OpenVPN is a VPN service that allows remote networks or wireless clients, such as laptops, to connect to IPFire. This functionality is also available with the implementation of IPsec, but OpenVPN takes a different approach, based on SSL tunnels.
Using OpenVPN instead of IPSec is a matter of preference, though there are a few very good reasons to choose one over the other.
- Easier to set up and configure
- Less likely to be blocked by intermediate routers
- Much better for site-to-site connections (where an entire network is connected to another network)
- Ability to do Ethernet-layer tunneling (not possible with IPSec)
- More stable, and troubleshooting is generally simpler.
- Standard for OpenSource projects
- More widely used in industry
- Available with proprietary routers (most proprietary routers do not support OpenVPN)
- Arguably more secure, since OpenVPN users can (and sometimes do) set their passwords empty, allowing a connection without a passphrase.
- Formally standardized via IETF RFC 3193
- De Facto standard for Microsoft products.
See this article for some additional in-depth information about the two.
OpenVPN on IPFire for Dummies
For those less informed users who are just learning and looking to setup a VPN for safer browsing, here is some important info that may affect how you proceed:
- OpenVPN on IPFire is designed to allow remote devices to connect to IPFire. This setup does not depend upon using a free or paid VPN for access to their networks. OpenVPN allows you to set up a private VPN that you control between your IPFire firewall and a remote laptop/phone/tablet connected via a public network. You are in control!
- You do not need to (and most likely should not) pay a VPN Provider to connect their VPN network to your IPFire setup. While this can be done manually behind the scenes, it is not advised which is why the IPFire OpenVPN configuration does not include a simple GUI interface to setup your IPFire to a free/paid VPN network. It is not easy to find because it is highly suggested not to do it.
- The IPFire OpenVPN will not give you the ability to connect to servers around the world for changing your apparent location for streaming purposes. This is one feature that VPN Providers can offer that a IPFire based OpenVPN setup cannot.
- The Trust Debate: Should you pay a VPN Provider to use their VPN? Can you trust them? Do some research to decide if it is right for you.
This documentation is divided into four areas. At first, everything worth knowing about is the configuration, for advanced users there are tips and tricks under extensions. Smartphones are often not so easy to configure, but there is help available in this wiki.
- Configuration - Here are the various configurations of OpenVPN on IPFire
- Extensions - A collection of expandability's from OpenVPN users
- Smartphones/Tablets - Configure Smartphones and Tablets for OpenVPN
- Troubleshooting - What can be done if something does not work
- Transition to OpenSSL 3 - Transitioning to OpenSSL 3