I do not think asking GLI to include OpenVPN is reasonable. While there are really only 2 files required (OpnVPN-SSL and OpneVPN-Luci) there are too many configurations, indeed unlimited configurations. OpenWrt has been struggling with the Luci GUI for this (was not in BB). I personally think that the GUI is too complex, and use the WinSCP text editor (just like notepad) to edit OpenVpn scripts.
I think some of the basics are reasonable to put a framework around however.
Server or Client
The majority of the people will want to use the travel router as a client, not server, and probably will want to connect to some type of service for internet access. To do this requires an Interface, Firewall rules, and an OpenVPN script. For the application, the first 2 items will probably be similar, and maybe the same for a given protocol (TUN vs TAP), though most of the providers are TUN. What will change is the Openvpn script. At a minimum there will be differences by provider. There may be differences by provider by location. I do not think it is reasonable to ask GLI to maintain these scripts.
See my network and firewall below.
For those like myself who are more concerned about accessing files on the road a Server\Client is needed. The complexity rises. It’s much more difficult to optimize a consumer device to act as a server (as opposed to using relatively “big iron”) for encryption. It’s really tough to find the “sweet spot” between cipher, encryption, packet size, etc. on a small device. And then match it to a client.
Indeed a server client requires unique code for both devices, where as using a service is mostly tweaking a predefined, though maybe hard to get, script.
This discussion is pure OpenWRT. The best place for scripts are as Wiki Pages on the OpenWRT site, as they are really hardware independent. Some are available on line already through the providers (pay sites mostly) and others may be found in the forum. There are Linux versions in some case which may or may not directly translate to OpenWrt format, as I as I understand it not ALL commands are supported in OpenWrt, but that’s probably not a concern more all but the most advanced user.
If GLI wants to host these as Blog posts that’s fine, but I think they will get lost in the Forum.
I want the GLI team to focus on hardware and improving their existing GUI. New functions with a more narrow set of options are OK if they can benefit a wide enough user base, but I’m not seeing many. I think improving the ability of the device to be able to mage STAtion connections (drop a missing AP, store\search frequently used APs) is a problem which plagues users of this device class that are mobile, and an example of a better use of their dev effort…
HOWTO index by subject [Old OpenWrt Wiki] find VPN
[OpenWrt Wiki] OpenVPN client Client - TUN
OpenVPN client with TAP (Layer 2) device [Old OpenWrt Wiki] Client - TAP
[OpenWrt Wiki] docs:guide-user:services:vpn:openvpn:basic - Scroll to the bottom
How To Guide: Set Up & Configure OpenVPN Client/server VPN | OpenVPN
OpenVPN on OpenWRT - A little more detail » Articles » Frog is Wrong (seems to be dead, but was a great article)
PS: I will agree that there is need for a simple to understand (NOT UCI) wiki for those wanting to use OpenWrt OpenVpn to connect to a service.
My ‘network’ has this in it:
config interface ‘OpenVPN’
option proto ‘none’
option ifname ‘tap0’
My ‘firewall’ is attached.
I am on a TAP config with my own server. I can not guarantee that this will work for others, but it’s a start.