Help with setting up own OpenVPN Server

Hello community,

For easier reading i am breaking down my post to: a) what i want to achieve and; b) what i've tried already

I have a D-Link router running latest Openwrt, sitting behind another router that provides the WAN. I've already setup DDNS successfully - it's up and running on d-link.

I've installed OpenVPN easy RSA, luci app openvpn, and openvpn openssl.

A) Goal
Create my own OpenVPN server sitting on the D-Link router using the ddns hostname i've already configured so i can access my local WAN IP throughout my devices when i am traveling abroad.

So i want to create client openvpn configuration files, which i will import to the app and connect to the router when abroad.

B) Attempts

I know a lot of you will tell me to go through CLI (i tried this guide, but failed miserably as i cannot even import the profile on openvpn on MacBook - getting a weird error "option_error: option 'pardtx560tx1120tx1680tx...' is too long").

So i tried through the GUI version (luci) - i configured the parameters such as server ( etc.; however, no matter how i configure the wizard, the server never starts on the router.

Would really appreciate it if someone can guide me step by step.


Can you see an error in syslog?

Have you configured this (WAN) router to redirect UDP port 1194 form WAN to D-LINK-IP-Address to UDP port 1194?

1 Like

What version of OpenWrt are you using?

Are you using this Openvpn client for macos?

Have you tried the equivalent openvpn client for IOS and/or android?

1 Like

Yes, tons of.. i think it's not configured correctly. and i start noticing that luci is no better than CLI in terms of compexity :confused:

yes, i am forwarding the 1194 port (TCP/UDP) from WAN to D-link

i am still trying to understand the steps required based on the guides i've found; it's very confusing. i don't mind trying CLI again, but need to understand what to watch out based on the scenario i described above.

OpenWrt 22.03.0-rc6 r19590-042d558536 / LuCI openwrt-22.03 branch git-22.213.35949-d09fbe0


No because it seems something did not get configured properly. based on the guide i followed, i think the DDNS was not configured properly on openvpn. the instructions are not very clear on how to this.

Check it with ping. You must see your actual IP.

no i mean in the OpenVPN server configuration. The DDNS resolves fine, took me a while to set it up correctly. the openvpn guides give instructions only on how to set up the server on the main router; not on a router sitting behind the WAN.

i will try again with this guide. any idea how do i configure the server to listen to the ddns ip?

. /lib/functions/
network_find_wan NET_IF
network_get_ipaddr NET_ADDR "${NET_IF}"
OVPN_SERV="${NET_ADDR}" // ***i guess i need to put ddns server here?***
# Fetch FQDN from DDNS client ***//what about this parameter?***
NET_FQDN="$(uci -q get ddns.@service[0].lookup_host)"
if [ -n "${NET_FQDN}" ]

I had an OpenVPN server running on my OpenWRT WR842N a time ago and I could connect to it with IOS OpenVPN and with an DIR-505 with OpenWRT and OpenVPN client configured. I remember that I had a lot of trouble, but finally it worked fine.
But this year I lost my WR842N, and had no time to configura an DIR-860 I'm using now.
What I can say, is that the /var/log/openvpn.log helped me a lot.

i have a DIR-853, and am completely new to OpenWrt so you can imagine the frustration.. at least now i know it's not easy, but doable

ok, managed to run the server with these settings:

user nobody
group nogroup
dev tun
port 1194
proto udp
topology subnet
keepalive 10 60
push "dhcp-option DNS"
push "dhcp-option DOMAIN lan"
push "redirect-gateway def1"
push "persist-tun"
push "persist-key"

how do i "link" the server to the ddns hostname?

I'll will try to help you a little.
I'm going to follow a script I wrote at the time
First of all, have you created the certificates?

Thank you. Yes, first with this guide and then with this guide i tried to make the configuration visible to luci.

however, i cannot import the client.ovpn file neither on my mac or my iphone due to the error i mentioned in my second post.

so i would appreciate it if you can guide me a bit on the certificate generation as well

That's not how it works. DDNS is separate from OpenVPN. DDNS is a way for the client(s) to find your house by name instead of by IP number, which may get changed by the ISP (thus the dynamic part).

The IP that is registered with DDNS must be the same as the WAN IP of your main router. Then that router is configured to forward port 1194 UDP from its WAN to your OpenVPN server on the LAN.

The network is the tunnel network of user's packets that are decrypted. It exists only at the tunnel endpoints. It doesn't have anything to do with transport of encrypted packets through the Internet.

Thanks, mk24. a little clearer now.

on the WAN router, i am forwarding 1194 TCP/UDP to the OpenWrt router IP ( Do i need to forward it to the network? If so, how do i do that?

No, you do not need to forward network. (see PM)

fwiw, I presume you have edited client.ovpn file and specified your DDNS hostname within it.

remote mydns 1194 udp

fwiw, Openvpn 21.02 server guide I wrote for HH5a last December 2021 based on owrt wiki cli instructions at the time for openvpn server for 21.02.

The guide includes useful information and tips omitted from the owrt wiki page which may be helpful to beginners.

1 Like

Where are certificates, and keys? is INTRINSIC LAN, there is no need to configure anything like DNS.


I used my guide and by copy and pasting the current (Aug 2022) cli instructions from

for '1 - Preparation' through to '4 - VPN service'

I can confirm the cli instructions are valid for OpenWrt 22.03.0-rc6 on my Xiaomi 4A gigabit (MT7621) router.


thank you bill all your help and for providing the guide and confirming on your end as well. i managed to make it work by using your guide.

regarding not being able to import the profile to openvpn connect, i was copying the config file directly from CLI instead of downloading it.. seems this was the issue.

thank you everyone else in the thread for your support and guidance

1 Like

@apn3agr, are you sure that DDNS is pointing to your IP address? I like to resolve the things by part. Without DDNS it will not function.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.