Open VPN Server 2.27 - more options

mbartosik · 2018-04-02T17:12:53.681Z

I understand that in 2.27 it is an initial version with Open VPN Server.
In addition to the options that pseudonoise suggested:
2, GUI for VPN Server port selection.
3, Multiple user certificates. I would add including the ability to generate a single additional certificate and to revoke certs.
4, A start VPN server on boot option tick box. I would add - make start on boot the default.
5, An option to force DNS servers

My suggestions are:
6 Tun vs Tap selection
7 Check boxes to select which networks OpenVPN clients have access to.
Nothing checked means access only to the router.
Check boxes for each adapter or virtual adapter to which OpenVPN clients have access.
8 Option to use UPnP for opening ports when router is behind another NAT (on by default)
9 IP4 / IP6
10 UDP vs TCP (UDP by default)
11 Selection of IP address of VPN and the subnet
12 Whether to tell clients to redirect internet traffic (use VPN for gateway).
13 Client isolation (allow client <==> client traffic or not)

Open VPN Server is on a number of other consumer level routers, I’m sure you can also take a look at options provided there.

Given the ~1W power requirements of the AR-150 (1.1W when supplied by my PoE switch) this really is a lot of flexibility!

Mark

kyson-lok · 2018-04-03T01:16:59.508Z

Thanks for your suggestion, we will make the evaluation.

alzhao · 2018-04-03T03:14:41.574Z

Thanks for your suggestions. I do have a ASUS router with openvpn server. It does provide some settings which make it very complicated to use.

2, 3, 5 will be added.
4 should already be done, I think.
6 Tun and Tap will be investigated. I think this will be different scenarios.
7 should be done in client side, not server side.
8 We did you upnp to open ports but seems this is never reliable. Less than 30% can be successful. Most routers will have upnp disabled.
9. 10. 11 Yes.
12 I am not sure if this should be enabled. My ASUS router surely have this. This changes the application scenario. I’d rather to add if vpn should be able to access the local network. By default, it only can access Internet.
13 Good suggestion.

junk1 · 2018-04-03T04:02:16.471Z

On # 6, tun vs tap, I think this should be very easy to implement and will add a much needed functionality.

alzhao · 2018-04-05T05:24:04.338Z

The problem is, in the client side, if you use a smartphone, you can connect to the vpn network directly.

If you use a router, it have to bridge all devices to the vpn network, not routing. This is the difference.

junk1 · 2018-04-05T14:00:53.838Z

Indeed. Neither Android nor iOS support tap VPN at this time, so this is not an issue for smartphones.

For other clients, however, bridging is necessary for VPN clients to be in the same broadcast domain as the server’s LAN. For that you need a tap VPN.

alzhao · 2018-04-07T05:23:56.271Z

I didn’t know Andriod and iOS don’t support tap.

Now the router just force to use routing mode even it is TAP.