Need help setting up OpenVPN server on OpenWRT

Hi. I've been struggling for a couple weeks.

I'm trying to set up a multi-client VPN on an edge router running the latest OpenWRT. So far, with no success.

What I want is to use OpenWRT as the firewall/router, and allow remote users to VPN into the LAN.

My last attempt I used LUCI, went to VPN -> OpenVPN. I selected "server configuration for a routed multi-client VPN".

I edited the template and changed the "server" address to be my LAN (10.1.10.0 255.255.255.0), and pointed 'ca', 'dh', 'cert' and 'key' to the appropriate files.

However, when I start (or reboot), I get:

Sun Apr 4 09:48:14 2021 daemon.notice openvpn(XXXX)[4998]: OpenVPN 2.4.7 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Sun Apr 4 09:48:14 2021 daemon.notice openvpn(XXXX)[4998]: library versions: OpenSSL 1.1.1i 8 Dec 2020, LZO 2.10
Sun Apr 4 09:48:14 2021 daemon.notice openvpn(XXXX)[4998]: Diffie-Hellman initialized with 2048 bit key
Sun Apr 4 09:48:14 2021 daemon.notice openvpn(XXXX)[4998]: TUN/TAP device tun1 opened
Sun Apr 4 09:48:14 2021 daemon.notice openvpn(XXXX)[4998]: TUN/TAP TX queue length set to 100
Sun Apr 4 09:48:14 2021 daemon.notice openvpn(XXXX)[4998]: /sbin/ifconfig tun1 10.1.10.1 pointopoint 10.1.10.2 mtu 1500
Sun Apr 4 09:48:14 2021 daemon.warn dnsmasq[2633]: failed to create listening socket for 10.1.10.1: Address not available
Sun Apr 4 09:48:14 2021 daemon.warn dnsmasq[2633]: failed to create listening socket for 10.1.10.1: Address not available
Sun Apr 4 09:48:14 2021 daemon.notice openvpn(XXXX)[4998]: /sbin/route add -net 10.1.10.0 netmask 255.255.255.0 gw 10.1.10.2
Sun Apr 4 09:48:14 2021 daemon.warn openvpn(XXXX)[4998]: Could not determine IPv4/IPv6 protocol. Using AF_INET
Sun Apr 4 09:48:14 2021 daemon.notice openvpn(XXXX)[4998]: Socket Buffers: R=[163840->163840] S=[163840->163840]
Sun Apr 4 09:48:14 2021 daemon.err openvpn(XXXX)[4998]: TCP/UDP: Socket bind failed on local address [AF_INET][undef]:1194: Address in use (errno=98)
Sun Apr 4 09:48:14 2021 daemon.notice openvpn(XXXX)[4998]: Exiting due to fatal error
Sun Apr 4 09:48:14 2021 daemon.notice openvpn(XXXX)[4998]: /sbin/route del -net 10.1.10.0 netmask 255.255.255.0
Sun Apr 4 09:48:14 2021 daemon.notice openvpn(XXXX)[4998]: Closing TUN/TAP interface
Sun Apr 4 09:48:14 2021 daemon.notice openvpn(XXXX)[4998]: /sbin/ifconfig tun1 0.0.0.0

I completely don't understand this line:

Sun Apr 4 09:48:14 2021 daemon.notice openvpn(XXXX)[4998]: /sbin/ifconfig tun1 10.1.10.1 pointopoint 10.1.10.2 mtu 1500

Any suggestions on setting up an OpenWRT router to be a VPN server for remote access to the router's LAN.

Thanks!

The server subnet should be outside your LAN. OpenVPN administers that network including handing out IP addresses to clients. Clients will be routed into the LAN.

Unable to bind to port 1194 means that there is already an instance of OpenVPN server running. Make sure your configuration only opens one instance. Do not have any files named *.conf in /etc/openvpn.

1 Like

There are working and tested how-tos:

WireGuard is preferable for better performance and easier configuration.

1 Like