NordVPN on OpenWrt seems working, but it's not!

VahidTMS · April 10, 2022, 10:53am

So I recently started using OpenWrt specifically because none of my routers support OpenVPN.
I installed latest version on my Xiaomi 4C router and so far it's been a bumpy road. I'm definitely a newbie in all open source so I would appreciate if you imagined explaining to a not so bright a BRICK.
So here it goes, i have OpenVPN packages install on Luci and uploaded the opvn file from VPN provider(NordVPN) i followed the tutorial by Darius in this forum post(scroll down this link a bit) so far i have the profile there and it seems to connect but when i connect to my router using WIFI I'm still unprotected. i will send some pictures that might help.

VahidTMS · April 10, 2022, 10:53am

VahidTMS · April 10, 2022, 10:54am

VahidTMS · April 10, 2022, 10:54am

frollic · April 10, 2022, 10:55am

A tiny remark, VPN doesn't "protect" you from anything https://overengineer.dev/blog/2019/04/08/very-precarious-narrative.html

VahidTMS · April 10, 2022, 10:58am

thanks, Noted, but in this case I kinda need to bypass geo restriction.

frollic · April 10, 2022, 10:59am

Yes, then it's a completely different reason for setting it up, and a good one.

frollic · April 10, 2022, 11:06am

Let's get back to the actual problem, who says you're unprotected?

Do you know the tunnel's actually up and running? Tried whatsmyip with it on, and off?

VahidTMS · April 10, 2022, 11:10am

yes, the IP address remains the same even after it's turned on.
and as you can see the data is not being transferred in NORD interface. also it mentions the Network device is not present

frollic · April 10, 2022, 11:12am

Was it in their howto to setup the tunnel as unmanaged?

You might want to compare your setup with ExpressVPN in OpenVPN on OpenWrt - SUCCESS!

VahidTMS · April 10, 2022, 11:54am

it actually did. specifically mentioned to put it as unmanaged.
I'll take a look, but I'm not much familiar with SSH command lines, i did almost everything in web interface.

mk24 · April 10, 2022, 2:18pm

The VPN is showing "network device not present" which probably means that the connection to NordVPN has failed. Restart the OpenVPN service and read the system log to determine the cause of failure. The tun0 device will only exist after the VPN client has fully connected to the server.

Making a dummy unmanaged network to hold the VPN tunnel is now unnecessary since newer versions of the firewall code can attach a zone to a network device (such as tun0) directly.

trendy · April 10, 2022, 7:40pm

The whole configuration file for Nordvpn is not visible, but if you didn't make any mistake during the copy-paste, it should work. The other thing to verify is if the tun module is loaded.

lsmod | grep tun

Also there is a guide in the wiki, with troubleshooting commands at the bottom. Run them to get a better picture.

I still find it useful when it comes to route manipulation so it doesn't hurt to leave it one. You can also see the in/out bytes.

VahidTMS · April 11, 2022, 7:41am

i cant actually make anything out of this.

VahidTMS · April 11, 2022, 7:42am

can you understand what the issue is?

trendy · April 11, 2022, 9:40am

That's fine, we can. OpenVPN complains in the logs that network is unreachable. What is the output of: ip -4 addr; ip -4 ro list table all; ip -4 ru ? No need to upload screenshot, you can copy the text and paste it here in preformatted text (the </> button).
Also try a traceroute IP_OF_OPENVPN_SERVER ; ip -4 route get IP_OF_OPENVPN_SERVER

ulmwind · April 18, 2022, 9:07pm

Sorry, I can only help to configure using CLI. Please, write, if you are ready.

cpuetz · September 1, 2022, 1:48pm

I am having the same problem.

root@OpenWrt:~# ip -4 addr                                                              1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000               inet 127.0.0.1/8 scope host lo                                                             valid_lft forever preferred_lft forever                                          3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP qlen 1000      inet 192.168.1.200/24 brd 192.168.1.255 scope global wlan0                                 valid_lft forever preferred_lft forever                                          5: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000      inet 10.61.61.1/24 brd 10.61.61.255 scope global br-lan                                    valid_lft forever preferred_lft forever                       

root@OpenWrt:~# ip -4 ro list table all
default via 192.168.1.1 dev wlan0  src 192.168.1.200
10.61.61.0/24 dev br-lan scope link  src 10.61.61.1
192.168.1.0/24 dev wlan0 scope link  src 192.168.1.200
broadcast 10.61.61.0 dev br-lan table local scope link  src 10.61.61.1
local 10.61.61.1 dev br-lan table local scope host  src 10.61.61.1
broadcast 10.61.61.255 dev br-lan table local scope link  src 10.61.61.1
broadcast 127.0.0.0 dev lo table local scope link  src 127.0.0.1
local 127.0.0.0/8 dev lo table local scope host  src 127.0.0.1
local 127.0.0.1 dev lo table local scope host  src 127.0.0.1
broadcast 127.255.255.255 dev lo table local scope link  src 127.0.0.1
broadcast 192.168.1.0 dev wlan0 table local scope link  src 192.168.1.200
local 192.168.1.200 dev wlan0 table local scope host  src 192.168.1.200
broadcast 192.168.1.255 dev wlan0 table local scope link  src 192.168.1.200

root@OpenWrt:~# ip -4 ru
0:      from all lookup local
32766:  from all lookup main
32767:  from all lookup default

I'm pretty new to this but am learning the hard way. Any insight would be greatly appreciated.

frollic · September 1, 2022, 1:51pm

use the </> button when pasting cli output , it's unreadable.

cpuetz · September 2, 2022, 2:18am

I don't know what that means or how to do that. Sorry.