Technical data
4. Packages
4.14. OpenVPN - VPN Support
As of version 2.1.5 package OpenVPN is part of fli4l.
Important: For using OpenVPN over the Internet a flatrate or billing based on data volume
is a must have! If the fli4l router is powered on the connection will never be hung up because a
small amount of data is permanently transferred by OpenVPN. Using a VPN Tunnel over the
Internet thus can cause high online costs. The same is applying for an ISDN connection being
used for OpenVPN.
Besides OpenVPN another VPN package exists: OPT_PoPToP (see opt-database http:
//www.fli4l.de/download/zusatzpakete/).
Deciding which VPN solution to use is driven by security and function concerns. No advices
on security of the different packages are given by the team. In unsure, see
Linux-Magazine January 2004
http://diswww.mit.edu/bloom-picayune/crypto/14238
http://sites.inka.de/bigred/archive/cipe-l/2003-09/msg00263.html
Concerning functionality a clear advice can be given to use OpenVPN which outperforms
both CIPE and poptop here. OpenVPN supports tunnel mode, bridge mode, data compression
and is more solid than CIPE on a fli4l router. OpenVPN has a Windows version to be used
as of Windows 2000. Only disadvantages against CIPE are the sheer size in opt archive and
missing OpenVPN support for fli4l version 2.0.x.
4.14.1. OpenVPN - Introductive Example
To introduce you to OpenVPN’s configuration at first a small example. Two networks that
both use a fli4l router shall be connected over the Internet. OpenVPN establishes an encrypted
tunnel on both fli4l routers to let computers from both nets communicate with each other. The
configuration variables shown in picture 4.1 are used for this purpose.
Figure 4.1.: VPN configuration example — tunnel between two routers
local net, remote net represent the two nets to be connected by the tunnel. They have to
be in different TCP/IP ranges and should have different non interfering net masks. The
settings from IP_NET_x (Page 39) in both routers base.txt configuration files hence have
162