Do you need to connect remotely and securely to your network? OpenVPN is a great tool whose Turris configuration needed a lot of settings. Now there is a simple configuration of OpenVPN server from the Forris interface in Turris OS starting with version 3.6.
Keep in mind that the simplified OpenVPN configuration can collide with the previous configuration. If you have configured the OpenVPN on your Turris router please do check if this configuration does not collide, or disable it.
OpenVPN server does not appear automatically after the configuration, it is necessary to update it as a package. The update is in the Updater menu in the Updater where you can see OpenVPN in Package lists. Check it, router will start to download it automatically and after the download and installation (according to your connection speed) the OpenVPN option appears in menu of interface Forris.
Why is it necessary to install OpenVPN as an update?
An additional software run on the router can present a security risk. Although we update the Turris routers regularly, we trust in the rule that services that are not used do not need to be present on the server. It makes the attacker’s’ job difficult and increases your security. Therefore we add any additional services to routes as updates so you can add and uninstall as you need. If you uninstall it, it gets deleted from the router.
OpenVPN server settings
Simple setting of OpenVPN server assumes you have a public IP address (preferably static) and usual network setting (with WAN and LAN devices). If you need to set up the VPN in other way, it is not possible with this plugin.
First, you need to generate the certification authority. It can take as much as 30 minutes and cannot be made faster. It is necessary only for the first setting of OpenVPN. Watch out, the page does not update automatically due to security reasons (cookies expiration), you need to reload it to see the current state of certification authority generation.
Press Apply configuration to let the plugin to create simplified VPN configuration. This step is introduced because you can have your proprietary OpenVPN created on the router and we do not want to delete it. You can lose the router connection now, you just reload the page or wait.
It is not necessary to change subsequent data, you can leave the automatically generate OpenVPN address and proceed to client creations. For every client you need to generate a separate file which the user will upload to his OpenVPN client. You just need to input the name of the client (for your documentation purposes), the configuration file will be created automatically in several minutes. It is another cryptographic function which cannot be accelerated.
We inscribe the router IP address, which is attributed to it in the moment when the configuration file is generated, directly in the configuration file. If you need to correct it, you can edit it in almost every client or in source file.
We wish you happy and open VPNing!
PS: Discussion, Q&A etc here in our forum.