# Connecting to a Virtual Network (OpenVPN) You can connect the current device to an OpenVPN network by calling the interfaces provided by FIRERPA. FIRERPA has built-in support for OpenVPN, allowing you to choose one of three authentication modes (depending on your OpenVPN server configuration): certificate-based authentication (CA/CERT/KEY), username/password authentication (CA/user/password), or certificate + username/password authentication (CA/CERT/KEY/user/password). It can coexist with the system proxy. It is important to note that this feature only includes the main functionalities of OpenVPN. Apart from `DNS` configuration, it cannot currently apply other automatic configuration information pushed by the server. These configurations include, but are not limited to, PAC proxy, HTTP proxy configurations, etc. To save you the trouble of installing an OpenVPN server, we provide a ready-to-use OpenVPN Docker image that comes with scripts to generate API call code and auto-start configurations. ## Connecting to VPN We recommend you first read the `Deploying an OpenVPN Server` documentation to understand how to automatically generate this connection configuration. Writing it manually has a high probability of error. Below, we will only introduce the calling method for the main interface. ```python profile = OpenVPNProfile() # Paste the auto-generated code from your self-deployed server here d.start_openvpn(profile) ``` ## Disconnecting from VPN The method for disconnecting from the VPN is also very simple. You only need to do the following to close the OpenVPN connection. ```python d.stop_openvpn() ``` ## Full Parameters Below is the complete parameter configuration information for the VPN interface. We are only describing the meaning of each parameter. We do not recommend you write the parameters for this interface yourself; please generate the code through your self-deployed server. Whether to enable a global VPN. If enabled, all system traffic will exit through the VPN server. ```python profile.all_traffic = False ``` The connection protocol enabled on the server side. You can choose `OpenVPNProto.UDP` or `OpenVPNProto.TCP`. This option depends on your server's configuration. ```python profile.proto = OpenVPNProto.UDP ``` Username and password configuration for OpenVPN username/password authentication. ```python profile.login = "username" profile.password = "password" ``` You can set your OpenVPN server's address and port using these two parameters. ```python profile.host = server_address profile.port = server_port ``` Sets the server-side channel encryption method. The interface supports `AES_128_GCM`, `AES_256_GCM`, `CHACHA20_POLY1305`, `AES_128_CBC`, and `AES_256_CBC` encryption methods. ```python profile.cipher = OpenVPNCipher.AES_256_GCM ``` Sets OpenVPN tls-auth related parameters. You can visit the official documentation at [openvpn.net/community-resources/reference-manual-for-openvpn-2-5](https://openvpn.net/community-resources/reference-manual-for-openvpn-2-5/) to learn more. ```python profile.tls_encryption = OpenVPNEncryption.TLS_CRYPT profile.tls_key_direction = OpenVPNKeyDirection.KEY_DIRECTION_NONE profile.tls_key = "-----BEGIN OpenVPN Static key V1-----" ``` Configuration for OpenVPN client certificate, client private key, and server certificate. ```python profile.ca = "-----BEGIN CERTIFICATE-----" profile.cert = "-----BEGIN CERTIFICATE-----" profile.key = "-----BEGIN PRIVATE KEY-----" ``` ## Auto-connecting to VPN You can make FIRERPA automatically connect to the VPN server on startup by writing a `properties.local` file. Due to the complexity of this configuration, we still do not recommend writing it yourself. Please refer to our documentation on self-deploying an OpenVPN server to learn how to automatically generate the `properties.local` configuration information. ## Quickly Setting Up a VPN Please go to our `Deploying an OpenVPN Server` related documentation to see how to deploy and use it.