OpenVPN - Open Source VPN solution
Switch branches/tags
Clone or download

README.rst

OpenVPN™ - Open Source VPN solution

OpenVPN™ is a full-featured open source SSL VPN solution that accommodates a wide range of configurations, including remote access, site-to-site VPNs, Wi-Fi security, and more. OpenVPN™ offers a cost-effective, lightweight alternative to other VPN technologies that is well-targeted for the SME and enterprise markets.

This appliance includes all the standard features in TurnKey Core, and on top of that:

  • OpenVPN™ configurations:

    • Initialization hooks to configure common OpenVPN™ deployments such as server, gateway and client profiles.
    • All profiles support SSL/TLS certificates for authentication and key exchange.
    • Server and gateway deployments include a convenience script to add clients, generating all required keys and certificates, as well as a unified ovpn profile for clients to easily connect to the VPN.
    • Expiring obfuscated HTTPS urls can be created for clients to download their profiles (especially useful with mobile devices using a QR code scanner).
    • The server profile supports a private subnet configuration, enabling clients to reach servers behind the OpenVPN™ server.
    • The gateway profile configures connecting clients to tunnel all their traffic through the VPN.
    • When adding clients in a server or gateway deployment, an optional parameter can be given to enable computers on a subnet behind the client to connect to the VPN.
    • For added security, OpenVPN™ is configured to drops privilages, run in a chroot jail dedicated to CRL, and uses tls-auth for HMAC signature verification protecting againsts DoS attacks, port flooding, port scanning and buffer overflow vulnerabilities in the SSL/TLS implementation.

See the Usage documentation for further details, including Amazon VPC notes and cloudformation template.

Note: OpenVPN™ is a registered trademark of OpenVPN™ Technologies, Inc. This software appliance is not supported by OpenVPN™ Technologies, Inc.

Potential issues caused by timezone mismatch

Some VPN client applications expect certificate timestamps to be in local time. However, by default, TurnKey servers use UTC time.

That can lead to the creation of certificates, which according to local time, are not yet valid. Under these circumstance, connection will fail.

To avoid that, please set the timezone for your TurnKey OpenVPN server prior to further configuration. To do that via the commandline:

dpkg-reconfigure tzdata

For further info re setting timezone, please see this TurnKey Blog post.

Credentials (passwords set at first boot)

  • Webmin, SSH: username root