Open VPN and NordVPN

Good afternoon,
I need help please:

I was searching for a more end user friendly way to configure openvpn client for my vpn provider (nordvpn) and I've found this on github: https://github.com/oilervoss/openvpnForNordvpn (Custom scripts for Nordvpn at OpenWRT). Did any LEDE user used this scripts? How can I use/test them on LEDE. I am a end user and I would like to have an easy way to manage my vpn service.

Many thanks for your help

fwiw, take a look at my alternative novice's guide to setting up OpenVPN on a HH5a using ovpn configuration files. The introduction also contains some useful links which you may find useful.

Setting up OpenVPN for HH5a using Windows

I'm a novice. Take this with a grain of salt, please. https://nordvpn.com/tutorials/openwrt/openvpn/

Thank you all for a your help. I did try both solution but for some days I could not get anything to work. The I focus on NordVPN guide https://nordvpn.com/tutorials/openwrt/openvpn/ and stop the configuration after changing dns. At the first time it didn’t work. Then I tried a reboot and that was it. I think it is not mentioned that reboot is needed to apply configuration. Then I try the following step:
appended strings should be similar to previous one.

To prevent traffic leakage in case VPN-tunnel drops you can edit the file /etc/firewall.user with following content:

# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.

# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
**# special user chains, e.g. input_wan_rule or postrouti**ng_lan_rule.

if (! ip a s tun0 up) && (! iptables -C forwarding_rule -j REJECT); then
iptables -I forwarding_rule -j REJECT
fi

When I insert this code and after rebooting I have no internet acces! Can anyone help with a solution please?

Just a last not: i’ve Installed vpn bypss to use with some devices ip,s and is is working great. Thanks for this

Thanks.

1 Like

ok foud the solution
https://forum.openwrt.org/viewtopic.php?id=70245

"Once the connection goes down and the switch enables the iptable rule I have to manually run iptables -D forwarding_rule -j REJECT on console to return connectivity. "

Take Care

Is that command:

iptables -D forwarding_rule -j REJECT

run once? Please give a little more info. I have a similar problem.

In my case when I reboot the router or a connection drops I have no internet. To have internet I must login to the rooter via ssh cliente and after that copy and past the command iptables -D forwarding_rule -j REJECT
and give enter. When enter the command you get internet and everything is working good.

Hope this can help.

Trying to fix a DNS leak, I created reconnect.sh, in /etc/openvpn. I misunderstood that the scipt was to go in rc.local. Using mv the reconnect.sh is now in rc.local, but whatever was there before is missing. How can I fix this?

NordVPN page cryptically says

From:

In some cases openvpn hangs with log message like (couldn’t resolve host …). In this case tunnel stays up, but connection is lost. It should be reconnected manually, with the following script /etc/openvpn/reconnect.sh, which is added to /etc/rc.local as:

/etc/openvpn/reconnect.sh &

then goes on to give the code:

“reconnect.sh” should contain this script:

#!/bin/sh
n=10
while sleep 50; do
        t=$(ping -c $n 8.8.8.8 | grep -o -E '\d+ packets r' | grep -o -E '\d+')
        if [ "$t" -eq 0 ]; then
                /etc/init.d/openvpn restart
        fi
done

I see the "couldn’t resolve host" message in the syslog. Yet, when executed terminal output is:

/etc/openvpn/reconnect.sh &
[1]-  Done(127)                  reconnect.sh
root@c7main:/etc/openvpn# -ash: /etc/openvpn/reconnect.sh: Permission denied

what chmod is correct for this file?

Hi MarkP2015

I didn’t use that script. I manually enter via Luci interface google ipv4 and ipv6 dns servers and everything is working good. I test it on https://www.dnsleaktest.com/ and everything is working ok. You should search for appropriated fields to insert google dns’s and also dns forwardings. You should also deselect “Use DNS servers advertised by peer”

Regards

I'm posting this as a potential help to others. I have opened my LEDE Admin page to Network, Interfaces - WAN, Advanced Settings.

The Use Advertised is unchecked. The Use Custom DNS numbers are listed (in the boxes). There is no mention of DNS Forwarding on that page. There is no Add (radio button) so there is no method, on that page to add DNS Forwarding.

Keyword searching the 'net for "DNS Forwarding" LEDE Project, returns a page from the OpenWRT:

Welcome to the OpenWrt Project » Documentation » user-guide » dns_configuration

That pages oddly says that there is no topic on DNS Forwarding. (see: https://openwrt.org/docs/user-guide/dns_configuration if curious.

I have also looked (Router Admin Page) under DHCP and DNS and do not see info related to Forwarding (in my extremely limited understanding of networking) so I've not configged Forwarding.

Where else should I look?

PS, the block-outside-dns doesn't prevent the leak. At first (20 minutes or so) I have Internet access. After some minutes, I don't have 'net access. I edited /etc/openvpn/ file.ovpn and commented out the line block-outside-dns. Rebooted. Net access restored. Leaking still continues.

The wiki search finds this:

Search engines need some time to update their index.

If you go to Network DHCP and DNS you should find the dns forwarding at least on archer c7 lede:
40

I'm also using the NordVPN and its really knowledgeable thread for me. Thanks for sharing the knowledge with us.

Dear all,

I recently upgrade my archer c7 v2 lede firmware from v17x to last stable 18x version. After severam attemps without success to use nordvpn with open VPN following this NordVPN guide https://nordvpn.com/tutorials/openwrt/openvpn/ I decide to do a router factory reset and star again folowing the same guide.

I do not had success getting nord vpn to work on lede 18x. On lede 17x it was working perfectly but now in 18x it does not work. I checked my system log and open vpn can connect to nordvpn server but after that I cannot receive inbound connection (RX packages! If I disconect openvpn I have internet access and everything is ok.

My router is connect to a ISP router and I want to use it with a vpn connection (this is the same connection that I had with previous lede version).

Can anyone help please?
tn
Best regards!

Anyone can help please. I cannot solve this. Without vpn everything is working ok. With vpn I have not internet but the vpn connects tomavam provider?

Help please.

Posting error messages/logs of your VPN connection would help. :wink:

Hi thanks for remembering it.

When I start openvpn I lost internet connection (no RX on nordVPN)

I've change the DNS to nordvpn but got the same issue

Sat Aug 25 23:17:14 2018 daemon.notice openvpn(nordvpn)[2094]: OpenVPN 2.4.5 mips-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]

Sat Aug 25 23:17:14 2018 daemon.notice openvpn(nordvpn)[2094]: library versions: OpenSSL 1.0.2p 14 Aug 2018, LZO 2.10

Sat Aug 25 23:17:14 2018 daemon.warn openvpn(nordvpn)[2094]: WARNING: --ping should normally be used with --ping-restart or --ping-exit

Sat Aug 25 23:17:14 2018 daemon.notice openvpn(nordvpn)[2094]: Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication

Sat Aug 25 23:17:14 2018 daemon.notice openvpn(nordvpn)[2094]: Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication

Sat Aug 25 23:17:14 2018 daemon.notice openvpn(nordvpn)[2094]: TCP/UDP: Preserving recently used remote address: [AF_INET]89.238.178.214:1194

Sat Aug 25 23:17:14 2018 daemon.notice openvpn(nordvpn)[2094]: Socket Buffers: R=[163840->163840] S=[163840->163840]

Sat Aug 25 23:17:14 2018 daemon.notice openvpn(nordvpn)[2094]: UDP link local: (not bound)

Sat Aug 25 23:17:14 2018 daemon.notice openvpn(nordvpn)[2094]: UDP link remote: [AF_INET]89.238.178.214:1194

Sat Aug 25 23:17:14 2018 daemon.notice openvpn(nordvpn)[2094]: TLS: Initial packet from [AF_INET]89.238.178.214:1194, sid=eb8a1434 c9fdf9c3

Sat Aug 25 23:17:14 2018 daemon.warn openvpn(nordvpn)[2094]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

Sat Aug 25 23:17:14 2018 daemon.notice openvpn(nordvpn)[2094]: VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA

Sat Aug 25 23:17:14 2018 daemon.notice openvpn(nordvpn)[2094]: VERIFY OK: depth=1, C=PA, O=NordVPN, CN=NordVPN CA2

Sat Aug 25 23:17:14 2018 daemon.notice openvpn(nordvpn)[2094]: VERIFY KU OK

Sat Aug 25 23:17:14 2018 daemon.notice openvpn(nordvpn)[2094]: Validating certificate extended key usage

Sat Aug 25 23:17:14 2018 daemon.notice openvpn(nordvpn)[2094]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication

Sat Aug 25 23:17:14 2018 daemon.notice openvpn(nordvpn)[2094]: VERIFY EKU OK

Sat Aug 25 23:17:14 2018 daemon.notice openvpn(nordvpn)[2094]: VERIFY OK: depth=0, CN=es45.nordvpn.com

Sat Aug 25 23:17:14 2018 daemon.notice openvpn(nordvpn)[2094]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA

Sat Aug 25 23:17:14 2018 daemon.notice openvpn(nordvpn)[2094]: [es45.nordvpn.com] Peer Connection Initiated with [AF_INET]89.238.178.214:1194

Sat Aug 25 23:17:15 2018 daemon.notice openvpn(nordvpn)[2094]: SENT CONTROL [es45.nordvpn.com]: 'PUSH_REQUEST' (status=1)

Sat Aug 25 23:17:16 2018 daemon.notice openvpn(nordvpn)[2094]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,sndbuf 524288,rcvbuf 524288,dhcp-option DNS 103.86.96.100,dhcp-option DNS 103.86.99.100,comp-lzo no,route-gateway 10.8.8.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.8.8.30 255.255.255.0,peer-id 19,cipher AES-256-GCM'

Sat Aug 25 23:17:16 2018 daemon.notice openvpn(nordvpn)[2094]: OPTIONS IMPORT: timers and/or timeouts modified

Sat Aug 25 23:17:16 2018 daemon.notice openvpn(nordvpn)[2094]: OPTIONS IMPORT: compression parms modified

Sat Aug 25 23:17:16 2018 daemon.notice openvpn(nordvpn)[2094]: OPTIONS IMPORT: --sndbuf/--rcvbuf options modified

Sat Aug 25 23:17:16 2018 daemon.notice openvpn(nordvpn)[2094]: Socket Buffers: R=[163840->327680] S=[163840->327680]

Sat Aug 25 23:17:16 2018 daemon.notice openvpn(nordvpn)[2094]: OPTIONS IMPORT: --ifconfig/up options modified

Sat Aug 25 23:17:16 2018 daemon.notice openvpn(nordvpn)[2094]: OPTIONS IMPORT: route options modified

Sat Aug 25 23:17:16 2018 daemon.notice openvpn(nordvpn)[2094]: OPTIONS IMPORT: route-related options modified

Sat Aug 25 23:17:16 2018 daemon.notice openvpn(nordvpn)[2094]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified

Sat Aug 25 23:17:16 2018 daemon.notice openvpn(nordvpn)[2094]: OPTIONS IMPORT: peer-id set

Sat Aug 25 23:17:16 2018 daemon.notice openvpn(nordvpn)[2094]: OPTIONS IMPORT: adjusting link_mtu to 1657

Sat Aug 25 23:17:16 2018 daemon.notice openvpn(nordvpn)[2094]: OPTIONS IMPORT: data channel crypto options modified

Sat Aug 25 23:17:16 2018 daemon.notice openvpn(nordvpn)[2094]: Data Channel: using negotiated cipher 'AES-256-GCM'

Sat Aug 25 23:17:16 2018 daemon.notice openvpn(nordvpn)[2094]: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key

Sat Aug 25 23:17:16 2018 daemon.notice openvpn(nordvpn)[2094]: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key

Sat Aug 25 23:17:16 2018 daemon.notice netifd: Interface 'nordvpntun' is enabled

Sat Aug 25 23:17:16 2018 daemon.notice netifd: Network device 'tun0' link is up

Sat Aug 25 23:17:16 2018 daemon.notice netifd: Interface 'nordvpntun' has link connectivity

Sat Aug 25 23:17:16 2018 daemon.notice netifd: Interface 'nordvpntun' is setting up now

Sat Aug 25 23:17:16 2018 daemon.notice netifd: Interface 'nordvpntun' is now up

Sat Aug 25 23:17:16 2018 daemon.notice openvpn(nordvpn)[2094]: TUN/TAP device tun0 opened

Sat Aug 25 23:17:16 2018 daemon.notice openvpn(nordvpn)[2094]: TUN/TAP TX queue length set to 100

Sat Aug 25 23:17:16 2018 daemon.notice openvpn(nordvpn)[2094]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0

Sat Aug 25 23:17:16 2018 daemon.notice openvpn(nordvpn)[2094]: /sbin/ifconfig tun0 10.8.8.30 netmask 255.255.255.0 mtu 1500 broadcast 10.8.8.255

Sat Aug 25 23:17:16 2018 daemon.notice openvpn(nordvpn)[2094]: /sbin/route add -net 89.238.178.214 netmask 255.255.255.255 gw 192.168.1.254

Sat Aug 25 23:17:16 2018 daemon.notice openvpn(nordvpn)[2094]: /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.8.8.1

Sat Aug 25 23:17:16 2018 daemon.notice openvpn(nordvpn)[2094]: /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.8.8.1

Sat Aug 25 23:17:16 2018 daemon.notice openvpn(nordvpn)[2094]: Initialization Sequence Completed

Sat Aug 25 23:17:16 2018 user.notice firewall: Reloading firewall due to ifup of nordvpntun (tun0)

Sat Aug 25 23:17:17 2018 daemon.warn odhcpd[978]: A default route is present but there is no public prefix on br-lan thus we don't announce a default route!

Firewall

config defaults

option syn_flood '1'

option input 'ACCEPT'

option output 'ACCEPT'

option forward 'REJECT'

config zone

option name 'lan'

list network 'lan'

option input 'ACCEPT'

option output 'ACCEPT'

option forward 'ACCEPT'

config zone

option name 'wan'

list network 'wan'

list network 'wan6'

option input 'REJECT'

option output 'ACCEPT'

option forward 'REJECT'

option masq '1'

option mtu_fix '1'

config forwarding

option src 'lan'

option dest 'wan'

config rule

option name 'Allow-DHCP-Renew'

option src 'wan'

option proto 'udp'

option dest_port '68'

option target 'ACCEPT'

option family 'ipv4'

config rule

option name 'Allow-Ping'

option src 'wan'

option proto 'icmp'

option icmp_type 'echo-request'

option family 'ipv4'

option target 'ACCEPT'

config rule

option name 'Allow-IGMP'

option src 'wan'

option proto 'igmp'

option family 'ipv4'

option target 'ACCEPT'

config rule

option name 'Allow-DHCPv6'

option src 'wan'

option proto 'udp'

option src_ip 'fc00::/6'

option dest_ip 'fc00::/6'

option dest_port '546'

option family 'ipv6'

option target 'ACCEPT'

config rule

option name 'Allow-MLD'

option src 'wan'

option proto 'icmp'

option src_ip 'fe80::/10'

list icmp_type '130/0'

list icmp_type '131/0'

list icmp_type '132/0'

list icmp_type '143/0'

option family 'ipv6'

option target 'ACCEPT'

config rule

option name 'Allow-ICMPv6-Input'

option src 'wan'

option proto 'icmp'

list icmp_type 'echo-request'

list icmp_type 'echo-reply'

list icmp_type 'destination-unreachable'

list icmp_type 'packet-too-big'

list icmp_type 'time-exceeded'

list icmp_type 'bad-header'

list icmp_type 'unknown-header-type'

list icmp_type 'router-solicitation'

list icmp_type 'neighbour-solicitation'

list icmp_type 'router-advertisement'

list icmp_type 'neighbour-advertisement'

option limit '1000/sec'

option family 'ipv6'

option target 'ACCEPT'

config rule

option name 'Allow-ICMPv6-Forward'

option src 'wan'

option dest '*'

option proto 'icmp'

list icmp_type 'echo-request'

list icmp_type 'echo-reply'

list icmp_type 'destination-unreachable'

list icmp_type 'packet-too-big'

list icmp_type 'time-exceeded'

list icmp_type 'bad-header'

list icmp_type 'unknown-header-type'

option limit '1000/sec'

option family 'ipv6'

option target 'ACCEPT'

config rule

option name 'Allow-IPSec-ESP'

option src 'wan'

option dest 'lan'

option proto 'esp'

option target 'ACCEPT'

config rule

option name 'Allow-ISAKMP'

option src 'wan'

option dest 'lan'

option dest_port '500'

option proto 'udp'

option target 'ACCEPT'

config include

option path '/etc/firewall.user'

config zone

option name 'vpnfirewall'

option input 'REJECT'

option output 'ACCEPT'

option forward 'REJECT'

option masq '1'

option mtu_fix '1'

list network 'nordvpntun'

config forwarding

option src 'lan'

option dest 'vpnfirewall'

Network

config interface 'loopback'

option ifname 'lo'

option proto 'static'

option ipaddr '127.0.0.1'

option netmask '255.0.0.0'

config globals 'globals'

option ula_prefix 'fd97:6e4c:ca12::/48'

config interface 'lan'

option type 'bridge'

option ifname 'eth1.1'

option proto 'static'

option ipaddr '192.168.1.1'

option netmask '255.255.255.0'

option ip6assign '60'

config interface 'wan'

option ifname 'eth0.2'

option proto 'dhcp'

option peerdns '0'

list dns '103.86.96.100'

list dns '103.86.99.100'

config interface 'wan6'

option ifname 'eth0.2'

option proto 'dhcpv6'

config switch

option name 'switch0'

option reset '1'

option enable_vlan '1'

config switch_vlan

option device 'switch0'

option vlan '1'

option ports '2 3 4 5 0t'

config switch_vlan

option device 'switch0'

option vlan '2'

option ports '1 6t'

config interface 'nordvpntun'

option proto 'none'

option ifname 'tun0'

option auto '1'

Openvpn

config openvpn 'custom_config'

option config '/etc/openvpn/my-vpn.conf'

config openvpn 'sample_server'

option port '1194'

option proto 'udp'

option dev 'tun'

option ca '/etc/openvpn/ca.crt'

option cert '/etc/openvpn/server.crt'

option key '/etc/openvpn/server.key'

option dh '/etc/openvpn/dh1024.pem'

option server '10.8.0.0 255.255.255.0'

option ifconfig_pool_persist '/tmp/ipp.txt'

option keepalive '10 120'

option compress 'lzo'

option persist_key '1'

option persist_tun '1'

option user 'nobody'

option status '/tmp/openvpn-status.log'

option verb '3'

config openvpn 'sample_client'

option client '1'

option dev 'tun'

option proto 'udp'

list remote 'my_server_1 1194'

option resolv_retry 'infinite'

option nobind '1'

option persist_key '1'

option persist_tun '1'

option user 'nobody'

option ca '/etc/openvpn/ca.crt'

option cert '/etc/openvpn/client.crt'

option key '/etc/openvpn/client.key'

option compress 'lzo'

option verb '3'

config openvpn 'nordvpn'

option enabled '1'

option config '/etc/openvpn/es45.nordvpn.com.udp.ovpn'

I am lost. In the 17 version it works, after upgrade to 18 i stops. I have the last firmware version...

Best Regards

Hi,
Replace "es45.nordvpn.com.udp.ovpn" in /etc/openvpn/ with the one below.
Create file in /etc/openvpn/ named "secret" save username on top line and password on bottom line.

client
fast-io
ifconfig-nowarn
mute-replay-warnings
nobind
persist-key
persist-tun
auth SHA512
auth-user-pass secret
cipher AES-256-CBC
compress lzo
dev tun
keepalive 10 120
key-direction 1
log /tmp/openvpn.log
port 1194
proto udp
remote es45.nordvpn.com
remote-cert-tls server
resolv-retry infinite
status /tmp/openvpn-status.log
verb 3
<ca>
-----BEGIN CERTIFICATE-----
MIIFCjCCAvKgAwIBAgIBATANBgkqhkiG9w0BAQ0FADA5MQswCQYDVQQGEwJQQTEQ
MA4GA1UEChMHTm9yZFZQTjEYMBYGA1UEAxMPTm9yZFZQTiBSb290IENBMB4XDTE2
MDEwMTAwMDAwMFoXDTM1MTIzMTIzNTk1OVowOTELMAkGA1UEBhMCUEExEDAOBgNV
BAoTB05vcmRWUE4xGDAWBgNVBAMTD05vcmRWUE4gUm9vdCBDQTCCAiIwDQYJKoZI
hvcNAQEBBQADggIPADCCAgoCggIBAMkr/BYhyo0F2upsIMXwC6QvkZps3NN2/eQF
kfQIS1gql0aejsKsEnmY0Kaon8uZCTXPsRH1gQNgg5D2gixdd1mJUvV3dE3y9FJr
XMoDkXdCGBodvKJyU6lcfEVF6/UxHcbBguZK9UtRHS9eJYm3rpL/5huQMCppX7kU
eQ8dpCwd3iKITqwd1ZudDqsWaU0vqzC2H55IyaZ/5/TnCk31Q1UP6BksbbuRcwOV
skEDsm6YoWDnn/IIzGOYnFJRzQH5jTz3j1QBvRIuQuBuvUkfhx1FEwhwZigrcxXu
MP+QgM54kezgziJUaZcOM2zF3lvrwMvXDMfNeIoJABv9ljw969xQ8czQCU5lMVmA
37ltv5Ec9U5hZuwk/9QO1Z+d/r6Jx0mlurS8gnCAKJgwa3kyZw6e4FZ8mYL4vpRR
hPdvRTWCMJkeB4yBHyhxUmTRgJHm6YR3D6hcFAc9cQcTEl/I60tMdz33G6m0O42s
Qt/+AR3YCY/RusWVBJB/qNS94EtNtj8iaebCQW1jHAhvGmFILVR9lzD0EzWKHkvy
WEjmUVRgCDd6Ne3eFRNS73gdv/C3l5boYySeu4exkEYVxVRn8DhCxs0MnkMHWFK6
MyzXCCn+JnWFDYPfDKHvpff/kLDobtPBf+Lbch5wQy9quY27xaj0XwLyjOltpiST
LWae/Q4vAgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqG
SIb3DQEBDQUAA4ICAQC9fUL2sZPxIN2mD32VeNySTgZlCEdVmlq471o/bDMP4B8g
nQesFRtXY2ZCjs50Jm73B2LViL9qlREmI6vE5IC8IsRBJSV4ce1WYxyXro5rmVg/
k6a10rlsbK/eg//GHoJxDdXDOokLUSnxt7gk3QKpX6eCdh67p0PuWm/7WUJQxH2S
DxsT9vB/iZriTIEe/ILoOQF0Aqp7AgNCcLcLAmbxXQkXYCCSB35Vp06u+eTWjG0/
pyS5V14stGtw+fA0DJp5ZJV4eqJ5LqxMlYvEZ/qKTEdoCeaXv2QEmN6dVqjDoTAo
k0t5u4YRXzEVCfXAC3ocplNdtCA72wjFJcSbfif4BSC8bDACTXtnPC7nD0VndZLp
+RiNLeiENhk0oTC+UVdSc+n2nJOzkCK0vYu0Ads4JGIB7g8IB3z2t9ICmsWrgnhd
NdcOe15BincrGA8avQ1cWXsfIKEjbrnEuEk9b5jel6NfHtPKoHc9mDpRdNPISeVa
wDBM1mJChneHt59Nh8Gah74+TM1jBsw4fhJPvoc7Atcg740JErb904mZfkIEmojC
VPhBHVQ9LHBAdM8qFI2kRK0IynOmAZhexlP/aT/kpEsEPyaZQlnBn3An1CRz8h0S
PApL8PytggYKeQmRhl499+6jLxcZ2IegLfqq41dzIjwHwTMplg+1pKIOVojpWA==
-----END CERTIFICATE-----
</ca>
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
e685bdaf659a25a200e2b9e39e51ff03
0fc72cf1ce07232bd8b2be5e6c670143
f51e937e670eee09d4f2ea5a6e4e6996
5db852c275351b86fc4ca892d78ae002
d6f70d029bd79c4d1c26cf14e9588033
cf639f8a74809f29f72b9d58f9b8f5fe
fc7938eade40e9fed6cb92184abb2cc1
0eb1a296df243b251df0643d53724cdb
5a92a1d6cb817804c4a9319b57d53be5
80815bcfcb2df55018cc83fc43bc7ff8
2d51f9b88364776ee9d12fc85cc7ea5b
9741c4f598c485316db066d52db4540e
212e1518a9bd4828219e24b20d88f598
a196c9de96012090e333519ae18d3509
9427e7b372d348d352dc4c85e18cd4b9
3f8a56ddb2e64eb67adfc9b337157ff4
-----END OpenVPN Static key V1-----
</tls-auth>

Btw, is there any valid and up-to-date guide for using the OpenVPN-client with OpenWrt 18.06.1?