OpenVPN (Virtual Private Network)

What is OpenVPN?

OpenVPN provides to your FreedomBox a virtual private network service. You can use this software for remote access, site-to-site VPNs and Wi-Fi security. OpenVPN includes support for dynamic IP addresses and NAT.

Port Forwarding

If your FreedomBox is behind a router, you will need to set up port forwarding on your router. You should forward the following ports for OpenVPN:

Setting up

  1. In FreedomBox apps menu, select Virtual Private Network (OpenVPN) and click Install.

  2. After the module is installed, there is an additional setup step that may take a long time to complete. Click "Start setup" to begin.

    OpenVPN service page

  3. Wait for the setup to finish. This could take a while.
  4. Once the setup of the OpenVPN server is complete, you can download your profile. This will download a file called <USER>.ovpn, where <USER> is the name of a FreedomBox user. Each FreedomBox user will be able to download a different profile. Users who are not administrators can download the profile from home page after login.

  5. The ovpn file contains all the information a vpn client needs to connect to the server.
  6. The downloaded profile contains the domain name of the FreedomBox that the client should connect to. This is picked up from the domain configured in 'Config' section of 'System' page. In case your domain is not configured properly, you may need to change this value after downloading the profile. If your OpenVPN client allows it, you can do this after importing the OpenVPN profile. Otherwise, you can edit the .ovpn profile file in a text editor and change the 'remote' line to contain the WAN IP address or hostname of your FreedomBox as follows.

    client
    remote mybox.sds-ip.de 1194
    proto udp

Browsing Internet after connecting to VPN

After connecting to the VPN, the client device will be able to browse the Internet without any further configuration. However, a pre-condition for this to work is that you need to have at least one Internet connected network interface which is part of the 'External' firewall zone. Use the networks configuration page to edit the firewall zone for the device's network interfaces.

Usage

On Android/LineageOS

  1. Visit FreedomBox home page. Login with your user account. From home page, download the OpenVPN profile. The file will be named username.ovpn.

    • OpenVPN Download Profile

  2. Download an OpenVPN client such as OpenVPN for Android. F-Droid repository is recommended. In the app, select import profile.

    • OpenVPN App

  3. In the select profile dialog, choose the username.opvn file you have just downloaded. Provide a name for the connection and save the profile.

    • OpenVPN import profile

  4. Newly created profile will show up. If necessary, edit the profile and set the domain name of your FreedomBox as the server address.

    • OpenVPN profile created

      OpenVPN edit domain name

  5. Connect by tapping on the profile.
    • OpenVPN connect

      OpenVPN connected

  6. When done, disconnect by tapping on the profile.
    • OpenVPN disconnect

On Debian

Install an OpenVPN client for your system

$ sudo apt install openvpn

Open the ovpn file with the OpenVPN client.

$ sudo openvpn --config /path/to/<USER>.ovpn

If you use Network Manager, you can create a new connection by importing the file:

$ sudo apt install network-manager-openvpn-gnome
$ sudo nmcli connection import type openvpn file /path/to/<USER>.ovpn

If you get an error such as configuration error: invalid 1th argument to “proto” (line 5) then edit the .ovpn file and remove the line proto udp6.

Checking if you are connected

On Debian

  1. Try to ping the FreedomBox or other devices on the local network.

  2. Running the command ip addr should show a tun0 connection.

  3. The command traceroute freedombox.org should show you the ip address of the VPN server as the first hop.

Accessing internal services

After connecting to OpenVPN, you will be able to access FreedomBox services that are only meant to be accessed on internal networks. This is in addition to being able to access external services. This can be done by using the IP address 10.91.0.1 as the host name for these services. The following services are known to work: Privoxy, Tor Socks, Shadowsocks, I2P Proxy and Samba. Some services are known not to work at this time: Avahi, Bind and MiniDLNA.

https://community.openvpn.net/openvpn

Back to Features introduction or manual pages.


Information

Support

Contribute

Reports

Promote

Overview

Hardware

Live Help

Where To Start

Translate

Calls

Talks

Features

Vision

Q&A

Design

To Do

Releases

Press

Download

Manual

Code

Contributors

Blog

FreedomBox for Communities

FreedomBox Developer Manual

HELP & DISCUSSIONS: Discussion Forum - Mailing List - #freedombox irc.debian.org | CONTACT Foundation | JOIN Project

Next call: Saturday, July 11th at 14:00 UTC

Latest news: Announcing Pioneer FreedomBox Kits - 2019-03-26

This page is copyright its contributors and is licensed under the Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.


CategoryFreedomBox