Skip to content
Branch: master
Find file History
Type Name Latest commit message Commit time
Failed to load latest commit information.
README.rst update readme - add notes re timezone & other minor misc Oct 17, 2018
gateway.rst added site-to-site and gateway documentation Aug 30, 2013
site-to-site.rst added site-to-site and gateway documentation Aug 30, 2013



TurnKey OpenVPN supports a wide range of use cases out of the box. The most common use cases are site-to-site and secure internet access from an untrusted network.

The appliance includes an initialization hook which supports 3 profiles:

  • server: Accepts VPN connections from clients and optionally configures a private subnet behind the OpenVPN enabling client access.
  • gateway: Accepts VPN connections from clients and automatically configures connecting clients to route all their traffic through the VPN.
  • client: Initiates VPN connections to an OpenVPN server.

For server and gateway deployments, a convenience script is included to add clients, generating all required keys and certificates, as well as a unified ovpn profile for clients to easily connect to the VPN.

Additionally, expiring obfuscated HTTPS links can be created for clients to download their profiles (especially useful with mobile devices using a QR code scanner).

Potential issues caused by timezone mismatch

Some VPN client applications expect certificate timestamps to be in local time. However, by default, TurnKey servers use UTC time.

That can lead to the creation of certificates, which according to local time, are not yet valid. Under these circumstance, connection will fail.

To avoid that, please set the timezone for your TurnKey OpenVPN server prior to further configuration. To do that via the commandline:

dpkg-reconfigure tzdata

For further info re setting timezone, please see this TurnKey Blog post.


  • Site to Site (office to Amazon VPC - covers both server and client)
  • Gateway (secure internet access)
You can’t perform that action at this time.