howto configure OpenVPN - victronenergy/venus GitHub Wiki

Why

Adding an OpenVPN client to VenusOS allows secure remote access to VenusOS which will work in all but the most restrictive environments without the need to modify routers or firewalls at the remote location. OpenVPN not only allows secure remote access to VenusOS but also to devices on the remote network, such as PV inverters, via ssh tunnels and port forwarding.

Prerequisites

This page assumes you are familiar with OpenVPN servers and clients and IP networks. You will need to set up an OpenVPN server to which the OpenVPN client on VenusOS connects. This page describes how you can set up an OpenVPN client on VenusOS. There are many articles online describing how to set up OpenVPN servers and clients. OpenVPN documentation can be found here.

Installation

  1. Create a directory on the persistent data volume: mkdir /data/openvpn

  2. Download the OpenVPN package openvpn_2.4.3-r0_cortexa7hf-neon-vfpv4.ipk and place it in /data/openvpn

  3. Copy / create your OpenVPN client configuration file and place it in /data/openvpn

  4. Copy and paste the following text into /data/openvpn/start.sh

#!/bin/bash

OPENVPN=/data/openvpn
INSTALLED=$(opkg list_installed | grep openvpn | wc -l)
CONFIG=[your OpenVPN client configuration file here]
PACKAGE=openvpn_2.4.3-r0_cortexa7hf-neon-vfpv4.ipk

if [ $INSTALLED -eq 0 ]
then
	opkg update
	IN_REPO=$(opkg list openvpn | wc -l)
	if [ $IN_REPO -eq 0 ]
	then
		if [ -f $OPENVPN/$PACKAGE ]; then opkg install $OPENVPN/$PACKAGE; fi
	else
		opkg install openvpn
	fi
fi

# We may not have been able to install OpenVPN so let's see...
INSTALLED=$(opkg list_installed | grep openvpn | wc -l)

if [ $INSTALLED -eq 1 ]
then
	if [ ! -d /etc/openvpn ]; then mkdir /etc/openvpn; fi
	if [ ! -h /etc/openvpn/$CONFIG ]; then ln -s $OPENVPN/$CONFIG	/etc/openvpn/$CONFIG; fi
	if [ ! -h /etc/default/openvpn ]; then ln -s $OPENVPN/openvpn	/etc/default/openvpn; fi

	/etc/init.d/openvpn start
fi

  1. Edit the script replacing [your OpenVPN client configuration file here] with the name of your VPN configuration file.

  2. Copy and paste the following text into /data/openvpn/openvpn:

AUTOSTART="[your OpenVPN client configuration file here]" # Start a VPN tunnel using this config file
STATUSREFRESH=60                                          # Refresh VPN status in /var/run/openvpn.$NAME.status
OPTARGS=""                                                # No additional arguments required
OMIT_SENDSIGS=0                                           # Set this to 1 if you need OpenVPN running after sendsigs

  1. Edit this file replacing [your OpenVPN client configuration file here] with the name of your VPN configuration file.

  2. Include the following lines in `/data/rcS.local' so the OpenVPN client will start at boot.

# Start OpenVPN tunnel
/data/openvpn/start.sh
  1. Either reboot or run /data/openvpn/start.sh to start the OpenVPN client.