User Tools

Site Tools


VPN Overview

  1. The term VPN stands for Virtual private network.
  2. Like a DMZ a VPN is a security concept, it is not a protocol (like SSH) nor a certain software package
  3. There are multiple software packages available to set up a VPN between two or more hosts
  4. they all use the Server ↔ Client concept and usually are incompatible with one another!
  5. have look at the OSI model and make yourself aware that the encryption can be applied at different layers of the communications stack

If your hardware has some sort of Cryptographic Hardware Acceleration you should make sure it is supported by your OS (OpenWrt) and enabled.

IPsec-based VPN Solutions


strongSwan is recommended IPsec implementation, though some of this documentation may be relevant for other configurations.






  • site2site Setup a site to site IPsec VPN Using Openswan

OpenVPN-based VPN Solutions


Once you set up a VPN server on your OpenWrt router, you (and the other participants) will need to install and configure a VPN client (compatible with the VPN server) on each of your host machines. For HowTos regarding that, you should read the documentation of OpenVPN!

OpenConnect-based VPN Solutions

You may setup openwrt as an OpenConnect VPN client or server. This is a protocol based on SSL/TLS and datagram TLS and is compatible with CISCO's AnyConnect SSL VPN.

There are various openconnect clients, including in GNOME NetworkManager, Windows, and Android.

PPTP-based VPN Solutions

Not secure! PPTP is broken since 1997. See poptop security message.

Other VPN solutions

VPN and mesh

External Documentation

docs/guide-user/services/vpn/overview.txt · Last modified: 2019/01/20 22:18 by vgaetera