Regarding this issue, I looked into this and currently, when a user creates a device/client connection through the portal, the device is registered under the username of the creator and is not visible to other users (screenshot below). [image: 1737439619075-557168ac-6517-4c0b-a315-90beac059ad4-image.png] After reviewing the app’s code, this appears to be the current functionality, as seen in the following code snippet: https://git.cloudron.io/apps/openvpn-app/-/blob/master/src/openvpn.js?ref_type=heads#L133 Would it be possible for the Cloudron team to modify this functionality so that the portal returns a list of all clients created under the current OpenVPN app instead? To make this request clearer, I have outlined a feature request below: Feature Request: Display All Device Keys in OpenVPN portal Summary As a user, I would like to display all device keys created by any Cloudron user, excluding specific keys (ca.key and cloudron.key) , so that I can view all devices associated with the app and verify their connection status. Description Currently, the application only lists .key files in the private directory associated with the logged-in user. To enhance usability, we propose displaying all device keys created under the OpenVPN app. Acceptance Criteria The application should filter out ca.key and cloudron.key from the list of .key files. The application should correctly extract and display the username and device name from the remaining .key files and display that in the portal. Implementation Details Filter Key Files: Modify the code to filter out ca.key and cloudron.key from the list of .key files. https://git.cloudron.io/apps/openvpn-app/-/blob/master/src/openvpn.js?ref_type=heads#L133 Extract Username and Device Name: Update the code to correctly extract the username and device name from the remaining .key files. If you require to maintain the current functionality, you could make this feature configurable in the settings for the OpenVPN app. I have attached a snapshot of the code change that would be required. [image: 1737439691287-92c50171-b8c4-4bbf-9598-9bd522ddb32c-image-resized.png]

Thanks for the quick fix!

Good workflow! @Kubernetes said in AGH, Hetzner Firewall and Dynamic IP: I have whitelistet my ISP IP and update it manually when it changes. I think this is where the API will help if your IP changes a lot. I don't know if it applies to @sponch but in my home, the VPS only changes IP within a specific subnet. In the firewall, I just whitelist the subnet instead of a specific IP.

working great! Thanks @girish

@girish YOU'RE GREAT! Wiregueard working now with Adguard after 8.2.3 Updater

@lilian said in New VPN version: I already have OpenVPN installed on my Cloudron, with clients currently using it. Can I use the entire configuration stored in /app/data/ to migrate my clients seamlessly? Yes, you can just upgrade to the new VPN app. You have to click this manually because it's a major version (it won't auto-ugprade). Don't skip the backup when updating!

Thanks for reporting. . Implemented here - https://git.cloudron.io/packages/vpn-app/-/commit/4a2e9228884620180bbe75ed29f8c0cee421ebd7 . If both are disabled, OpenVPN will be totally disabled.

@necrevistonnezr said in Wireguard not connecting: @Jenova said in Wireguard not connecting: @robi said in Wireguard not connecting: @Jenova said in Wireguard not connecting: adblocking and VPN without needing Adguard How do you not need Adguard? RethinkDB uses Wireguard as a proxy. It also has firewall and Adblocking stuff. It's like Adguard on steroids and it's free. I guess you’re talking about RethinkDNS at https://rethinkdns.com/ (with „paid plans coming soon“)? RethinkDB (https://rethinkdb.com/) is a different software… Haha omg yes RethinkDNS is what I was talking about. Omg sorry they're so similarly named. I feel dumb now. Sorry for hyping you up @robi

Hello people! I have been searching far and wide for a solution to this exact problem, and I couldn't find anything but this 4 years old discussion about a prototype (https://forum.cloudron.io/topic/3667/openvpn-client-with-poll). Any change you would have an ETA for this feature, or a workaround you could recommend?

@girish Looks good, thanks!

Check the network speed with an SFTP connection directly to your server. Upload / download a file from your location to your server. The speed check on our server performed by our hoster was also fine. No surprise - as the speed test software connects to the best available server, which might be connected on a different network than yours. The direct test without VPN showed the same issue - so it was not related to VPN, but to the general connection between my office, homeoffice + other places and our server.

@teamcrw the split tunnel happens because of client side vpn configs. Atleast on linux, I can override this when I set up the connection. [image: 1719991445531-8321cb50-c667-47fc-8745-bd7368a61564-image.png]

@girish I believe so. We were using the "OpenVPN Connect" Mac app on the front-end, which supports this. My understanding is that the Cloudron build of the OpenVPN server would need to be built with the libpam-google-authenticator package, in order to enable a user to enable it from the app-specific terminal (and to configure the server app to require it.) I ended up going a different route (switching to AWS Client VPN) so this is no longer pressing for us, but I do think it would enable a nice security enhancement.

@santabroo I haven't tested but I think if you add duplicate-cn directive in /app/data/openvpn.conf and restart the app, it will support multiple connections on one certificate.

You have to use the ovpn file to connect.

I tried following setup and it works: Install AdGuard Home Install VPN app in same cloudron In VPN app, set DNS to public IP of cloudron (where AdGuard is installed). Connected from linux I can see all DNS requests are going via AdGuard. I can see that in systemctl status systemd-resolved the DNS of tun0 is set correctly.

Ah, I see why. You are referring to OpenVPN AS maybe - https://openvpn.net/vpn-server-resources/limitations-of-an-unlicensed-openvpn-access-server/ ? @santabroo the OpenVPN app on Cloudron is completely different from OpenVPN AS. The OpenVPN UI was initially written by @mehdi, further developed now by the Cloudron team and not feature compatible or comparable with OpenVPN AS.

@santabroo No. VPNs are point-to-point. What you may be wanting is a Tailscale/Headscale type solution that is a VPN mesh concept (not-point to-point).

I continued debugging the issue and fortunately, I finally found the root cause and solution. Turns out the Ubuntu client wasn't updating the DHCP settings automatically, so I added the following lines to the ovpn file: up /etc/openvpn/update-systemd-resolved down /etc/openvpn/update-systemd-resolved And also installed the following dependencies: sudo apt install resolvconf openvpn-systemd-resolved With that, I was able to solve the issue and now all the clients are resolving automatically.