Mullvad.net OpenVPN provider on Openwrt 18.06.2 - setup help

Hello!
Do you guys know a simple easy way to install OpenVPN providers on OpenWRT 18.06.2 ?

This is the second vpn provider i try, and the guides is to old here also :disappointed_relieved:

This is the guide link:

Is "comp_lzo : yes" gone in 18.06.2?

Please see the picture.

Thank you and sorry for asking.

What about luci-app-openvpn import feature?

There's also easy CLI method:
https://openwrt.org/docs/guide-user/services/vpn/openvpn/client

It is not only deprecated, but also has security issues:
https://community.openvpn.net/openvpn/wiki/VORACLE

2 Likes

This feature is not in the 18.x branch - only in snapshots or in forthcoming 19.x.

3 Likes

LZO seems to be on by default in /etc/config/openvpn

	# LZO is compatible with most OpenVPN versions
	option compress lzo

I copied it to section

config openvpn 'mullvad_client'
	option dev 'tun'
	option secret 'shared-secret.key'
	option nobind '1'
	option verb '3'
	option port '1194'
	option client '1'
	option auth_user_pass '/etc/openvpn/userpass.txt'
	list remote 'se.mullvad.net'
	option ca '/etc/luci-uploads/cbid.openvpn.mullvad_client.ca'
	option compress 'lzo'

Though, their guide mentions a list of revoked servers ( crl.pem ), but that files can't be founded in the downloadable config files from their site.

1 Like

Thank you very much mhegab but right now i am testing with NordVPN instead, because mullvad support e-mail is very slow.

Getting help directly from NordVPN "router-support".
Didnt know this was this hard.

Thank you again i hope it will help someone else!
I am very thankful.

1 Like

I have also tried to setup OpenVPN for use with Mullvad. I have OpenWRT 18.06 (https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=bfbdeeb3de3da31f7e5f9bd429e079c2d839644a) installed on a Linksys WRT32X.

*From what I've read elsewhere, the luci-app-openvpn does not work for configuring an openvpn service through luci, you are better using ssh.

*After trying to include the crl.pem file, I contacted Mullvad support and received this response:

Hello

The file is no longer needed since there are no revoked servers with the new certificate.

I have tried many variations on setting up an openvpn service, but most guides do not seem to be current, and even just setting options as specified without worrying about options missing from luci such as comp_lzo, the service fails to ever start.

If anyone has any suggestions for setting up Mullvad to run as a client on OpenWRT without Wireguard, it would be greatly appreciated.

When I tried it, the service obviously had issues, but I could start it if I restart the router. Though, didn't get VPN to work at the end.

https://openwrt.org/docs/guide-user/services/vpn/openvpn/client
Follow the troubleshooting section of the guide if the issue persists.

1 Like

I tried the 3 hour trial and was able to get it to work with this config.

config openvpn 'mullvad'
	option client '1'
	option dev 'tun'
	option proto 'udp'
	option auth_user_pass '/etc/openvpn/userpass.txt'
	option ca '/etc/openvpn/mullvad_ca.crt'
	option resolv_retry 'infinite'
	option mute_replay_warnings '1'
	option nobind '1'
	option persist_key '1'
	option persist_tun '1'
	option remote_cert_tls 'server'
	option compress 'lzo'
	option keepalive '10 120'
	option ifconfig_nowarn '1'
	option log '/tmp/openvpn.log'
	option status '/tmp/openvpn-status.log'
	option verb '3'
	option cipher 'AES-256-CBC'
	option port '1194'
	option fast_io '1'
	option remote 'se.mullvad.net'

2 Likes

@swealpha check this

1 Like

This is great. Thank you spindoctor!

Offtopic:
But since i started this topic, alot have changed :frowning: .
I gave up doing this myself. Found some vpn providers that do the installation for you instead, but thats on dd-wrt.

But dd-wrt dont seem to support failover any good, you guys told me it works in OpenWRT.
I will try to search for a vpn provider that do remote installations on OpenWRT.

Thank you again.

1 Like

You should collect and analyze the information to come to a solution.
The analysis requires you to understand the network stack specifics.
If you have no required skill, provide the diagnostics data so we can help you.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.