Connection of Surfshark VPN

Hello All,
I am newbie here and not professional in Networks.I am using OpenWrt on Fritz 7312 as WiFi Router.
Currently I am trying to install VPN on this to make it VPN enabled router. Objective is to make network for IPTV. I have already subscription of Surfshark which I want to use.
On OpenWrt, I am using Luci. Using which I have already downloaded & installed open VPN package. I have also .ovpn file. Using "OVPN configuration file upload" (under OpenVPN in Luci) I uploaded files in Luci. I see those files at /etc/openvpn (when I use ssh). After import, I also see VPN profiles under list of configured OpenVPN instances. However, when I click "start", nothing happens. VPN connection is not getting started.

So, I am following this link. After execution of steps 1& 2B, I am failing at step 3.

My installed packages are,

root@OpenWrt:~# opkg list | grep openvpn
luci-app-openvpn - git-20.053.76840-087e6ac-1
openvpn-easy-rsa - 3.0.4-1
openvpn-mbedtls - 2.4.7-2
openvpn-openssl - 2.4.7-2

Can someone guide me what I may be doing wrong ? Any step by step guideline which is based on Luci, would be also great help..

Many thanks.

Have you added the path to any created credentials file to your uploaded ovpn file using LuCI?

auth-user-pass /etc/config/vpninstance.auth

Can I suggest you study this alternative LuCI guide v1.2 to setting up openvpn client mentioned in the wiki link you quoted?

Fritzbox 7312 appears to be powered by a 398 MHz ARX188 Lantiq SoC. Don't expect more than 7-8 Mbps maximum throughput with openvpn.

1 Like

I think, you don't need openvpn-easy-rsa, and you need only one openvpn. Start with openvpn-openssl.
As @bill888 have said, do you have string containg 'auth-user-pass' in your config file for OpenVPN?

Yes, I have file as mentioned by @bill888

auth-user-pass /etc/openvpn/surfsharkvpn.auth

Additionally, I also tuned my installed packages.

root@OpenWrt:~# opkg list-installed | grep vpn
luci-app-openvpn - git-20.053.76840-087e6ac-1
openvpn-openssl - 2.4.7-2

I followed the guide mentioned by @bill888 (must admit it is very very good document. After long time I am seeing such a good document).
But even after all this, result is still the same. When I click "start", nothing changes. Page refreshed and VPN is still not started and status remains to "no".

See my guide, and use it with corresponding modifications, specific for your provider:

Login to router by SSH, run following commands, and see result:

/etc/init.d/openvpn restart
logread -f


I find it does NOT work by just clicking on 'Start' button.

Can you tick the 'Enabled' check box and press 'Save & Apply' button for your vpn instance as shown below:

If there is a problem starting the vpn instance, post the contents of LuCI -> Status -> System Log

So, that makes the trick. Now I could see that its getting connected.
However, when I try to check if tunnelling is working, it does not. As I am using Fritz 7312, which is having only one LAN, it connects to my router via LAN1 and broadcasts WiFi with new SSID. In this, I get my IP address from my main router and not from 7312.
If I am correct, to make VPN working I must get the IP address from 7312 where VPN is working. According to document (1.2), I did then different IP address for LAN and WAN, and force the changes. But now I lost access to my Luci / ssh :frowning:

If your 7312 is your ISP facing router connecting to ADSL broadband connection, then VPN would work. The ADSL WAN port connects to your ISP.

Yes, the 7312 must issue a new IP address to connected device to use the VPN tunnel.

But as your 7312 does not have separate WAN and LAN ethernet ports, there is no ethernet WAN port on 7312 to connect to LAN port of your external ISP router.

It may be possible to reconfigure the single ethernet port on the 7312 to become new WAN port but that is beyond to scope of my PDF guide and openwrt openvpn luci wiki page. (Same problem experienced by Raspberry Pi device with single ethernet port - I don't think anyone has succeeded using it for openvpn client)

To regain access to the 7312, have you tried unplugging 7312 from your ISP router, and then use a computer to access the 7312 LAN IP address (eg. ? You may have to configure a static IP address on the computer (eg.

Alternatively, factory reset will clear all openwrt settings.
ie. turn on router for 1-2 minutes. Press and hold Reset button for 10 seconds to force reset.

I guess it is started to make me things clear. Due to single Ethernet port, I must use 7312 as WiFi repeater mode. Having said that, inbuilt DHCP must be disabled. Which automatically makes it impossible to use VPN in there. I need to insert another DHCP enabled switch which will run OpenVPN and then on VLAN connect this (7312) router.

Another question:
if I use another 4 port DHCP enabled switch (ex. Asus RT-AC51U) under my main fritz router, then on I could route all connections from 1 port to VPN tunnel (using VLAN) and other 3 ports to normal connection...
So in very dirty diagram below, all connections on red port shall be routed through VPN...
Or is my understanding wrong...

fyi, RT-AC51u can run openwrt and has separate WAN and LAN ethernet ports, if you wish to wire its WAN port to spare LAN port of your unidentified main ISP router. (580 MHz Mediatek SoC capable of 12 Mbps approx. openvpn speeds). This would be far better than using slower single port Fritz 7312.

Internet -- ISP router -- RT-AC51u (openvpn)

Update: RT-AC51u also supports openvpn client & server with Asus OEM firmware.

Thanks... It was really my failure. I didn't RTFM. And manual was clear to have different IP addresses between LAN & WAN. However, as I was using my AP since long in dump AP mode, I missed / overlooked this step.
As the access was blocked, I had to reinstall everything. And there I noticed this. Separating both resolved the issue, and now working every thing !!!!!

Thanks again for nice manual.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.