This guide is a bit poorly written with no comments: https://openwrt.org/docs/guide-user/services/vpn/openvpn/client
Can you please rewrite this? Lines like "Save your client profile and configure VPN service." make no sense to a new user.
Is there a better step-by-step guide on how to use router as client?
While we're at it, is there a better guide on how to use router as OpenVPN Server?
Regards,
You don't really need to follow the command-line instruction.
There's a more suitable version for most users that relies on web interface:
Note that the CLI instruction is not a guide, but a how-to.
The initial setup is intentionally minimalistic for better modularity.
So that it can be extended on demand using the extras how-to.
What comments would you expect to be present in order to make it more userfriendly?
I need some help with the server guide too: https://openwrt.org/docs/guide-user/services/vpn/openvpn/server
It's not clear if I should copy and paste those commands in the CLI or put them in a script and run it on the router. Can the guide be more explicit on how to do this?
Copying blocks of the code direct into the command line work with some commands but not others.
Actually, both ways should work, otherwise you can try another terminal emulator.
Creating a script might also be helpful if you want to customize it or achieve a reproducible result.
In addition, there's an automated method that basically relies on a script:
https://openwrt.org/docs/guide-user/services/vpn/openvpn/extras#automated
Thanks, I used the automated method which worked great.
However (not to hijack this thread), I'm running into these errors after trying to start the server:
This is on the latest stable release, Linksys WRT32X, OpenWrt 19.07.6 r11278-8055e38794
Thu Feb 11 16:51:11 2021 daemon.notice openvpn(test)[10757]: OpenVPN 2.4.7 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Thu Feb 11 16:51:11 2021 daemon.notice openvpn(test)[10757]: library versions: OpenSSL 1.1.1i 8 Dec 2020, LZO 2.10
Thu Feb 11 16:51:11 2021 daemon.notice openvpn(test)[10757]: TUN/TAP device tun1 opened
Thu Feb 11 16:51:11 2021 daemon.notice openvpn(test)[10757]: /sbin/ifconfig tun1 192.168.8.1 netmask 255.255.255.0 mtu 1500 broadcast 192.168.8.255
Thu Feb 11 16:51:11 2021 daemon.warn openvpn(test)[10757]: Could not determine IPv4/IPv6 protocol. Using AF_INET
Thu Feb 11 16:51:11 2021 daemon.err openvpn(test)[10757]: TCP/UDP: Socket bind failed on local address [AF_INET][undef]:1194: Address in use (errno=98)
Thu Feb 11 16:51:11 2021 daemon.notice openvpn(test)[10757]: Exiting due to fatal error
Thu Feb 11 16:51:11 2021 daemon.notice openvpn(test)[10757]: /sbin/ifconfig tun1 0.0.0.0
Thu Feb 11 16:51:16 2021 daemon.notice openvpn(test)[10908]: OpenVPN 2.4.7 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Thu Feb 11 16:51:16 2021 daemon.notice openvpn(test)[10908]: library versions: OpenSSL 1.1.1i 8 Dec 2020, LZO 2.10
Thu Feb 11 16:51:16 2021 daemon.notice openvpn(test)[10908]: TUN/TAP device tun1 opened
Thu Feb 11 16:51:16 2021 daemon.notice openvpn(test)[10908]: /sbin/ifconfig tun1 192.168.8.1 netmask 255.255.255.0 mtu 1500 broadcast 192.168.8.255
Thu Feb 11 16:51:16 2021 daemon.warn openvpn(test)[10908]: Could not determine IPv4/IPv6 protocol. Using AF_INET
Thu Feb 11 16:51:16 2021 daemon.err openvpn(test)[10908]: TCP/UDP: Socket bind failed on local address [AF_INET][undef]:1194: Address in use (errno=98)
Thu Feb 11 16:51:16 2021 daemon.notice openvpn(test)[10908]: Exiting due to fatal error
This means you are likely running more than one server instance.
If you don't need multiple instances, keep only one server config and remove the others.
Restart the router if the issue persists.
Yes. I imported the server.conf (after renaming to server.ovpn since the webgui wouldn't let me import server.conf). I think that was the error.
Anyway, I reset the router and started from scratch using your batch script. I installed luci-openvpn so I could "see" the configuration, however "custom_config" is blank and nothing else shows up as enabled and running. This seems wrong?
Either delete the extra server or edit it and uncheck the enable box.
I'd like to see explanations for all comments, and clear requirements maybe with an example OpenVPN server configuration.
Lines like "Save your client profile and configure VPN service." make no sense to a new user. A new user thinks where exactly should I run this from? Where should I configure clients? What server config do I need and so on.
Try to read from beginning of the page:
And follow the links.
