# VPN client for Gentoo

## Aranycsapat

I am looking for a working VPN client for Gentoo. 

As far as I know the standard ebuilds like net-vpn/openvpn, net-vpn/wireguard and so on are barely useful without a server. I do not have a server, I am only an end user who just wants to open some blocked sites.

I tried several commercial services such as expressvpn, protonvpn, windscribe. All they offer linux users is debs and rpms. (Protovpn offers a gentoo package, too, but unmasking it is a true hell.) As for installation of rpms it failed since they require systemd which I do not use at all.

A browser extension could be a partial solution, but it is not helpful while using bittorrent, torbrowser.

So, how one can have a full-fledged VPN client on gentoo?

----------

## alamahant

 *Quote:*   

> 
> 
> So, how one can have a full-fledged VPN client on gentoo?
> 
> 

 

Openvpn is the answer.But you will need to connect to a free or paid vpn server.

They will provide you with a .ovpn file that openvpn client will use to connect with.

In case of proton see

https://protonvpn.com/support/linux-openvpn/

Then connect using the provided file(s) by issuing

```

openvpn --config /path/to/*.ovpn

```

----------

## Juippisi

Many vpn provides provide a "configuration tool" where you can just generate a config and feed that to openvpn. Then it works when you start openvpn service in Gentoo. 

https://wiki.gentoo.org/wiki/OpenVPN

WireGuard works in a similar fashion, but less providers support it yet.

https://wiki.gentoo.org/wiki/Wireguard

And then yes we have some specific clients in the repo, these usually aren't needed to actually run the vpn, but they provide a nicer GUI and maybe some nice features like changing servers with a mouse click. Do note that managing vpn connections is also easy with networkmanager.

And the final note I want to give is, some vpn providers offer browser extensions where you don't have to install / configure anything in your machine, just get the extension to your web browsing. Obviously this doesn't hide your traffic outside web browser. As you said yourself.

----------

## Aranycsapat

Thank you, guys. I successfully established vpn on my laptop and phone. However the desktop is a different story. On desktop I prefer to use openvpn directly, unlike laptop, where I establish a vpn connection via a Network manager GUI configuration tool.

On desktop I use 

```
openvpn --config /path/to/*.ovpn
```

command. It requests username and password, and I have no problems with that. However it is too exhausting to enter them once I want vpn. I would like to automatize the process. I tried to write my login data into an auth file and then type its position into ovpn under auth-user-pass (as specified on Gentoo handbook), but in this case the command above crashes. Any suggestions?

----------

## alamahant

```

auth-user-pass ~/vpn-login.conf

```

and

```

cat ~/vpn-login.conf

some-username

some-password

```

 *Quote:*   

> 
> 
> but in this case the command above crashes
> 
> 

 

How exactly?

Plz post terminal output.

and

```

ls -l /dev/tun

```

Which kernel are you using?

Is it home made?

----------

## Aranycsapat

Oops... It seems that my auth file contained extra spaces.    :Rolling Eyes:   I fixed it and everything is just fine.

However having terminal open is not convenient.  Is it possible to launch openvpn with my data at boot? Also is it safe to keep login data and certificates as is, without encryption?

----------

## Hu

Yes, you could choose to start OpenVPN at boot.  You can keep the login data unencrypted in a file if you have other measures to maintain the security of that data, such as full disk encryption, or if you have a high level of confidence in the physical security of your computer, or if you don't care about whether the data is stolen.

----------

## szatox

You can start openvpn as a service.

Whether or not it's safe to keep passwords without encryption depends on your setup, use case, and threat model. I was fine with encrypted disk and making the file with credentials readable only by root. This way either full disk encryption makes it unreadable by 3rd parties or kernel keeps applications from prying.

----------

## alamahant

If you are using openrc then create a file 

```

echo '#!/bin/bash' > /etc/local.d/openvpn.start

echo "openvpn --config /path/to/*.ovpn" >> /etc/local.d/openvpn.start

chmod +x /etc/local.d/openvpn.start

rc-update add local default

```

Then this script will run @boot.

You could use the main config openvpn.conf to specify client|server config but not necessary.

This way you dont even need to enable openvpn service.

Dont worry too much about vpn username|password being unecrypted.I wouldnt.

In case it is compromised then issue a new pair from your proton mail dashboard.

But its up to you.

----------

## szatox

 *Quote:*   

>  This way you dont even need to enable openvpn service. 

 And how is adding it manually to local better than enabling a service via an already provided script?

It gives you less control, and also by the time you have to change something, you're likely to forget you did it this way, so will have to reverse-engineer it in the future.

----------

## alamahant

 *Quote:*   

> 
> 
> And how is adding it manually to local better than enabling a service via an already provided script?
> 
> 

 

The OP apparently needs the client aspect of openvpn.

So its not necessary to start the openvpn service.

GRANTED he can rename his .ovpn to openvpn.conf.

What if he has 30 .ovpn files.

To me it seems "neater" via local.d.

The ideal would be a script to let him choose among multiple vpn connections.

This is what i use.

Plz see

https://forums.gentoo.org/viewtopic-t-1149662-highlight-.html

----------

