#Home

Welcome to the VPN server documentation page. This site is intended for VPN server operators. It contains information on how to deploy the VPN software on a server, but also (technical) details on how to (better) integrate the software in existing infrastructure, and how configure the software for one's own organization.

If you are an end-user of eduVPN and want to contact someone, please try to find the contact information of your organization here. If you don't know where to go, then contact us at eduvpn-support@lists.geant.org.

#Features

This is an (incomplete) list of features of the VPN software:

• OpenVPN server accepting connections on both UDP and TCP ports;
• Uses multiple OpenVPN processes for load sharing purposes;
• High Available deployments with multiple portals and nodes;
• Scales from a Raspberry Pi to many core systems with 10GBit networking;
• Full IPv6 support, using IPv6 inside the tunnel and connecting over IPv6;
• Support both NAT and Public IPs;
• Embedded CA for managing OpenVPN client certificates;
• Full support for WireGuard;
• Secure server and client configuration out of the box;
• User Portal to allow users to manage their VPN configurations on their devices and Admin Portal to manage users and connections;
• Internationalization / Localization support;
• Authentication to portals using Local User DB (default), LDAP, RADIUS, OIDC, SAML and Client Certificates;
• OAuth 2.0 API for integration with native eduVPN/Let's Connect! applications;
• Deployment scenarios:
  • Full Tunnel to route all traffic over the VPN (for safer Internet usage on untrusted networks);
  • Split Tunnel to route only some traffic over the VPN (for access to the organization network);
  • Client-to-client (only) networking;
• Group ACL support with SAML, LDAP authentication backends as well as "Static";
• Ability to configure Logging;
• Support multiple deployment scenarios simultaneously;
• SELinux fully enabled (on Fedora, EL);
• Usage Statistics and Monitoring;
• Some Preview Features;

Make sure to also check our Roadmap to see what we are planning to do in future releases.

#Installation

We support the following operating systems for deploying the VPN server:

• Debian 11 (x86_64)
• Ubuntu 22.04 (x86_64)
• Fedora 37, 38 (x86_64)
• Enterprise Linux
  • AlmaLinux 9 (x86_64)
  • Rocky Linux 9 (x86_64)

We recommend you install your VPN server on Debian 11.

NOTE: we expect ALL software updates to be installed and the server rebooted before you install the VPN software!

NOTE: if you want to deploy on multiple machines for load balancing / high availability, please follow these instructions instead!

If you installed a VPN server and want to keep using it, please subscribe to the mailing list here. This list will be used for announcements of updates and discussion about running the VPN software.

#Supported Versions

We support a server release until such time the EOL date has been reached. We ONLY support the particular release on operating systems that are still supported by their vendor!

If you are currently running the 2.x server, and want to upgrade to 3.x, you can look here. You can also view the 3.x Release Notes.