OpenVPN Community Tunnel

An OpenVPN tunnel exists for the community to securely communicate with hosts through potentially compromised networks when SSL is not available or not secure enough. An example use case are events and congresses where public WiFi or even worse a network full of potentially evil users is used.

Basic Data

You have to use a valid and non-revoked CAcert client certificate to authenticate.

Example config

dev tap
remote 443
resolv-retry infinite
proto tcp-client
pkcs12 /etc/openvpn/cacert/client.p12   # This is the file exported from Firefox after generating your client certificate
tls-remote "/"


The tunnel allows you to route any traffic outside, securely encrypted and authenticated using CAcert certificates and masqueraded. Client-to-client communication is prohibited. Furthermore, the gateway provides a DNS recursor probably not spoofed by Mallory at the booth next door.


Obviously, you should make your firewall restrict critical traffic to the tunnel. Even more obviously, noone can overtake responsibility for your traffic ones it leaves the VPN gateway. The VPN only seperates you from the global conference mess.


The tunnel and gateway are provided by community member DominikGeorge as a donation to CAcert. CAcert Inc. has neither explicitly approved of it nor are they responsible.

openVPN/CommunityTunnel (last edited 2011-08-27 15:34:09 by DominikGeorge)