Connecting to Virtual Network (OpenVPN)¶
You can connect the current device to an OpenVPN network by calling the interface provided by FIRERPA. FIRERPA’s built-in OpenVPN supports three login modes: certificate login mode (CA/CERT/KEY), username/password login mode (CA/user/password), and certificate + username/password login mode (CA/CERT/KEY/user/password). You can choose one of these (it also depends on how your OpenVPN server is configured), and it can coexist with the system proxy. Note that this function only includes the main functions of OpenVPN. Apart from DNS
configuration, it currently cannot apply other automatic configuration information pushed by the server. These configurations include, but are not limited to, PAC proxy, http proxy configuration, etc. To save you the trouble of installing an OpenVPN server, we provide an out-of-the-box OpenVPN docker image that comes with scripts to generate interface call code and auto-start configuration.
Connecting to VPN¶
We recommend that you first look at the Deploying OpenVPN Server
document to understand how to automatically generate this connection configuration. Manual writing has a high possibility of error. Below we only introduce the main interface call methods.
profile = OpenVPNProfile()
# Paste the automatically generated code from the self-deployed server here
d.start_openvpn(profile)
Closing VPN¶
The method to close the VPN is also simple, just like this to close OpenVPN.
d.stop_openvpn()
Complete Parameters¶
Below are the complete parameter configuration information for the VPN interface. We are only describing the meaning of each parameter for you. We do not recommend that you write the parameters of this interface yourself. Please generate the code through the self-deployed server.
Whether to enable global VPN. If enabled, all traffic in the system will exit from the VPN server.
profile.all_traffic = False
The connection protocol enabled on the server side. You can choose OpenVPNProto.UDP or OpenVPNProto.TCP. This option depends on your server’s configuration.
profile.proto = OpenVPNProto.UDP
OpenVPN username/password authentication configuration.
profile.login = "username"
profile.password = "password"
You can set the address and port of your OpenVPN server through these two parameters.
profile.host = server_address
profile.port = server_port
Set the server-side channel encryption method. The interface supports using AES_128_GCM
, AES_256_GCM
, CHACHA20_POLY1305
, AES_128_CBC
, AES_256_CBC
encryption methods.
profile.cipher = OpenVPNCipher.AES_256_GCM
Set OpenVPN tls-auth related parameters. You can visit the official documentation openvpn.net/community-resources/reference-manual-for-openvpn-2-5 to learn more.
profile.tls_encryption = OpenVPNEncryption.TLS_CRYPT
profile.tls_key_direction = OpenVPNKeyDirection.KEY_DIRECTION_NONE
profile.tls_key = "-----BEGIN OpenVPN Static key V1-----"
OpenVPN client certificate, client private key, server certificate related configuration.
profile.ca = "-----BEGIN CERTIFICATE-----"
profile.cert = "-----BEGIN CERTIFICATE-----"
profile.key = "-----BEGIN PRIVATE KEY-----"
Automatically Connecting to VPN¶
You can make FIRERPA automatically connect to the VPN server when it starts by writing properties.local. Since this configuration is complex, we still do not recommend writing it yourself. Please check our self-deployed OpenVPN server documentation to understand how to automatically generate properties.local configuration information.
Quickly Setting Up VPN¶
Please refer to our Deploying OpenVPN Server
related documentation to see how to deploy and use it.