Connecting to a VPN via OpenVPN

Haiku has been able to use a VPN for some time now; it was announced back in November 2023. That article already has all the info needed, but as it recently came up I thought to write it all down in a separate post.

I don’t know much about networks and appreciate any corrections etc. in the comments.

  1. Get the openvpn package through the HaikuDepot app or in Terminal with

    pkgman install openvpn

  2. Get a configuration file (.ovpn) from your VPN provider.

  3. Open that configuration file and get the VPN server’s IP. You find it after the “remote” keyword.

  4. Get your current gateway IP. You see it when running the command “route” in the Terminal.

  5. To create the network tunnel, enter in Terminal:

    ifconfig tun/0 up

  6. In Terminal, enter:

    openvpn --config Your-downloaded-ovpn-file

    You’ll be asked to enter your login + password

  7. Reroute the network traffic with these 3 commands from another Terminal:

    route add /dev/net/iprowifi4965/0 The-VPN-IP gw Your-old-gateway-IP
    route del /dev/net/iprowifi4965/0 default gw Your-old-gateway-IP
    route add tun/0 inet default gw The-VPN-IP

    The network device path needs to be adjusted to your hardware, of course.

  8. In the network preferences you can set your VPNs (or any other) DNS servers.

And that’s it, from now on you only have to perform point 5 to 7 to connect to the VPN server. You can test your setup at sites like https://ipleak.net/.


I’ve put it all in a script that I invoke after my wireless network has successfully connected.
If there’s interest in that, I can add it in a comment.

8 Likes

Nice. Thanks !

1 Like

Get a configuration file (.ovpn) from your VPN provider.

Will try, but do all Internet provider offer VPN too?
Which provider are out there?

Do I have to pay for it or the service is offert somwhere else, I have no idea where to find a provider at first.#

But thank you for your nice tutorial Hummdinger. Great! Thanks.

1 Like

It’s a separate service, not part of your regular internet provider. Just websearch for “vpn” and you’ll get the usual hits like “25 top VPN services 2025”…
There appear to be free VPN offers, but I wonder how they finance their service… Still, just for trying stuff out and non-privacy critical things, they might do.

3 Likes

As I said, I’m a total networking ignoramus.
Before I start the frustrating quest to explore the “route” command and inevitably wreck the connection, forcing reboot after reboot… :slight_smile:

Can anyone reveal the route-incantation to revert the connection back to the non-vpning routing?

We got changes merged with OpenVPN to add / delete the routes to our routing table. They were merged in Dec 2024, so might not be in the version of OpenVPN on Haikuports (yet)

3 Likes

Thanks for that!
There’s a newer version of openvpn, v2.6.13, released on Jan 5th it should contain those changes. It appears to compile just fine with the exisiting patch for v2.6.12. I’ll create a PR for the haikuports recipe later.

So you say with that merged change it should work without the re-routing described in point 7 of the OP?

It doesn’t for me…

[Edit: I forgot the command “ifconfig tun/0 up” in the orginal post. Adding that now…]

1 Like

As @madmax pointed out at the recipe PR at haikuports, the changes kallisti5 mentioned aren’t in the openvpn v2.6 release branch. So, we stick to the procedure described in the OP.
Sorry for the noise and getting our hopes up… :slight_smile:

I just backported all of the openvpn master (aka 2.7) changes to our latest 2.6 openvpn port. (plus a few more fixes)

Good news:

  • OpenVPN is spitting out all of the things needed correctly to route traffic (use --verb 5 to see the exact route commands it is running)

Bad news:

  • OpenVPN attempts to add multiple default gateway routes which Haiku doesn’t handle well at the moment.

It’s “better” and more correct now, but probably makes things worse in the short-run :slight_smile:

2 Likes

Thanks for having a look at it!

Meaning it’s better to stick with openvpn 2.6 for now and doing the route-around manually?