Hello All,
I am newbie here and not professional in Networks.I am using OpenWrt on Fritz 7312 as WiFi Router.
Currently I am trying to install VPN on this to make it VPN enabled router. Objective is to make network for IPTV. I have already subscription of Surfshark which I want to use.
On OpenWrt, I am using Luci. Using which I have already downloaded & installed open VPN package. I have also .ovpn file. Using "OVPN configuration file upload" (under OpenVPN in Luci) I uploaded files in Luci. I see those files at /etc/openvpn (when I use ssh). After import, I also see VPN profiles under list of configured OpenVPN instances. However, when I click "start", nothing happens. VPN connection is not getting started.
So, I am following this link. After execution of steps 1& 2B, I am failing at step 3.
I think, you don't need openvpn-easy-rsa, and you need only one openvpn. Start with openvpn-openssl.
As @bill888 have said, do you have string containg 'auth-user-pass' in your config file for OpenVPN?
I followed the guide mentioned by @bill888 (must admit it is very very good document. After long time I am seeing such a good document).
But even after all this, result is still the same. When I click "start", nothing changes. Page refreshed and VPN is still not started and status remains to "no".
So, that makes the trick. Now I could see that its getting connected.
However, when I try to check if tunnelling is working, it does not. As I am using Fritz 7312, which is having only one LAN, it connects to my router via LAN1 and broadcasts WiFi with new SSID. In this, I get my IP address from my main router and not from 7312.
If I am correct, to make VPN working I must get the IP address from 7312 where VPN is working. According to document (1.2), I did then different IP address for LAN and WAN, and force the changes. But now I lost access to my Luci / ssh
If your 7312 is your ISP facing router connecting to ADSL broadband connection, then VPN would work. The ADSL WAN port connects to your ISP.
Yes, the 7312 must issue a new IP address to connected device to use the VPN tunnel.
But as your 7312 does not have separate WAN and LAN ethernet ports, there is no ethernet WAN port on 7312 to connect to LAN port of your external ISP router.
It may be possible to reconfigure the single ethernet port on the 7312 to become new WAN port but that is beyond to scope of my PDF guide and openwrt openvpn luci wiki page. (Same problem experienced by Raspberry Pi device with single ethernet port - I don't think anyone has succeeded using it for openvpn client)
To regain access to the 7312, have you tried unplugging 7312 from your ISP router, and then use a computer to access the 7312 LAN IP address (eg. 192.168.111.1) ? You may have to configure a static IP address on the computer (eg. 192.168.111.2)
I guess it is started to make me things clear. Due to single Ethernet port, I must use 7312 as WiFi repeater mode. Having said that, inbuilt DHCP must be disabled. Which automatically makes it impossible to use VPN in there. I need to insert another DHCP enabled switch which will run OpenVPN and then on VLAN connect this (7312) router.
Another question:
if I use another 4 port DHCP enabled switch (ex. Asus RT-AC51U) under my main fritz router, then on I could route all connections from 1 port to VPN tunnel (using VLAN) and other 3 ports to normal connection...
So in very dirty diagram below, all connections on red port shall be routed through VPN...
Or is my understanding wrong...
fyi, RT-AC51u can run openwrt and has separate WAN and LAN ethernet ports, if you wish to wire its WAN port to spare LAN port of your unidentified main ISP router. (580 MHz Mediatek SoC capable of 12 Mbps approx. openvpn speeds). This would be far better than using slower single port Fritz 7312.
Thanks... It was really my failure. I didn't RTFM. And manual was clear to have different IP addresses between LAN & WAN. However, as I was using my AP since long in dump AP mode, I missed / overlooked this step.
As the access was blocked, I had to reinstall everything. And there I noticed this. Separating both resolved the issue, and now working every thing !!!!!
