Tag Archives: OpenVPN

OpenVPN is free software for building a virtual private network over an encrypted TLS connection.

OpenVPN Client renegotiation after 60 min

Using OpenVPN + 2FA with Google Authenticator

OpenVPN will attempt to have a client renegotiation every 60 minutes (3600 sec) by default, which will prompt the user to enter their 2FA pin to continue the connection.

Renegotiate time

Renegotiate data channel key after n seconds (default=3600). When using a (OTP) one time password, be advised that your connection will automatically drop because your password is not valid anymore. Set to 0 to disable, remember to change on server and client as well.

If you want unlimited connection without these interruptions, update the /etc/openvpn/client-template.txt file and add reneg-sec 0 parameter, this file can look like this:

dev tun
persist-tun
persist-key
data-ciphers-fallback AES-256-CBC
auth SHA512
client
resolv-retry infinite
reneg-sec 0
remote 203.0.113.1 1194 udp
lport 0
verify-x509-name "C=IT, ST=IT, L=example, O=Azienda, emailAddress=hostmaster@example.tld, CN=OPN.example.tld" subject
remote-cert-tls server
auth-user-pass
auth-nocache
compress

Community Edition

The OpenVPN Community Edition is an open source Virtual Private Network (VPN) project. It creates secure connections over the Internet using a custom security protocol that utilizes SSL/TLS. This community-supported OSS (Open Source Software) project, using a GPL license. developers and contributors as well as the extended community. CE is free to deploy, but it does require a strong understanding of Linux and using the command line interface.

OpenVPN Tunneling Protocol

The OpenVPN tunneling protocol uses the Secure Socket Layer (SSL) encryption protocol to ensure data shared via the Internet remains private using AES-256 encryption. Because the code is available for audits, anyone can find — and fix — vulnerabilities. It’s not only considered the most secure VPN tunneling protocol, it also delivers faster connections and can bypass most firewalls.

OpenVPN Connect using on iPhone and Android

OpenVPN is enjoying increasing popularity. The OPNsense firewall offers an excellently integrated OpenVPN server with numerous features, but other open source solutions also use OpenVPN, as well as the Synology NAS devices, where OpenVPN is part of the VPN server, which is available in the DSM Package Center. The popular open source VPN solution is available for all common operating systems, from Linux and Windows to MacOS and mobile devices with iOS and Android.

This tutorial shows how to set up OpenVPN Connect and using VPN connections on iOS and Android.

How to use OpenVPN Connect on iPhone and Android

First, the OpenVPN Connect app is loaded onto the device. This is available free of charge in the Apple App Store and Google Play.

OpenVPN Apple StoreOpenVPN Google Play

The configuration of the clients is done by importing the ovpn profile, which contains all the necessary settings.

  1. Launch the OpenVPN Connect app
  2. Tap Upload File
  3. Tab BROWSE
  4. Choose My Documents folder – Select Downloads
  5. Select OpenVPN configuration file .ovpn
  6. Tab Done
  7. Import .ovpn profile? OK
  8. Enter your username and select CONNECT
  9. For 2FA enter OTP and password together OTP token + password

  Import more OpenVPN profiles by tapping on the + symbol.

Screenshot gallery of OpenVPN Import Profile for Android.

  The first time you connect after tapping the slide switch, the app will ask for permission to add the VPN configuration. If everything has been completed successfully, a VPN tunnel is established by the client to the server, which the app outputs via the status CONNECTED.

How to transfer OpenVPN profile?

The easiest way to transfer the configuration file (.ovpn) to an iOS or Android device is to transfer the file from the PC to the smartphone or tablet via Bluetooth. First both devices you’re have to pair via Bluetooth, then on the PC select the OVPN file with click the right mouse button, from the context menu choose – Send to Bluetooth device.

After confirming with OK, the OVPN file should now be found on the mobile device under “My Documents” in the “Downloads” folder.

Alternatively, you can send the OVPN file by email to your email address and then save it to your smartphone or tablet, or via cloud storage, and if available, via local synchronization such as Synology Drive.

Conclusion

OpenVPN as an open source solution is available for all clients of the common platforms, such as iOS and Android.

The corresponding app can be obtained from the respective store and the configuration is done via a file that contains all the settings and that you download from the OpenVPN server.

The OPNsense firewall is particularly recommended as an OpenVPN server. Numerous options can be configured, such as client and server certificates and 2FA authentication, with the integration of LDAP for active directory and google authenticator TOTP for multi-factor authentication.

Sources:

The next relevant post might also be helpful, see How To OPNsense 2FA TOTP with Google Authenticator shows the provisioning.