Connecting to a Virtual Network (OpenVPN)¶

You can connect the current device to an OpenVPN network by calling the interfaces provided by FIRERPA. FIRERPA has built-in support for OpenVPN, allowing you to choose one of three authentication modes (depending on your OpenVPN server configuration): certificate-based authentication (CA/CERT/KEY), username/password authentication (CA/user/password), or certificate + username/password authentication (CA/CERT/KEY/user/password). It can coexist with the system proxy. It is important to note that this feature only includes the main functionalities of OpenVPN. Apart from DNS configuration, it cannot currently apply other automatic configuration information pushed by the server. These configurations include, but are not limited to, PAC proxy, HTTP proxy configurations, etc. To save you the trouble of installing an OpenVPN server, we provide a ready-to-use OpenVPN Docker image that comes with scripts to generate API call code and auto-start configurations.

Connecting to VPN¶

We recommend you first read the Deploying an OpenVPN Server documentation to understand how to automatically generate this connection configuration. Writing it manually has a high probability of error. Below, we will only introduce the calling method for the main interface.

profile = OpenVPNProfile()
# Paste the auto-generated code from your self-deployed server here
d.start_openvpn(profile)

Disconnecting from VPN¶

The method for disconnecting from the VPN is also very simple. You only need to do the following to close the OpenVPN connection.

d.stop_openvpn()

Full Parameters¶

Below is the complete parameter configuration information for the VPN interface. We are only describing the meaning of each parameter. We do not recommend you write the parameters for this interface yourself; please generate the code through your self-deployed server.

Whether to enable a global VPN. If enabled, all system traffic will exit through the VPN server.

profile.all_traffic  = False

The connection protocol enabled on the server side. You can choose OpenVPNProto.UDP or OpenVPNProto.TCP. This option depends on your server's configuration.

profile.proto        = OpenVPNProto.UDP

Username and password configuration for OpenVPN username/password authentication.

profile.login        = "username"
profile.password     = "password"

You can set your OpenVPN server's address and port using these two parameters.

profile.host         = server_address
profile.port         = server_port

Sets the server-side channel encryption method. The interface supports AES_128_GCM, AES_256_GCM, CHACHA20_POLY1305, AES_128_CBC, and AES_256_CBC encryption methods.

profile.cipher       = OpenVPNCipher.AES_256_GCM

Sets OpenVPN tls-auth related parameters. You can visit the official documentation at openvpn.net/community-resources/reference-manual-for-openvpn-2-5 to learn more.

profile.tls_encryption = OpenVPNEncryption.TLS_CRYPT
profile.tls_key_direction = OpenVPNKeyDirection.KEY_DIRECTION_NONE
profile.tls_key      = "-----BEGIN OpenVPN Static key V1-----"

Configuration for OpenVPN client certificate, client private key, and server certificate.

profile.ca           = "-----BEGIN CERTIFICATE-----"
profile.cert         = "-----BEGIN CERTIFICATE-----"
profile.key          = "-----BEGIN PRIVATE KEY-----"

Auto-connecting to VPN¶

You can make FIRERPA automatically connect to the VPN server on startup by writing a properties.local file. Due to the complexity of this configuration, we still do not recommend writing it yourself. Please refer to our documentation on self-deploying an OpenVPN server to learn how to automatically generate the properties.local configuration information.

Quickly Setting Up a VPN¶

Please go to our Deploying an OpenVPN Server related documentation to see how to deploy and use it.