OpenVPN Control¶
You can connect the current device to the OpenVPN network by calling the API provided by FIRERPA. The built-in OpenVPN support in FIRERPA allows you to choose one of three login modes: certificate-based (CA/CERT/KEY), username/password (CA/user/password), or certificate + username/password (CA/CERT/KEY/user/password) — depending on your OpenVPN server configuration. It can coexist with the system proxy. Note that this functionality only includes the core features of OpenVPN; except for DNS configuration, other automatic configurations pushed by the server (such as PAC proxy, HTTP proxy settings, etc.) are not applied. To save you the hassle of setting up an OpenVPN server, we provide an out-of-the-box OpenVPN Docker image with built-in scripts that can generate the API call code and auto‑start configuration.
Connecting to VPN¶
We recommend reading the Deploy OpenVPN Service documentation first to understand how to automatically generate this connection configuration. Manual writing is error‑prone. The following only introduces the main API calls.
profile = OpenVPNProfile()
# Paste the code automatically generated by the self-hosted server here
d.start_openvpn(profile)
Disconnecting VPN¶
Disconnecting the VPN is also simple. Just run the following code to stop OpenVPN.
d.stop_openvpn()
Full Parameters¶
The complete list of VPN interface parameters and their meanings is provided below. We do not recommend writing these parameters manually; use the code generated by your self-hosted server.
Whether to enable global VPN. If enabled, all traffic on the system will exit through the VPN server.
profile.all_traffic = False
The transport protocol used by the server. Choose either OpenVPNProto.UDP or OpenVPNProto.TCP depending on your server configuration.
profile.proto = OpenVPNProto.UDP
Username and password required for OpenVPN username/password authentication.
profile.login = "username"
profile.password = "password"
Use these two parameters to set the address and port of the OpenVPN server.
profile.host = Server address
profile.port = Server port
Set the server-side channel encryption method. The interface supports AES_128_GCM, AES_256_GCM, CHACHA20_POLY1305, AES_128_CBC, and AES_256_CBC.
profile.cipher = OpenVPNCipher.AES_256_GCM
Configure OpenVPN TLS authentication parameters. For more details, refer to the official documentation at openvpn.net/community-resources/reference-manual-for-openvpn-2-5.
profile.tls_encryption = OpenVPNEncryption.TLS_CRYPT
profile.tls_key_direction = OpenVPNKeyDirection.KEY_DIRECTION_NONE
profile.tls_key = "-----BEGIN OpenVPN Static key V1-----"
Configuration for the OpenVPN client certificate, client private key, and server certificate.
profile.ca = "-----BEGIN CERTIFICATE-----"
profile.cert = "-----BEGIN CERTIFICATE-----"
profile.key = "-----BEGIN PRIVATE KEY-----"
Auto-connect VPN¶
You can configure FIRERPA to automatically connect to the VPN on startup. Refer to Service Configuration for the configuration method. Due to the complexity of the settings, we still recommend against manual authoring. Please check the Deploy OpenVPN Service documentation to learn how to generate and fill in the relevant configuration.
Quick VPN Setup¶
Please refer to the Deploy OpenVPN Service documentation for deployment and usage instructions.