OpenWrt Forum Archive

Topic: Need noob-proof VPN-server guide.

The content of this topic has been archived on 29 Mar 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Hello. Going on vacation tomorrow, looking forward to relax to some movies I got on my PC. I'd like to have a noobproof guide on seting up an (open)-VPN server. Is there no Luci-app plugin for this? I use "ATTITUDE ADJUSTMENT (12.09, r36088)".
I'd like to use the same credentials for every machine I use to connect to the vpn server. Also I need access to the rest of the LAN when connecting as a vpn user.

Off topic: does android have built in openvpn client?

You'll want to use certificates versus "credentials".

Why dont you use L2TP/IPSecure or IPSecure instead of Openvpn.
1. IPSecure is available on IPhone and Android by default.
2.  IPSecure is faster than openvpn.

ron wrote:

Why dont you use L2TP/IPSecure or IPSecure instead of Openvpn.
1. IPSecure is available on IPhone and Android by default.
2.  IPSecure is faster than openvpn.

Thanks for the replies.

Seems like there is a lot more hassle to setup IPSEC?
I will look into certificates instead of credentials.
Is this the go-to guide for open-vpn setup? http://wiki.openwrt.org/doc/howto/vpn.s … penvpn.tun

ron wrote:

Why dont you use L2TP/IPSecure or IPSecure instead of Openvpn.
1. IPSecure is available on IPhone and Android by default.
2.  IPSecure is faster than openvpn.

So you do have a working how to? wink I've treid to follow several guides to set up pptpd server on openwrt trunk, but failed each time. I wanted to use that old insecure pptp just because openvpn is too slow even on 720MHz cpu.  As recent events have shown, everything is secure as long as someone finds a flaw wink

(Last edited by nozombian on 12 Apr 2014, 14:48)

nozombian wrote:
ron wrote:

Why dont you use L2TP/IPSecure or IPSecure instead of Openvpn.
1. IPSecure is available on IPhone and Android by default.
2.  IPSecure is faster than openvpn.

So you do have a working how to? wink I've treid to follow several guides to set up pptpd server on openwrt trunk, but failed each time. I wanted to use that old insecure pptp just because openvpn is too slow even on 720MHz cpu.  As recent events have shown, everything is secure as long as someone finds a flaw wink

I think i managed to setup openvpn server...
Also generated some client keys...

How do i save keys as a .ovpn-file?
There are four files per client.
I only have an android phone and ssh to server...
I need a ovpn file to import in android vpn client.

ron wrote:

Why dont you use L2TP/IPSecure or IPSecure instead of Openvpn.
1. IPSecure is available on IPhone and Android by default.
2.  IPSecure is faster than openvpn.

I heard performance is better on openvpn? are both ipsec and openvpn equally secure? can i set up ipsec in luci?

"I heard performance is better on openvpn?"
Where did you hear that? Openvpn does most of its things in user mode. IPSecure does most of its things in Kernel mode. Which means, IPSecure can give you double the speed as compared with Openvpn using the same cipher. There is a quick speed comparison on www.punchvpn.com/FAQ.html

"are both ipsec and openvpn equally secure?"
They both use the same underlying encryption algorithms like Blowfish, AES, 3Des etc. By default, openvpn will use Blowfish which is super fast on non accelerated CPUs. However AES would perform better on CPU's which support special instruction sets for AES. However majority of routers (like 99%) do not use those CPUs which would favour AES. In my opinion both Blowfish and AES are secure. So security wise, I don't see any one having edge on the other because underlying encryption is the same. Openvpn does enforce server side certificates and has no mode which can do without server Certifiacte. IPSecure can do either. i.e Certs or no Certs. I personally like flexibility and dont like to be forced to use one method. I also like speed, which openvpn lacks when it comes to routers. In addition, IPSecure is more of a standard thing and is available by default on almost all platforms, where as Openvpn requires third party software installation on almost every platform. In summary, I would prefer IPSecure over openvpn. But thats just me. Software wise, openvpn is a good piece of software, I have nothing against it, except the stuff that I  mentioned.

"can i set up ipsec in luci?"
I never use luci, so I wouldn't know.

ron wrote:

Why dont you use L2TP/IPSecure or IPSecure instead of Openvpn.
1. IPSecure is available on IPhone and Android by default.
2.  IPSecure is faster than openvpn.

Note, that pptpd is broken, at least in BB. But AA has broken wifi...

The discussion might have continued from here.