User Tools

Site Tools


VPN Overview

Like a DMZ a VPN is a security concept, it is not a protocol (like SSH) nor a certain software package, There are multiple software packages available to set up a VPN between two or more hosts. They all use the Client-Server concept and usually are incompatible with one another. Have look at the OSI model and make yourself aware that the encryption can be applied at different layers of the communications stack.

If your hardware has some sort of Cryptographic Hardware Acceleration you should make sure it is supported by your OpenWrt and enabled.


strongSwan is a recommended IPsec implementation, though some of this documentation may be relevant for other configurations.


  • basics Some basics, considerations and prerequisites for IPsec VPN
  • roadwarrior OpenWrt as IPsec IKEv2 (+pubkey/eap) gateway for modern “IKEv2” road warriors
  • legacy OpenWrt as IPsec IKEv1 (+xauth) gateway for legacy “IPsec” devices
  • firewall Firewall and zones in IPsec VPN
  • site2site Setup a site to site IPsec VPN
  • overlappingsubnets IPsec VPN with overlapping subnets
  • performance Get the most out of your IPsec connections
  • ipsec config configure strongswan via UCI (old ref


A key-exchange management daemon which speaks the IKE (ISAKMP/Oakley) key management protocol, from KAME project.




You may setup OpenWrt as an OpenConnect VPN client or server. This is a protocol based on SSL/TLS and datagram TLS and is compatible with CISCO's AnyConnect SSL VPN.

There are various openconnect clients, including in GNOME NetworkManager, Windows, and Android.


:!: Not secure! PPTP is broken since 1997. See poptop security message.

  • basic describes a PPTP solution with pptpd
  • client Howto install and setup a VPN client compatible with PPTP servers
  • nat_traversal VPN NAT traversal (VPN Pass Through) for single/multiple LAN client(s) connecting to PPTP Servers on the WAN


Other VPN solutions

VPN and mesh

External Documentation

This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
docs/guide-user/services/vpn/overview.txt · Last modified: 2020/03/17 15:49 by lukepicci