User Tools

Site Tools

OpenVPN plugin - quick and easy OpenVPN server

Do you need a remote but safe connection to you home network? A great tool for that is OpenVPN, it can however be quite a challenge to set up. Starting with Turris OS 3.6, you can configure OpenVPN easily through the Foris user interface.

Please keep in mind, that the simplified OpenVPN configuration might clash with the previously performed configuration. If you configured OpenVPN on your router in the past, check that this configuration doesn‘t clash with your current one and change it if needed.

This manual doesn‘t describe the general functioning of OpenVPN or how to generate certificates. If you are interested in that information, you can find it on theOpenVPN website. In this manual you can find out how to set up an OpenVPN server on your router Turris Omnia through the simplified Foris interface. For complete OpenVPN settings options, use the command line configuration, you will find the instructions on how to do that here.

OpenVPN server doesn‘t appear automatically after installation, it needs to be installed as an additional package. You can perform this additional installation in the Updater menu, where you see the option OpenVPN. Check this option and the router will automatically start downloading and after having finished the download and after installing the package (this depends on your internet connection speed) you will see the option OpenVPN in the Foris interface menu.

Why isn‘t OpenVPN preinstalled?

Any additional software, which runs on the router, is a potential safety hazard. Although we update the routers regularly, we also out of principle do not think that services, which are not actively used, have to be installed on the device. That is why all additional functions are added in the form of packages, so that they can be removed and added according to the users‘ specific needs. Removing a package will cause it to be deleted from the router.

What is an OpenVPN server good for?

After getting the OpenVPN server to run on the Turris OS, you can safely (via encryption) connect to your router through the internet and use it‘s network services as if you were inside the network. You can for example access Turris Omnia NAS or any other NAS inside the network.

The OpenVPN plugin can‘t be used to connect the router to a different network with VPN. If you want to connect your network to a different network with the use of VPN, you have to do it by configuring the router from the command line or use a VPN client on your various devices (which is actually the best way in case of standard use).

What do you need to run an OpenVPN server?

For the simplified OpenVPN settings you need:

  • a public IP address (optimaly a static one, for a dynamic one, it is best to run DDNS in the LuCI interface)
  • standard network setting (present WAN and LAN devices)

If you need to set up VPN differently, you won‘t be able to do that through this plugin.

Setting up and OpenVPN server

The simplified OpenVPN setting presumes that you have a public IP address (preferably static) and a standard setting of the network (present WAN and LAN devices). If you need to set up VPN differently, you will have to do that outside the plugin.

First you need to generate a certificate authority. This can take up to 30 minutes and cannot be sped up, but only needs to be done once with the first setting of OpenVPN. Be careful, the web page doesn’t automatically update for security reasons (cookie expiration), you have to reload the web page to see the state of the certificate authority generating.

Via the button Allow configuration you let the plugin create a simplified VPN configuration. The reason for this step is for you to be able to have your personal OpenVPN configuration without it getting destroyed. In this step you can temporarily lose connection to your router, you just need to refresh the page or wait.

In most cases you don’t need to change any of the settings, you can stick to the automatically generated OpenVPN address and progress to creating clients. For every client you need to generate a separate file, which the user will load into his OpenVPN client. Here you can just add the name of the client (this serves as a note to yourself) and the configuration file is generated within a few minutes. This again is an encryption process, which cannot be sped up.

In order to keep the configuration file simple, we write the IP address of the router, which it gets during the configuration file generation directly into the configuration file. If this needs to be corrected, you can edit it inside most clients or directly in the file.

We wish you a happy and open VPN time!

Please note: if something is not working as it should or you would like to extend the OpenVPN configuration, please write your suggestions here.

Configuring OpenVPN on the client side

You need to download a client for the given platform. The OpenVPN client is available for all possible platforms, you just need to find a manual for yours.