This FAQ is a work in progress. If you have questions for the FAQ, please send them to the
eurephia mailing list:
How do you pronounce eurephia?
Like in English. [juri:fia] would probably be the closest. 'eu' makes the [ju] sound (like
in 'you' or 'eu' in 'Europe') and 'ph' becomes [f] (like in 'Phillip')
Why was this this plug-in written? What's the purpose?
To enhance the security on OpenVPN connections even more. To make the access more
fine-grained and get to better control over each user which has an access. Without this plug-in,
you can only limit user access by either scratching all certificates, or by using CRL (Certificate
Revocation List) in OpenVPN. With this plug-in, you can more easily and quickly disable or enable
accounts on the fly. With eurephia you can also be sure that the VPN user will authenticate
her-/himself with a secure password.
The SSL keys OpenVPN users must have, do not provide a good regime for controlling that passwords
do exists or that the password complexity is good enough. This is because the password is for
opening the SSL keys are locally stored and managed on the client. The server is never involved
on password change for SSL keys.
With the eurephia plug-in, the user must also use a user name and a password, both which is managed
on the OpenVPN server side. When the user wants to change the login password, this must be done
against the password change application on the server. In such a regime, you can easily make sure
that empty passwords or too simple passwords are not used.
Other reasons to use eurephia, is of course that IP addresses, certificates and user accounts will
be blocked automatically if too many failed attempts are registered. In addition, you will also
be able to have per-user firewall rules, to limit each users network access over the VPN connection.
What is the system requirements?
This plug-in is heavily tested on Linux and there are some reports that it seems to work on
FreeBSD. It should work on other platforms as well. If it compiles, it most probably will
work. What will not work out-of-the-box on other platforms is firewall updates, since
eurephia now only includes an interface for iptables.
What about Microsoft Windows? Is that platform supported?
As the question above, it is not tested. But if you manage to compile it, it might work quite well.
But remember, firewall suport will not work without writing a new firewall implementation. However,
Windows clients will work, as long as they are configured with --auth-user-pass
Is eurephia ready for production servers?
Yes! The developer have used eurephia many years now on several production servers. eurephia
is considered to be mature by now. And if any bugs are discovered, they will get high attention
instantly and a new release will go out as soon as it has been tested.
OpenVPN and eurephia relations
Why are there OpenVPN patches and also patched version of OpenVPN for download here?
Until OpenVPN v2.2, it did not send over one important information via the plug-in interface,
the SHA1 fingerprint (digest) of the certificate being used. This is needed to match a unique
certificate up against a specific user account in eurephia. Anyhow, those days where you needed
to patch OpenVPN are gone. Since OpenVPN v2.2 arrived, complete eurephia support has been
available in the upstream version.
What do I need to configure eurephia?
You need to install eurephia on your OpenVPN server. The OpenVPN configuration file needs to
extended with the 'plugin' and option. You also need to setup some configuration parameters in
the database which eurephia will use. For more info, have a look at the wiki pages
Do I need to do any client changes?
You will need to add the 'auth-user-pass' option in the OpenVPN client configuration. For more info,
have a look at the wiki pages
Getting help and helping out
I have some troubles, where do I get help?
Check mailing lists and bug tracker on sourceforge.net. If you cannot find your answer here,
please send an email to the mailing list:
You can also reach the developer of eurephia on IRC, go to #eurephia, #openvpn or #openvpn-devel
on FreeNode and look for dazo.
I've found a bug! How do I report it?
Great! First, check the bug tracker if this is reported already or not. If you can't find it,
please report it here!
May I contribute?
Yes, please! Any contribution will be very much appreciated! Write patches, write new modules,
help write documentation, package it for your favourite OS, or whatever else. Even graphic work
will be appreciated. If you want to help out with the source code, please pull down the latest
source code via git and let git produce the patch files. Please make sure you have
checked out the right branch for the release if you are fixing bugs.
eurephia source code, source code control (SCM)
Which source control management is used?
How do I get the source code from git?
$> git clone git://eurephia.git.sourceforge.net/gitroot/eurephia/eurephia.git
By calling this command, you will download the latest development source tree. When you have
a cloned git tree locally, you can call the following command to update the source tree with
the latests versions available
$> git fetch
This will download changes to the origin branches in git. To merge them with your local
branches, you need to call
$> git merge origin/master
For more information about merging and working with remote branches, please have a look on
the official documentation. It will provide you with much better information.
How do I get the source code for version x.y
All versions of eurephia are tagged. You need to checkout a tag to get the correct version.
Use this command to list all available tags
$> git tag -l
To checkout a specific release to a local working branch, use the following command:
$> git checkout -b <release name> <tag name>
How can I send you patches?
Can I commit to the tree?
Yes, you can commit to your own local tree, and this is very fine! Please do local commits!
But you cannot commit to the remote tree. If you do local commits, they can easily be
"converted" to patches which can be sent to David Sommerseth <>
To produce good patches quickly and easily, use the following command:
$> git format-patch -s <commitish>
Please give your commits a good commit message, not just a one-liner. It will help implementing
your patches more quickly when it is easier to understand what your patch does. If we do not
understand what you try to solve, your patch will be sent back to you for further enhancements.
Where can I find git help?