Old owrt: how to get it openvpn-client working?

Installing and Using OpenWrt Network and Wireless Configuration
1

[please just avoid "change/update/upgrade/buy new hw" please]
hi guys

im asked by a little NGO of refurbushing old hw to get computers and connections working for some persons (disabled or poor)
they asked me to get two things with old routers :
a/ to get them acting as an AP+sta to connect arround and create a dedicated AP/wifi (that point is okay, openwrt ap+sta on one or two devices works great)
b/ more complicated one : to get a vpn-client on the side of the

please note that they told me they cannot replace not change/refresh any of those routers, i have "to deal with it" ..
so im trying to do it with protonvpn free servers (i cannot spend a penny), where im confronted to this :

here are the information :

here is the bug :
daemon.warn openvpn(custom_config)[775]: Cannot load private key file /etc/openvpn/key: error:0906D06C:lib(9):func(109):reason(108): error:140B0009:lib(20):func(176):reason(9)

anyone succeed to setup openwrt as a openvpn/wg client vpn for free servers, using old kamikaze release?
mainly it's for wrt54GL v1.1 under kamikaze openwrt... it's working well for STA mode, only vpn is missing !

ps: is it possible to disable the :slight _smile: feature instead of ":" simple?

2

This is too old and resource limited to run any resonable VPN... OpenVPN won't fit (or even if it could, there isn't enough processing power in that device), and Wireguard wouldn't have its initial release until 5 years after the last supported OpenWrt for that device.

The wrt54GL v1.1 has been unsupported for well over a decade. This is not only an issue of development stopping (likely due to the technical limitations of the device), but also in terms of security patches. And, Backfire (2010) is so old that people are unlikely to remember how to help configure/troubleshoot.

The best way you can help with these old devices is to e-cycle them. They are so incredibly old that they will present an unacceptable security risk to anyone who tries to use them.

Please don't attempt to deply these anywhere... it's like using a child car seat from the 1950s.

1 Like
3

OpenVPN deprecates old versions in order to enforce the use of more recent, more secure crypto standards. What this means is that you won't be able to connect an old version to a commercial service that runs a new version, which is all of them.

3 Likes
4

it's better than nothing, while few people just do have no internet access for their computers/phone (no cell coverage at all in those buildings), there is no other choice at the moment (and for few months at least) unfortunately.

5

which type of "incredibly risk" for devices being not directly plugged on the internet (beside at least two modern fw/routers) and used by people not hackers, where no hacker for sure lives in the area? :wink:

6

No, it's really not. The security risk is so severe that it is like giving pepole water that is contaminated with high levels of PFAS, mercury, lead, and other chemicals and saying "it's better than no water."

I'm not kidding here when I tell you that it is irresponsible to deploy these in the modern age.

7

im using one of those right now, it's just a linux (if not, i would not have internet access at all here)
thus, why not adapt modern (or a bit less modern) images of owrt for those devices?

8

You have been warned about the issues with these devices.

At this point, if you choose to deploy these, the responsibility is yours. And know that you will absolutely not be able to get any support here for those devices because it is over a decade past EOL/unsupported status.

1 Like
9

Also, it is baffling why you would be looking for a VPN solution if security is not a concern in any way shape or form for your application.

You will not be able to use any modern/secure VPN options, maybe none at all (not sure) with Backfire 10.03. Using any insecure VPN methods is generally worse than using none at all.

1 Like
10

means openwrt supports only "less than five years old" devices on it's forum/IRC?

11

vpn is just question of ip address.

12

well, some others persons had different answers :

13

You must have missed my post in that same thread. Also to note, that thread is now 4 years older than when it was started.

Correction, it would be more accurate to say something closer to what you were told:

openwrt supports only "less than five years old" software

1 Like
14

It's not the devices, it's the age of the OpenWrt release. There are plenty of devices that are quite old that can still run modern OpenWrt versions. I have a 2009 Ubiquiti RouterStation Pro that runs 23.05. It's fully supported.

Your device is from 2005 (that is approaching 20 years old!!). It has 4MB flash memory and 16MB RAM, plus a single core 200MHz processor, 10/100Mbps ethernet ports and 802.11g ethernet. This is way too underpowered to run any modern firmware.

OpenWrt versions, on the other hand, change considerably over time -- small changes from release to release, but these stack up to major differences and thus unsupportability when you start to get many years out. Here, you're talking about >13 years of changes.

Context: that thread is from 2019. And the answers were largely the same.

1 Like
15

well..................
(wellll.....[..²]²...)

i would understand "a bit" about safety or cyberdefence/security advisors or even criticals warnings, almost going to heartstroke from few observers..

But...
(yes, there is a but, if not, nobody would do what we -as much more you're thinking people/nerds do- if not this subject and others would not exist)

please understand that reviving oldies on owrt (as those months, my mission), with even old owrties, is still something not that bad.

as I heard somewhere, "it's worst that giving dangerous alimentary or wasted water to somebody" .. well, if i were locked for weeks within a room, believe me it's better to be ill and sick, even to feel very bad, than.. just dead.

firstly, those routers are NOT directly, and NEVER directly, connected to the internet. They are not targets, just in a way : they are repeaters. AP+STA, means they connect to an already LAN network, to do some kind of new network/ssid to connect people whom would NOT have any internet access for weeks or certainly MONTHS, because of a very specific situation.

Then, if i compare :
for those wrties, mainly they run something between 19.x which is not old at all for me (five years is in average of my daily use, i never use new products), but i could understand that ddwrt v24, from 2010, or even kamikaze or backfire, are a bit old.
yes, they are. Im sure you agree with me :wink: BUT (yes, again..), 2010 is still better than 2008 or 2009 very limited firmware. I dont even talk about the 2006 (or 2003) of oldie 3com cient-wireless-router :wink:


I would be far more worried about it if they were running the original firmware

but in another way, for few im preparing with old owrt,

please understand, i give those device to people whom would not have any internet access, in any other manner, and of course, behind a NAT.

just please let us recycle those oldies 8/4MB backfire/kkz devices instead of 2006 firmwares, it could only be better than nothing.

best regards :wink:

16

why do we still use oldies wrt :
because it just works :slight_smile: