1. The term VPN stands for Virtual private network.
2. Like a DMZ a VPN is a security concept, it is not a protocol (like SSH) nor a certain software package
3. There are multiple software packages available to set up a VPN between two or more hosts
4. they all use the Server ↔ Client concept and usually are incompatible with one another!
5. have look at the OSI model and make yourself aware that the encryption can be applied at different layers of the communications stack

If your hardware has some sort of Cryptographic Hardware Acceleration you should make sure it is supported by your OS (OpenWrt) and enabled.

• Protocol: IPsec
• Free software: →strongSwan, →Openswan, →Racoon

→strongSwan

• basics Some basics, considerations and prerequisites for IPsec VPN
• roadwarrior OpenWrt as IPsec gateway for road warriors
• firewall Firewall and zones in IPsec VPN
• site2site Setup a site to site IPsec VPN
• overlappingsubnets IPsec VPN with overlapping subnets
• performance Get the most out of your IPsec connections
• howto Install/configure strongSwan for IPhone/IPad
• →configure strongSwan with UCI

strongSwan is recommended, though some of this documentation may be relevant for other configurations

→Racoon

• basics Some basics, considerations and prerequisites for IPsec VPN
• firewall Firewall and zones in IPsec VPN
• site2site Setup a site to site IPsec VPN
• certificates IPsec VPN with certificates
• overlappingsubnets IPsec VPN with overlapping subnets
• roadwarrior OpenWrt as IPsec gateway for road warriors
• roadwarriorcertificates Road warrior setup with certificates

→Openswan

• site2site Setup a site to site IPsec VPN Using Openswan

• Free software: →OpenVPN

Articles:

Once you set up a VPN server on your OpenWrt router, you (and the other participants) will need to install and configure a VPN client (compatible with the VPN server) on each of your host machines. For HowTos regarding that, you should read the documentation of OpenVPN!

You may setup openwrt as an OpenConnect VPN client or server. This is a protocol based on SSL/TLS and datagram TLS and is compatible with CISCO's AnyConnect SSL VPN.

• Client side requirements:
  • openconnect: Follow for instructions to configure without luci interface
  • luci-proto-openconnect

• Server side requirements:
  • ocserv
  • luci-app-ocserv
  • A How-To for the server setup. Note: the instructions include comments on the Github advice which might not work for some. In addition, the instructions are for a FULL tunnel setup.

There are various openconnect clients, including in GNOME NetworkManager, Windows, and Android.

• Protocol: PPTP (Point-to-Point Tunneling Protocol)
• basic describes a PPTP solution with pptpd
• client Howto install and setup a VPN client compatible with PPTP servers
  • nat_traversal VPN NAT traversal (VPN Pass Through) for single/multiple LAN client(s) connecting to PPTP Servers on the WAN

• vpnc-client - VPN client vpnc compatible with Cisco's EasyVPN equipment
• connect_by_l2tp, see Layer 2 Tunneling Protocol and Template:VPN
• pseudowire
• wireguard, see also How to configure WireGuard on OpenWrt/LEDE using LuCi

• http://www.tinc-vpn.org/
• http://www.ntop.org/n2n/
• OLSR
• B.A.T.M.A.N.

• See our forum: Howto: IPsec and OpenVPN
• A whole load of OpenVPN-related articles can be found on the Project Homepage of OpenVPN:
  • http://openvpn.net/index.php/open-source/faq.html#bridge2
  • http://www.openvpn.net/index.php/component/content/article/60-faq/84-faq.html
  • http://www.openvpn.net/index.php/component/content/article/65-general/89-2xhowto.html
  • http://www.openvpn.net/index.php/open-source/documentation/miscellaneous/1xhowto.html
  • You can always read: http://www.openvpn.net/index.php/open-source/documentation/manuals.html or search: http://www.google.com/search?q=vpn&hl=en
• You do not need to read all of them, to get a VPN solution going. But for security reasons sooner or later you should make sure that all participant comprehend how your VPN works.