How to Setup OpenVPN on OpenWRT routers : VanishedVPN

The following is an example of working config kindly provided by a member of the VanishedVPN community.

In this example config is applied via command line. You should be reasonably tech savvy to be able to complete this, and leave yourself 30 mins > 1 hour to configure and test.

Using the Web interface enable NTP and set the timezone, ensure the time on the device is correct.
Log into the router using SSH.
Install OpenVPN

opkg update
opkg install openvpn-openssl openvpn-easy-rsa luci-app-openvpn openssh-sftp-server

Verify the packages/programs wget, scp and kmod-tun are installed, OpenVPN relies on the tun kernel module being installed - In theory opkg should have installed these dependencies.
Move the /etc/easy-rsa directory to somewhere else, in case you do an upgrade and overwrite your files.

mkdir /etc/config/openvpn-config
mv /etc/easy-rsa/* /etc/config/openvpn-config/
rm -rf /etc/easy-rsa/
ln -s /etc/config/openvpn-config/ /etc/easy-rsa
rm /etc/config/openvpn_recipes
touch /etc/config/openvpn-config/client.ovpn

Create a password file in /etc/openvpn eg usa.txt
Put the username and password on two separate lines in the text file
Edit the ovpn file from Vanished
Add the password filename to the auth-user-pass line, e.g.:
```
auth-user-pass usa.txt
```

cp usa.ovpn /etc/openvpn
chmod 400 /etc/openvpn/1300WebProDC.txt

Create a tun interface for OpenVPN to use

cat >> /etc/config/network << EOF
config interface ‘Vanished_VPN'
    option proto 'none'
    option ifname 'tun0'
EOF

In the web interface add the tunnel interfaces (Tun0) to the Wan Zone

Then Select WAN for the Zone

Save and Exit
Go to System->Startup
In the system startup command put

openvpn --cd /etc/openvpn --config /etc/openvpn/usa.ovpn

Save and exit
Reboot the router

——
Here is copies of some of our configs:
/etc/openvpn/usa.ovpn ——

client

nobind

dev tun1

comp-lzo no

auth-user-pass usa.txt

resolv-retry infinite

persist-key

persist-tun

reneg-sec 0

verb 3

proto udp

tun-mtu 1200

remote usa.vanishedvpn.com 1194 udp

route-nopull

script-security 2

up /etc/openvpn/usa-up.sh

<ca>

-----BEGIN CERTIFICATE-----

MIIDNTCCAh2gAwIBAgIJAMQa+rPdk6lHMA0GCSqGSIb3DQEBCwUAMBYxFDASBgNV

BAMMC1ZhbmlzaGVkVlBOMB4XDTE2MTAyNzA3NTQwN1oXDTI2MTAyNTA3NTQwN1ow

FjEUMBIGA1UEAwwLVmFuaXNoZWRWUE4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw

ggEKAoIBAQCarKifraPvg94Bfiy5EcHYnpAG6sUwvf4nH9YXQXXaNjz3uqRI+Pzs

03Z94ApLkzZm0jC1SyFbY6JxbqF5N87nw7PuWumamwr0VIOiu5ZeDgRMuxu5QK+c

w8AzrmZruPMdWIxUl5I9akC0Aucm1AcK0P3Ksd1VHWzox/ixJz42zJ0sTeIHjarp

IHsczCWc4VFk2K1D43F/HG9IXGusumwbOvY1HMQ/2qgN2q3FIuS9imLv0etApqMp

C4tDPQC5YWQSMhr0N2zjB5gsIgac5v+OIIr5VwLBTnmXYmCMfxG6E4TDQX3axc1x

Y0vB0w3r74u38iz2MNLF7xfH+/DY3N1fAgMBAAGjgYUwgYIwHQYDVR0OBBYEFJxs

VLWgp+toUyDtYNU9fmgyXyOEMEYGA1UdIwQ/MD2AFJxsVLWgp+toUyDtYNU9fmgy

XyOEoRqkGDAWMRQwEgYDVQQDDAtWYW5pc2hlZFZQToIJAMQa+rPdk6lHMAwGA1Ud

EwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQCJUHg1wrH2

X9AQGed2MJe02TKG3qnYQlHpAo0TnveyEBr0eEP5wsI4YvrMSw+NJL4jq/KYXmPJ

DARTJjDKRx/GxLm51AQRZJSFWQ00QxQ3mXskPZOsWN6pv13EUvxUdJ3f8N4kEIDA

rQ/+ssSxJuyFKIOp2Lyhc22oGfhwYp8CXbFkNRCCyQNk+MuKlZP8wFV46lewDysN

mh8lKCdHihyT6bdsOPG0jKQCB/y3jNBoscdpEHOdkQYFlW6Hd8xixP0e5yejVJXz

K9WyBPQXrswv0/3Blbv/BCFpIN5ObGnfLx2qO3S27uzNfVjWCTaWH85LkksiiTBY

1GmsvVD/8aCt

-----END CERTIFICATE-----

——

/etc/config/network

——

config interface 'Vanished_USA'

option proto 'none'

option ifname 'tun1'

option defaultroute '0'

option mtu '1200'

——

Our startup script:

——

#!/bin/ash

logger "OVPN: ifconfig_remote = $ifconfig_remote"

logger "OVPN: ifconfig_local = $ifconfig_local"

logger "OVPN: trusted_ip = $trusted_ip"

table=100

rule="rule add from 10.1.2.0/24 priority 10 table $table"

route="route add 10.1.2.0/24 dev $dev table $table"

route2="route add default via $ifconfig_local dev $dev table $table"

logger "OVPN: ip $route"

logger "OVPN: ip $route2"

logger "OVPN: ip $rule"

ip $rule

ip $route

ip $route2

iptable1="-I FORWARD -o $dev -j ACCEPT"

iptable2="-t nat -I POSTROUTING -o $dev -j MASQUERADE"

iptable3="-I FORWARD -i br-vanished -o eth0 -j ACCEPT"

logger "OVPN: iptables $iptable1"

logger "OVPN: iptables $iptable2"

logger "OVPN: iptables $iptable3"

iptables $iptable1

iptables $iptable2

iptables $iptable3

flush="route flush cache"

logger "OVPN: ip $flush"

ip $flush

——

VanishedVPN

How can we help you today?

How to Setup OpenVPN on OpenWRT routers Print

How can we help you today?

How to Setup OpenVPN on OpenWRT routers Print

Related Articles