Can I do this with OpenWrt?

Hi,
I'm looking for some advice as to whether what I want to do is possible with OpenWRT.

I'm looking to be able to remote VPN in to my home network from remote locations (work, coffee shops etc) and access my NAS and internet through a secure trusted VPN connection.

My home broadband provider's router is bog standard run of the mill and as such does not provide any VPN server features. Instead of buying another router, I'd like to use my OpenWRT router since it is sitting there doing nothing and had might as well use it!!

I assume I'd have to install the OpenWRT router on the LAN side of the broadband router and forward a port so that the VPN server is accessible outside the network???
I guess I'll need two of the OpenWRT ports to pass regular LAN side traffic through from the home network too???

Is this possible and if so, are there any tutorials or guides which can assist in this?

Many thanks

Here's a guide to setting up a wireguard VPN server.

Is there a reason you don't use the openwrt router as your main router and put the ISP router in modem mode? You good use QoS to reduce buffer bloat.

Hi @d687r02j8g,

I contemplated using the OpenWRT as the main router but since it is a relatively low powered device I thought I'd give it as "little" to do as possible :grimacing:

Of course by this, I mean a VPN server isn't too taxing... I'll find out when I get this working!!

I'll take a look at the link and see how I get on.

Thanks

Encryption and decryption can eat CPU cycles like there is no tomorrow... So getting a VPN endpoint operational on an OpenWrt device should be easy, but getting to perform at a specific required speed might require sufficiently beefy CPU(s) in that router.

That said, I use OpenVPN to access my network/router from remote sites, but mostly for configuration or information retrieval* not bulk transfers and so far it was always fast enough, but my requirements are really low... (low enough actually that I not have yet bothered to switch from OpenVPN to the more modern Wireguard, since getting OpenVPN up and running was really really simple).

If you want to stick to use a different primary router you need to make sure to configure the correct port forwards and/or traffic rules.

*) I tend to remote control local machines, vie mosh, ssh or x2go instead of "mounting" shares over the VPN as filesystem operations tend to be sensitive to delay/RTT and work not that great over a VPN even if the act of filesystem sharing itself works robustly and reliably.

Depending on your internet speed / router, it could be better than your ISP router!

Your upload speed will determine how well your VPN will cope with working with files from your NAS. I'm the same as moeller0, I connect to my network and remote to a machine.

I also use wake on lan so the machine is only on when required.

I have OpenWrt based VPN endpoints that sit behind another router at my own home, my dad's house, and my in-laws'. It's pretty easy to configure -- as long as you have a public IP address (IPv4 and/or IPv6) and can port-forward from your ISP's router to the OpenWrt device.

I also recommend WireGuard as it is lightweight and very fast. It's also much easier to setup than OpenVPN and it has the advantage of being 'stealth' for port scanner bots and such since it only responds to connections that have the proper cryptographic keys.

1 Like

or he can use tailscale or zero-tier if behind a CG-NAT.