VPN for Education & Research

18abbd2 write some more docs on policy routing + WireGuard

10 days ago

293ebde initial fixing up some stuff with source routing

10 days ago


Welcome to the VPN server documentation page. This site is intended for VPN server operators. It contains information on how to deploy the VPN software on a server, but also (technical) details on how to (better) integrate the software in existing infrastructure, and how configure the software for one's own organization.

If you are an end-user of eduVPN and want to contact someone, please try to find the contact information of your organization here. If you don't know where to go, then contact us at eduvpn-support@lists.geant.org.


This is an (incomplete) list of features of the VPN software:

  • OpenVPN server accepting connections on both UDP and TCP ports;
  • Uses multiple OpenVPN processes for load sharing purposes;
  • High Available deployments with multiple portals and nodes;
  • Scales from a Raspberry Pi to many core systems with 10GBit networking;
  • Full IPv6 support, using IPv6 inside the tunnel and connecting over IPv6;
  • Support both NAT and Public IPs;
  • Embedded CA for managing OpenVPN client certificates;
  • Full support for WireGuard;
  • Secure server and client configuration out of the box;
  • User Portal to allow users to manage their VPN configurations on their devices and Admin Portal to manage users and connections;
  • Internationalization / Localization support;
  • Authentication to portals using Local User DB (default), LDAP, RADIUS, OIDC, SAML and Client Certificates;
  • OAuth 2.0 API for integration with native eduVPN/Let's Connect! applications;
  • Deployment scenarios:
    • Full Tunnel to route all traffic over the VPN (for safer Internet usage on untrusted networks);
    • Split Tunnel to route only some traffic over the VPN (for access to the organization network);
    • Client-to-client (only) networking;
  • Group ACL support with SAML, LDAP authentication backends as well as "Static";
  • Ability to configure Logging;
  • Support multiple deployment scenarios simultaneously;
  • SELinux fully enabled (on Fedora, EL);
  • Usage Statistics and Monitoring;
  • Some Preview Features;

Make sure to also check our Roadmap to see what we are planning to do in future releases.


We support the following operating systems for deploying the VPN server:

We recommend you install your VPN server on Debian 11.

NOTE: we expect ALL software updates to be installed and the server rebooted before you install the VPN software!

NOTE: if you want to deploy on multiple machines for load balancing / high availability, please follow these instructions instead!

If you installed a VPN server and want to keep using it, please subscribe to the mailing list here. This list will be used for announcements of updates and discussion about running the VPN software.

#Supported Versions

We support a server release until such time the EOL date has been reached. We ONLY support the particular release on operating systems that are still supported by their vendor!

Version Release Date OS Support EOL
3 2022-05-25 Debian (>= 11), Ubuntu (>= 22.04), Fedora (>= 37), EL (>= 9) TBD
2 2019-04-02 Debian (>= 10), CentOS 7, Fedora (>= 37) 2024-06-30
1 2017-07-13 N/A N/A

If you are currently running the 2.x server, and want to upgrade to 3.x, you can look here. You can also view the 3.x Release Notes.