| title | description |
|---|---|
Client Compatibility |
List of Supported VPN Clients |
This document describes a number of VPN clients that can be used to connect to the VPN service.
Official applications are available on most platforms. These are optimized for working with the VPN software. The official applications are made available with two brand names:
- eduVPN: if you are part of the research and education community and your institution is running the eduVPN service;
- Let's Connect! everyone else outside this community, or when you run your own server, or someone else runs it for you.
The eduVPN applications only allow you to choose your organization from a curated list. The Let's Connect! applications allow you to specify a domain of the VPN server to connect to.
The benefit of the official applications is that they will make it much easier for the end user to configure the VPN, and will make sure the VPN keeps working in case configuration updates are required for connecting to the VPN. The other applications may require manual configuration downloads through the user portal to be able to keep using the VPN.
A full list of official applications is available, including the changelogs:
- eduVPN (APK)
- Let's Connect! (APK)
- eduVPN
- Let's Connect! (not yet available)
NOTE: see below for Linux support. The eduVPN/Let's Connect! application
will only work properly if NetworkManager works properly with tls-crypt on
your system! If not, you can use the manual instructions further down.
In addition to the official applications, you can also use any OpenVPN compatible client on the platform of your choice. Some of the more popular ones will be discussed below.
As long as as the VPN client is based on OpenVPN >= 2.4 or OpenVPN 3 it should be possible to make it work.
- OpenVPN Community client
- Choose "Installer, Windows Vista and later";
- Make sure you have the installer from the 2.4 release, e.g.
openvpn-install-2.4.6-I602.exe; - Keep your version updated, there may be (security) releases from time to time!
- Install the OpenVPN Community client
- (Optionally) read the documentation here;
- Start OpenVPN (a Desktop icon is created automatically);
- Import the downloaded configuration by right clicking on OpenVPN's tray icon and choosing "Import".
NOTE: OpenVPN will automatically start on Windows start-up, it will not automatically connect!
Download tunnelblick. Make sure you use OpenVPN 2.4 in tunnelblick! You can modify this in the settings if required. Read the Quick Start Guide.
Install OpenVPN for Android, also available via F-Droid.
The proprietary OpenVPN Connect can also be used. See the OpenVPN Connect FAQ.
Install OpenVPN Connect. A FAQ is available.
You may want to enable Seamless tunnel (iOS8+) in the OpenVPN Settings. It
will try to keep the VPN tunnel active as much as possible. See the FAQ for
more details.
The following table lists Linux distribution support when using NetworkManager's OpenVPN plugin and manual configuration.
On Fedora/Red Hat Enterprise Linux/CentOS you need to install the package
NetworkManager-openvpn-gnome. On Red Hat Enterprise Linux/CentOS you MUST
first enable the EPEL repository!
On Debian/Ubuntu you need to install the network-manager-openvpn-gnome
package. If you are using KDE you only need to install the
network-manager-openvpn package.
See the instructions below on how to get the VPN working manually.
| Distribution | NetworkManager | Manual | Remarks |
|---|---|---|---|
| Debian 8 | no | no | Uses OpenVPN 2.3 |
| Debian 9 | yes* | yes | network-manager-openvpn >= 1.2.10 required for tls-crypt support. A backport MUST be installed, see below |
| Debian 10 | yes | yes | - |
| Ubuntu 16.04 LTS | no | no | Uses OpenVPN 2.3 |
| Ubuntu 18.04 LTS | yes* | yes | DNS leak |
| Kubuntu 18.04 LTS | yes* | yes | KDE's VPN import does NOT work, use nmcli connection import type openvpn file <file.ovpn> from Konsole |
| Ubuntu 18.10 | yes | yes | - |
| Ubuntu 19.04 | yes | yes | - |
| CentOS 7 | yes | yes | - |
| Fedora 30, 31 | yes | yes | - |
For Debian 8 and Ubuntu 16.04 LTS, an OpenVPN repository is available with a more up to date version of OpenVPN. This may be sufficient to make the VPN work manually as described below, however, this was NOT tested.
On Debian 9, a backport of network-manager-openvpn exists to make
tls-crypt work. In order to install this, add the following line to
/etc/apt/sources.list:
deb http://deb.debian.org/debian stretch-backports main contrib non-free
Then install/update the relevant package:
$ sudo apt-get update
$ sudo apt-get -t stretch-backports install network-manager-openvpn-gnome
This will upgrade all required packages as well. You may need to reboot or restart NetworkManager.
If you do not want to route all traffic over the VPN, you need to manually specify this in NetworkManager. By default, NetworkManager will try to send all traffic over the VPN, whether or not the servers indicates the VPN should not be used as a default gateway.
When editing the VPN configuration, under the IPv4 and IPv6 tabs you can select "Use this connection only for resources on its network", this way it will honor the pushed routes.
To start OpenVPN manually, we assume below that you downloaded an OpenVPN
configuration file through the user portal, e.g.
https://vpn.example.org/vpn-user-portal/.
$ sudo openvpn --config vpn.example.org_internet_20180101.ovpn
NOTE: The DNS servers will NOT be updated by running OpenVPN like this! See instructions below for dealing with this automatically.
Install the OpenVPN package:
$ sudo apt-get install openvpn resolvconf
Copy your configuration file to /etc/openvpn/client. Make sure you give it
the extension .conf!
$ sudo cp vpn.example.org_internet_20180101.ovpn \
/etc/openvpn/client/vpn.example.org_internet_20180101.conf
Modify the configuration file, and add the following lines to it:
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
Now start the OpenVPN service:
$ sudo systemctl start [email protected]_internet_20180101
Install the OpenVPN package, make sure EPEL is enabled:
$ sudo yum -y install openvpn
Copy your configuration file to /etc/openvpn/client. Make sure you give it
the extension .conf!
$ sudo cp vpn.example.org_internet_20180101.ovpn \
/etc/openvpn/client/vpn.example.org_internet_20180101.conf
Copy DNS update scripts to /etc/openvpn and modify the permissions:
$ sudo cp /usr/share/doc/openvpn-*/contrib/pull-resolv-conf/client.* /etc/openvpn/
$ sudo chmod 0755 /etc/openvpn/client.*
Modify the configuration file, and add the following lines to it:
script-security 2
up /etc/openvpn/client.up
down /etc/openvpn/client.down
Now start the OpenVPN service:
$ sudo systemctl start [email protected]_internet_20180101