I am trying to get a temporary setup for someone on an old Asus RT-AC56U router now that I have 24.10.2 installed. I understand the limited WiFi capability, but the person only has about 6Mbps speed at best, so I think that aspect should be okay for the time being.
Right now I am having problems setting up an OpenVPN connection. (I've been using OpenWrt for about seven years, but for the most part I am only able to use Luci for all this. I can use WinSCP if I need to modify a file, and I have Putty but don't really use it.) I downloaded the necessary packages for OpenVPN and Luci (openvpn-openssl, luci-app-openvpn, and openssl-util (one video said to get this one, too, but I don't know what it really does)), and that worked fine.
I set up a new VPN instance using a config file I downloaded from the VPN (AirVPN), for routers. I see the new instance and I checked the Enabled box and hit start and applied the settings, and it showed yes (xxxx), as expected. So far, so good, I thought. I am following two seemingly decent videos from well-known guys. Next step create an interface.
When I go to create the interface and I have to specify the device I'm expecting to see tun0 as a choice, and I don't have that. I have exactly the same choices I had before I set up the VPN instance. In the videos they all now have the tun0 option once the VPN instance shows as Started yes (xxxx).
I rebooted the router and logged in and out of Luci just to be sure, but to no avail. Can anyone suggest some things for me to try?
You do not need to create an interface, for firewall you can simply add to the WAN firewall zone > Advanced Settings > Covered devices : Custom: tun+ and make sure you press Enter after typing it and then Save and Save and Apply
the tun**+** covers all tunX devices where X = 0-9
If you really want, you can create an interface e.g. for Policy Based Routing with
protocol : unmanaged
and add tun0 under Custom
If you cannot get it working it might help to see your configs, Please connect to your OpenWRT device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button
Remember to redact keys, passwords, MAC addresses and any public IP addresses you may have:
ubus call system board
cat /etc/config/network
cat /etc/config/firewall
ip route show
cat /etc/config/openvpn
for ovpn in $(ls /etc/openvpn/*.ovpn);do echo $ovpn; cat $ovpn; echo;done
for vpn in $(ls /tmp/etc/openvpn*.conf);do echo $vpn;cat $vpn;echo;done
logread | grep openvpn
Furthermore
If you want better support for the wireless consider using DDWRT it is still supported there.
Consider using WireGuard instead of OpenVPN it is three times faster and easier to setup
My own notes how I setup WireGuard: WireGuard Client Setup Guide
I recommend you to follow the guides from OpenWrt and not random guides from YouTube.
Here is e guide to setting up an OpenVPN client, which also worked for me.,
Thanks @egc The thing that threw me was that in the vids I watched the interface was already there. I did what you showed and just created a tun0 and then did the firewall. At that point everything else was just following the steps. I did check the log and see that before I did the above it was connected to the VPN at the correct VPN address. It all worked as expected once I finished.
On another note the comments on the WiFi being slow are an understatement in my case. I assumed that what was said about it maxing out at 50Mbps was correct, and so with a 6 Mbps connection I thought no problem. I was able to speed test it and about the best I got with the router right next to the computer was 10Kbps. 10 Kbps!!! Most pages timed out and the whole setup is worthless.
I plan to try to buy a router to finish this project for this person. I plan to post in the Hardware section on this if anyone wants to help me on that aspect.
I will check your notes on WireGuard and likely use that when I redo my own home network soon. Thanks.
Thanks @Marc_r Actually I have read the documentation here and was following that. I understand fully about not following random guys on YT. Sometimes I just do better if I have a video showing the same thing as the documentation. The two guys I was watching are 'highly regarded' by the 'Using Mullvad on Open Wrt' and 'Using Nord on Open Wrt' communities (for what that's worth), and they followed the e guide you cited very closely, including the 'kill switch' part, which I wanted. I also checked out the Dropbox link and guide mentioned in that documentation, which was good.
The issue, as I noted above, was that I thought the tun0 would become available after I created the OpenVPN instance, and it didn't. Hence I didn't know what to do at Step 4. I didn't realize I could just create it, continue following the steps, and finish up. Once I created it all went well. I appreciate the reply.
If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.
Thanks!
About the speed, that is lower than expected, could be because Broadcom is closed source so not well supported on OpenWRT, see the warning on the wiki: https://openwrt.org/toh/hwdata/asus/asus_rt-ac56u
I have and administer still a lot of these Broadcom routers e.g. Netgear R6400, R7000, Asus AC68U, Linksys EA6900 those do about 25-35 Mb/s on OpenVPN and about 100 Mb/s using WireGuard and are still well supported on DDWRT which uses K4.4 which is still supported as SLTS release.
Those have hardware offloading so can do about 900 Mb/s LAN<>WAN throughput for IPv4. I think those routers are also still supported by Fresh Tomato
If you really want to have those older Broadcom routers in operation you might have to look at other firmware then OpenWRT
