Hello everyone.
I am quite inexperienced and have tried setting up ExpressVPN on OpenWrt using OpenVPN. Unfortunately, I haven't been able to get it working quite right.
Hardware:
TP-Link TL-WR902AC V3
Firmware:
OpenWrt 22.03.2 r19803-9a599fee93 / LuCI openwrt-22.03 branch git-22.288.45147-96ec0cd
For reference, I am currently living (Working) in a compound with strict censorship of all the content we are allowed to access on their Wifi (Facebook, Netflix, Youtube, etc.)
Cellular Data is not an option either as the signal strength is way too weak.
I have explored quite a few different options when it comes to VPN services and so far ExpressVPN seems to hold up pretty well for some reason, they don't seem to catch on with ExpressVPN as most of the other VPN services get blocked quite quickly.
So I am committed to ExpressVPN and OpenWrt (The TP-Link router I am using doesn't seem to support any other custom router firmware - such as DD-Wrt).
My use case is that I would like to set up a Wifi network apart from the Wifi network provided by the company and run all my devices to my own network - then through the VPN.
I have configured the VPN as per the guidelines listed below:
I have also tried various other guides online to see if there isn't anything small I might be missing.
When I start the VPN it starts and says it is connected but I don't think it is actually functioning properly (Please see the screenshot)
As for the config file "etc/config/openvpn" :
config openvpn 'SE_Sweden'
option enabled '1'
option client '1'
option dev 'tun'
option fast_io '1'
option persist_key '1'
option persist_tun '1'
option nobind '1'
list remote '------------------------.com 1195'
option port '1195'
option remote_random '1'
option pull '1'
option comp_lzo 'no'
option tls_client '1'
option verify_x509_name 'Server name-prefix'
option ns_cert_type 'server'
option route_method 'exe'
option route_delay '2'
option tun_mtu '1500'
option fragment '1300'
option mssfix '1200'
option verb '3'
option cipher 'AES-256-CBC'
option keysize '256'
option auth 'SHA512'
option sndbuf '524288'
option rcvbuf '524288'
option ca '/etc/openvpn/ca2.crt'
option cert '/etc/openvpn/client.crt'
option key '/etc/openvpn/client.key'
option tls_auth '/etc/openvpn/ta.key'
option key_direction '1'
option auth_user_pass '/etc/openvpn/user.auth'
option proto 'udp'
As for the Edited OVPN file "etc/openvpn/SE_Sweden"
dev tun
fast-io
persist-key
persist-tun
nobind
remote ------------------------.com 1195
remote-random
pull
comp-lzo no
tls-client
verify-x509-name Server name-prefix
ns-cert-type server
key-direction 1
route-method exe
route-delay 2
tun-mtu 1500
fragment 1300
mssfix 1200
verb 3
cipher AES-256-CBC
keysize 256
auth SHA512
sndbuf 524288
rcvbuf 524288
auth-user-pass
This is how I have set up the files. So far I have managed to get it working partly with this config. I haven't set up the interfaces and firewall zones yet. Every time that I do I don't have and internet connection anymore. So Obviously I am missing something
My logs show the following errors repeating:
I am unsure why it isn't working, could anyone possibly point me in a direction that might help? I have spent 2 weeks redoing every possible step I can think of in an attempt to get it working to no avail.
My fear is that the company wifi is somehow blocking the connection through the firewall. But this theory boggles my mind as the ExpressVPN Application on Windows, my iPhone, and my Ipad work perfectly fine. So it has to be possible to get my Router to connect as well.
I thought of attempting to get my router to connect to the internet through my Phone hotspot but the connection is so unreliable that I cant get it to connect to see if my connection is being blocked (on the company wifi).
Any advice or input is welcome 
==================================
EDIT: 28/11/2022
For the sake of clarification. I have setup up my keys (downloaded from ExpressVPN). And placed them in the directory of the router.
etc/openvpn/ca2.crt
etc/openvpn/client.crt
etc/openvpn/client.key
etc/openvpn/ta.key
etc/openvpn/user.auth
These are being referenced in my SE_Sweden.config file.
option ca '/etc/openvpn/ca2.crt'
option cert '/etc/openvpn/client.crt'
option key '/etc/openvpn/client.key'
option tls_auth '/etc/openvpn/ta.key'
option key_direction '1'
option auth_user_pass '/etc/openvpn/user.auth'
option proto 'udp'
These files are set up as follows:
etc/openvpn/ca2.crt
-----BEGIN CERTIFICATE-----
(Deleted the key for illustration purposes)
-----END CERTIFICATE-----
etc/openvpn/client.crt
-----BEGIN CERTIFICATE-----
(Deleted the key for illustration purposes)
-----END CERTIFICATE-----
etc/openvpn/cleint.key
-----BEGIN RSA PRIVATE KEY-----
(Deleted the key for illustration purposes)
-----END RSA PRIVATE KEY-----
etc/openvpn/ta.key
'#
'# 2048 bit OpenVPN static key
'#
-----BEGIN OpenVPN Static key V1-----
(Deleted the key for illustration purposes)
-----END OpenVPN Static key V1-----
Note: (Please ignore the ' before the # - I just dont know how to illustrate the hashtag without it making the text bold.)
etc/openvpn/user.auth
unique username
unique password