Hi everyone,
I’m considering moving some of my traffic to a free VPN like hide.me
Unfortunately I can not import a .ovpn file that contains the configuration. How can i import this configuration file?
I’ve found that the options available under the Nethserver UI to be on the inadequate side when it comes to connecting NS as a client, as it’s really designed for net2net connectivity. Unless that has changed since I last looked.
I usually start this type of OpenVPN client outside of the NS infrastructure. Copy the provided .opvn file to /etc/openvpn/clients/ and rename it as a .conf. You can then start the tunnel using:
systemctl start openvpn-client@<filename without .conf>
You can then use the systemctl options to control when the tunnel is started and stopped.
Usually most VPN providers set their configurations up to route all the traffic out via the tunnel. If you only want certain traffic, then you will have to both modify the provided configuration file and also set up you own routing rules.
Cheers.
I don’t know if it’s the solution, because this is an example .ovpn file and it include some additional parameter that NS doesn’t support like the bold one
client
dev tun
proto udp
remote-random
remote au.hide.me 4000
cipher AES-256-CBC
auth SHA256
resolv-retry infinite
nobind
persist-key
persist-tun mute-replay-warnings verb 3
auth-user-pass userpass.txt reneg-sec 0 remote-cert-tls server verify-x509-name “*.hide.me” name tls-version-min 1.2 key-direction 0
I don’t like start the VPN outside NS
I’d like to see and manage it from webpage with smartphone and tablet.
I would like some sites or services (like netflix) to go through the VPN and all the rest of the normal WAN traffic.
I think it’s possible to do this through firewall rules, right?
Then you would have to create/modify the templates and code snippets used to create the configuration file to make it a true client configuration. However, getting that information to show on NS’s UI to configure would be an even bigger job.
I’d say that could be very difficult, again needing creates/updates to the NS templating system to achieve as you would need to create rules around interfaces that are only present when the tunnel is “open”. Always assuming that you can correctly identify the traffic you want re-routed.
All of these are the reasons I run my VPN client outside of NS’s control with modified conf files to override the routing updates that the server tries to force, but do include scripts that create/destroy the additional templates I need for a Shorewall (re-)start.