Like a DMZ a VPN is a security concept, it is not a protocol (like SSH) nor a certain software package, There are multiple software packages available to set up a VPN between two or more hosts. They all use the Client-Server concept and usually are incompatible with one another. Have look at the OSI model and make yourself aware that the encryption can be applied at different layers of the communications stack.

If your hardware has some sort of Cryptographic Hardware Acceleration you should make sure it is supported by your OpenWrt and enabled.

• Protocol: IPsec
• Free software: strongSwan, Openswan, Racoon, SoftEther VPN

strongSwan is a recommended IPsec implementation, though some of this documentation may be relevant for other configurations.

• basics Some basics, considerations and prerequisites for IPsec VPN
• roadwarrior OpenWrt as IPsec IKEv2 (+pubkey/eap) gateway for modern “IKEv2” road warriors
• legacy OpenWrt as IPsec IKEv1 (+xauth) gateway for legacy “IPsec” devices
• firewall Firewall and zones in IPsec VPN
• site2site Setup a site to site IPsec VPN
• overlappingsubnets IPsec VPN with overlapping subnets
• performance Get the most out of your IPsec connections
• ipsec config configure strongswan via UCI (old ref

A key-exchange management daemon which speaks the IKE (ISAKMP/Oakley) key management protocol, from KAME project.

• basics Some basics, considerations and prerequisites for IPsec VPN
• firewall Firewall and zones in IPsec VPN
• site2site Setup a site to site IPsec VPN
• certificates IPsec VPN with certificates
• overlappingsubnets IPsec VPN with overlapping subnets
• roadwarrior OpenWrt as IPsec VPN gateway for road warriors
• roadwarriorcertificates Road warrior setup with certificates

• site2site Setup a site to site IPsec VPN Using Openswan
• openswanxl2tpvpn OpenWrt as IPsec VPN server using xl2tpd

• Free software: OpenVPN

You may setup OpenWrt as an OpenConnect VPN client or server. This is a protocol based on SSL/TLS and datagram TLS and is compatible with CISCO's AnyConnect SSL VPN.

• Client side requirements:
  • openconnect: Follow for instructions to configure without luci interface
  • luci-proto-openconnect

• Server side requirements:
  • ocserv
  • luci-app-ocserv
  • A How-To for the server setup. Note: the instructions include comments on the Github advice which might not work for some. In addition, the instructions are for a FULL tunnel setup.

There are various openconnect clients, including in GNOME NetworkManager, Windows, and Android.

Not secure! PPTP is broken since 1997. See poptop security message.

• Protocol: PPTP (Point-to-Point Tunneling Protocol)

• basic describes a PPTP solution with pptpd
• client Howto install and setup a VPN client compatible with PPTP servers
• nat_traversal VPN NAT traversal (VPN Pass Through) for single/multiple LAN client(s) connecting to PPTP Servers on the WAN

• WireGuard introduction
• WireGuard configuration example
• How to configure WireGuard on OpenWrt/LEDE using LuCi

• vpnc-client - VPN client vpnc compatible with Cisco's EasyVPN equipment
• connect_by_l2tp, see Layer 2 Tunneling Protocol and Template:VPN
• pseudowire

• http://www.tinc-vpn.org/
• http://www.ntop.org/n2n/
• OLSR
• B.A.T.M.A.N.

• See our forum: Howto: IPsec and OpenVPN
• A whole load of OpenVPN-related articles can be found on the Project Homepage of OpenVPN:
  • http://openvpn.net/index.php/open-source/faq.html#bridge2
  • http://www.openvpn.net/index.php/component/content/article/60-faq/84-faq.html
  • http://www.openvpn.net/index.php/component/content/article/65-general/89-2xhowto.html
  • http://www.openvpn.net/index.php/open-source/documentation/miscellaneous/1xhowto.html
  • You can always read: http://www.openvpn.net/index.php/open-source/documentation/manuals.html or search: http://www.google.com/search?q=vpn&hl=en
• You do not need to read all of them, to get a VPN solution going. But for security reasons sooner or later you should make sure that all participant comprehend how your VPN works.