OpenVPN setup made simple

Can the OpenVPN be made more Compatible with Providers? Obviously yes, as everything has an answer.

Ive used Multiple providers of VPN, though adding them / Importing their configurations into OpenWRT, OpenVPN have ended up troublesome.

Can the OpenVPN Module be updated so that users can just import from their VPN Provider:

Connection: e.x: blarblar.expressvpn.whatever

Simple, thats it, and thats how simple it can be.

Workarounds in any Technology, is not an answer, its lazy and Flawed.

NordVPN, OpenVPN, ExpressVPN and whatever they are called is different VPN business competitors…
And there is no VPN standard out there. Everyone building a VPN system makes their own standard that only works with their VPN system. The world isn’t better than that.

and each of these providers is free to create a opensource package with their own implementation for openwrt but haven't seen any effort on this front

If they are using OpenVPN, decent providers can give you a *.ovpn file for the "router use" or "manual/linux use", and you can import it in the luci-app-openvpn web interface

For example, Mullvad has it
"Unable to use the app?
If you cannot use the Mullvad VPN app, you can download configuration files to use with the official OpenVPN or WireGuard clients."

ExpressVPN has this (these are steps for Asus routers, but it shows how to get the *.ovpn file you can load in OpenWrt too)

NordVPN has it

and as I said most others do have this feature where you can download a *.ovpn file with your VPN configuration you can upload to OpenWrt.

This is too little information, you need a full *.ovpn config file, where the VPN service provider has written the OpenVPN configuration of his service.

Keeping an up-to-date list of OpenVPN config files so the user does not need to upload his *.ovpn file requires having an account in all supported VPN providers, which is not free, and also time to update and check and solve any incompatibility problem.

Technically, the auth + URL could be enough, if you'd be able to pull the rest of the OPVN directly from the providers', based on the account info provided.

OpenVPN only have support for TLS 1.2 or 1.3 or static key encryption for VPN tunnel. And that is with 100000lines of code that Wireguard is very proude of absolutely not using with 5000lines of code and some home cooked binary encryption method.
NordVPN used a third encryption I have forgot the name off since long.
What encryption ExpressVPN use I don’t know.

Not to mention that OpenVPN is based on Server Client control and Wireguard is Client to Client.

You usually cannot do that as it's behind a login screen and/or specific information since the *.ovpn file you get contains customer-specific keys or passwords.

For example, with Mullvad, AirVPN and ExpressVPN you need to do a login and then select the servers you want (and optionally ports used or other options).

The "industry standard" way that works in most stock firmwares of consumer routers (and OpenWrt) is obtaining the ovpn file and load it in the router web interface.

The only routers that are "better" or easier to use for VPN are the ones sold by the VPN provider themselves (or an approved third party) and have a proprietary GUI in their web interface that works like the (proprietary) PC client. I know ExpressVPN does this, and others also may do it.

I didn't say the data you'd be getting back would be static, and identical for all users.
Since you got the login details, you can custom populate the file/API based on those.

Although I can see the "issue", when there are several VPN servers, or other options to chose from.

What are you calling "home-cooked binary encryption method" exactly? OpenVPN is using encryption provided by very well-known and very popular OpenSSL library (or other libraries that provide similar crypto API), no provider is using home-grown cyphers.

What they may have is their own full VPN (for example Lightway VPN protocol from ExpressVPN), which works only between clients they provide, but it's not the case here. If they use OpenVPN they have to adhere to its standards because the end users must be able to use third party clients for the VPN too, that's the whole point.

Not sure what you mean here. Yes wireguard is peer-to-peer on its own but it's still used in a mostly "client-server" setup by VPN providers.
Many many customers connect to the same VPN server but they all must be isolated from each other.

If you own the "VPN server" instead ("server" in this case is a device with a public IP), you can use Wireguard's peer-to-peer capabilities to jump around different networks and connect all your devices together without setting tons of routing rules all over the place.

Scraping websites in the HTML5 days isn't as easy as it was in the past, as many things may appear only through javascript run client-side or any weird and wondrous method they decide to use in their website.

I don't think most providers have an API for OpenVPN config file requests, although they may have.

I know there are some kind of APIs for Wireguard, Mullvad has them and also AzireVPN
These are used in GL.inet router web interface to automate installation of wireguard from those providers.

Pretty sure they don't, I was just thinking out loud in the lines of OP ...

1 Like