You are here
OpenVPN™

Open Source VPN solution
OpenVPN™ is a full-featured open source SSL VPN solution that accommodates a wide range of configurations, including remote access, site-to-site VPNs, Wi-Fi security, and more. OpenVPN™ offers a cost-effective, lightweight alternative to other VPN technologies that is well-targeted for the SME and enterprise markets.
Run from browser
GitHub
This appliance includes all the standard features in TurnKey Core, and on top of that:
- OpenVPN™ configurations:
- Initialization hooks to configure common OpenVPN™ deployments such as server, gateway and client profiles.
- All profiles support SSL/TLS certificates for authentication and key exchange.
- Server and gateway deployments include a convenience script to add clients, generating all required keys and certificates, as well as a unified ovpn profile for clients to easily connect to the VPN.
- Expiring obfuscated HTTPS urls can be created for clients to download their profiles (especially useful with mobile devices using a QR code scanner).
- The server profile supports a private subnet configuration, enabling clients to reach servers behind the OpenVPN™ server.
- The gateway profile configures connecting clients to tunnel all their traffic through the VPN.
- When adding clients in a server or gateway deployment, an optional parameter can be given to enable computers on a subnet behind the client to connect to the VPN.
- For added security, OpenVPN™ is configured to drop privileges, run in a chroot jail dedicated to CRL, and uses tls-auth for HMAC signature verification protecting against DoS attacks, port flooding, port scanning and buffer overflow vulnerabilities in the SSL/TLS implementation.
See the Usage documentation for further details, including Amazon VPC notes and cloudformation template.
Note: OpenVPN™ is a registered trademark of OpenVPN™ Technologies, Inc. This software appliance is provided by TurnKey Linux and is not supported by OpenVPN™ Technologies, Inc.
Usage details & Logging in for Administration
No default passwords: For security reasons there are no default passwords. All passwords are set at system initialization time.
Ignore SSL browser warning: browsers don't like self-signed SSL certificates, but this is the only kind that can be generated automatically without paying a commercial Certificate Authority.
Web - point your browser at either:
- http://12.34.56.789/ - not encrypted so no browser warning
- https://12.34.56.789/ - encrypted with self-signed SSL certificate
Username for OS system administration:
Login as root except on AWS marketplace which uses username admin.
- Point your browser to:
- https://12.34.56.789:12321/ - System control panel
- https://12.34.56.789:12320/ - Web based command line terminal
- Login with SSH client:
ssh root@12.34.56.789
Special case for AWS marketplace:
ssh admin@12.34.56.789
* Replace 12.34.56.789 with a valid IP or hostname.