Choosing the Right VPN for OpenIndiana

OpenIndiana, the Illumos-based descendant of OpenSolaris, attracts sysadmins, seasoned power users and those who appreciate the stability of ZFS, DTrace and zones. It uses the pkg package manager, the SMF (Service Management Facility) init system and most community-supported desktops run MATE or GNOME. Security-conscious folks on this platform often look for a VPN solution that integrates cleanly into SMF, plays well with ZFS snapshots and complements the built-in network stack.

Not every VPN vendor provides a native Illumos client, so the best candidates are those that supply easy-to-use OpenVPN configuration bundles (or cross-platform binaries) and avoid deep integration only available on Debian/Ubuntu. Here are the top picks:

• Mullvad VPN – rock-solid OpenVPN configs plus WireGuard bundles you can adapt.
• Proton VPN – provides pre-built OpenVPN profiles and detailed guides for non-Debian distros.
• IVPN – straightforward OpenVPN support and excellent privacy stance.

Comparison of VPN Providers on OpenIndiana

Preparing OpenIndiana for VPN Installation

• Ensure you have a working network environment under SMF (svc:/network/physical online).
• Install the OpenVPN package:

pfexec pkg install network/openvpn

• Verify TUN/TAP driver is loaded:

kstat -m genunix  grep tun

If the TUN device is missing, load it:

pfexec modload usr/lib/drv/tun

1. Installing and Configuring Mullvad VPN

Step 1: Download Configuration Bundles

Log into your Mullvad account on Mullvad’s website and download the “Linux bundle” (ZIP). Transfer it to your OpenIndiana machine.

unzip mullvad_configs_linux.zip -d /etc/openvpn/mullvad

Step 2: Tweak OpenVPN Settings

Inside /etc/openvpn/mullvad, choose a server file (e.g. us-losangeles.ovpn) and edit:

pfexec vi /etc/openvpn/mullvad/us-losangeles.ovpn
# Add or confirm:
# redirect-gateway def1
# block-outside-dns (for IPv6 leak protection adjust)

Step 3: Running via SMF

Create a minimal SMF manifest mullvad.xml in /var/svc/manifest/network:

  
    
    
    
      
    
    
      
      
        /usr/sbin/openvpn
        --config
        /etc/openvpn/mullvad/us-losangeles.ovpn
      
    
    
      
        pkill-fopenvpn.us-losangeles.ovpn
      
    
    
      
    
  

Import and enable:

pfexec svccfg import /var/svc/manifest/network/mullvad.xml
pfexec svcadm enable network/openvpn:mullvad
pfexec svcs -l network/openvpn:mullvad

2. Installing and Configuring Proton VPN

Step 1: Fetch OpenVPN Profiles

From your Proton VPN dashboard, download the OpenVPN ZIP (UDP or TCP) for “all servers”.

unzip protonvpn_configs.zip -d /etc/openvpn/protonvpn

Step 2: Select and Edit a Profile

cp /etc/openvpn/protonvpn/US-FREE-01.ovpn /etc/openvpn/protonvpn/default.ovpn
pfexec vi /etc/openvpn/protonvpn/default.ovpn
# confirm:
# auth-user-pass userpass.txt
# redirect-gateway def1
# tun-mtu 1500

Create userpass.txt with your Proton VPN credentials:

echo your_username > /etc/openvpn/protonvpn/userpass.txt
echo your_password >> /etc/openvpn/protonvpn/userpass.txt
chmod 600 /etc/openvpn/protonvpn/userpass.txt

Step 3: Manual Launch or SMF

To test:

pfexec openvpn --config /etc/openvpn/protonvpn/default.ovpn

For SMF, follow a similar manifest as above, changing paths to /etc/openvpn/protonvpn/default.ovpn.

Best Practices Tips

• Always block IPv6 at the SMF or zone level if your provider doesn’t support it.
• Use ZFS snapshots before altering any network/SMF manifests.
• Keep your /etc/openvpn directory under version control (e.g. a private Git repo tree on a separate pool).
• Test reconnection scripts with restart_on=error in your SMF manifest.

With these steps, you’ll have a robust VPN setup on OpenIndiana that integrates seamlessly with SMF and the platform’s trusted tooling.