Using OpenVPN as VPN gateway into network

I primarly have used OpenWRT on RaspberryPi's and small travel routers like GL-inet devices, I was wondering if someone could give recommendations on hardware and if what I'm trying to do is even possible on OpenWRT.

I would like to put an OpenWRT router in a colocation facility and set it up with OpenVPN and a web interface on the router itself(to login to OpenVPN through the browser) for ~5-10 users to remotely connect to it and access the internal network behind the OpenWRT router. I believe OpenVPN AS has the capability to allow users to create a VPN connection through the browser by visiting the OpenVPN AS website, but I am unsure if this is possible to run on the OpenWRT framework?

I can imagine this might be a little memory or cpu intensive as well, I don't need wireless as this router will be in a colocation facility but I would like recommendations on the hardware that would be needed? It would be simple web traffic to the internal network from the outside with around 5-10 users at any given time.

Thank you for any and all help!

What bandwidth do you expect to need?

"Mid-range" all-in-one routers (ath79) are, from my testing, only capable of around 10-15 Mbps OpenVPN throughput. If WireGuard meets your security, robustness, and other requirements, that class of router seems capable of around 3x that throughput.

A Raspberry Pi might be a reasonable, inexpensive VPN end point, though I haven't tested their throughput at all.

While I don't have one in my hands yet, the Marvell-based might be a mid-priced option of interest as well. GL.iNet's reporting of VPN throughput has been "honest", in my opinion. Their materials state 97 Mbps as an OpenVPN client, with a reasonable warning that performance as a server will be less. I would guess that something around 50 Mbps would be possible. I would not consider the EspressoBin v7, due to reports of thermal design issues (see Amazon US reviews, or as examples of third-party reports).

An x86_64/AMD64 VM is another option, perhaps at "no financial cost".

1 Like

It looks like the question is more about software rather than hardware:

For me it is about browser-based SSL VPN server-side implementation.

1 Like

Good point, I missed that the OP might be looking as well for a portal that could issue credentials/config files based on login to a service. (I don't know of any such turn-key service for OpenVPN that has been ported to OpenWrt, though I haven't looked very hard.)

1 Like

Two main questions, first would be software, is it possible to have the OpenWRT firewall serve up an OpenVPN login webpage to create a browser based VPN connection to the internal network.

Second would be hardware requirements on the router to power the VPN overhead and the OpenVPN login webpage if possible.

Bandwidth would be around 10mps as our incoming connection would be capped at that for the colo. VM wouldn't be an option because we'd need to access IPMI interface on the servers if they went down, and that would be through the OpenVPN on the OpenWRT.

Sorry if it's a weird question, hard for me to convey the idea.

Without a "name", I'm not aware of a browser-based VPN server (as opposed to commercial service) that runs on OpenWrt (or any other general-purpose OS, just things like the proprietary Cisco VPNs).

Edit: That doesn't mean there isn't such a thing. It's not something I've researched as I use pre-configured clients and credentials.

At on the order of 10 Mbps OpenVPN (or 25-50 Mbps WireGuard), a decent, multi-core, ARM-based (or x86_64/AMD64) device should be able to handle the requirements.