEv2 or L2TP?

There is no plan for support other protocols…

I’d like to get OpenVPN running on my Turris 1.1. My config is pretty standard, I’ve got a fixed public IP. So far so good. My WAN is connected to 10.3.XX.X and the gate is 10.3.XX.X. Could this be the source of any trouble given the OpenVPN network range of 10.XXX.XXX.X/24?

Hi there,
I would like to reach the same as kosi123. When I’m anywhere outside in WAN with my mobile phone or notebook, I want to connect to the Turris Omnia and I want to have access to my local network as well as send all traffic from device (mobile phone, notebook) over VPN to the Internet. I use this technique on my ZyWALL firewall with L2TP over IPsec protocol and it is working perfectly so I want use this principle on Turris Omnia as well.

I will be glad for any suggestions how to configure this in OpenVPN.
Thank you.

And by the way: I had to add these two lines to my cron to get OpenVPN working:
@reboot sleep 130 && /etc/init.d/openvpn restart
@reboot sleep 140 && /etc/init.d/firewall restart

Any ideas why it is not working without delayed restart after boot?

3 Likes

I setup OpenVPN (first time) via Forris interface on my Turris 1.1. From Android client connection works. But after reboot Turris OpenVPN not works automatically. OpenVPN must be activate via button Apply configuration but after that not works WIFI, which must be restarted via Luci.

I can confirm same thing for my Omnia

We will check it, thanx

You should change the cipher, all my clients complain about a possible attack called SWEET32. https://community.openvpn.net/openvpn/wiki/SWEET32

I would also like if you would add " list push ‘redirect-gateway def1’ " as standard, so all traffic is routed through the tunnel ( i guess that’s what 99% of the user would like to see)

Besides this it’s not too bad.

Either that or upgrade openvpn to at least 2.4. Then it won’t default to the ciphers vulnerable to sweet32.

1 Like

Well we are considering adding an option for that. But we don’t want this feature to be on by default.
To do it now you need to add and option list push 'redirect-gateway def1 to the openvpn server config.

uci add_list openvpn.server_turris.push='redirect-gateway def1' && uci commit

Note that when you hit apply in the OpenVPN tab this setting will be overriden.

Have you tried to restart your client instead of this delayed restart on your router?

Hi @shenek ,

would you mind tell us why you do not want make redirect-gateway def1 by default? I prefer to tunnel whole network traffic throught VPN as well.

Moreover as 3ullit point out to sweet32, please let’s change default server.conf and client.ovpn to:
cipher AES-256-CBC
auth SHA384
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA256