[Solved] Help setting up PIA VPN with LEDE on Linksys EA4500

Greg · February 14, 2018, 5:16am

Just a shot in the dark but has anyone set up open vpn with LEDE on the EA4500? I'm trying to follow this guide:

https://helpdesk.privateinternetaccess.com/hc/en-us/articles/115005760646-Setting-up-a-Router-running-LEDE-Firmware

but for some reason openvpn is giving me a problem. although it says its installed in luci, when I search for it where it should be using the command line in putty I can't find it and as a result I'm not able to continue following the guide.

Also it seems to be related to this part of the command line entry:

openssh-sftp-server

This is the whole entry:

opkg update; opkg install openssh-sftp-server luci-app-openvpn

the reason I know that is because open vpn does install and I am able to find it after using another command from another guide I found online like this:

opkg update
opkg install openvpn-openssl luci-app-openvpn

anyway just a shot in the dark. Thanks

anon57995562 · February 14, 2018, 6:34am

You already have several posts on this topic in another thread...

To eliminate confusion, ask a moderator to merge those into this thread.

Greg · February 14, 2018, 7:23am

Are you not a moderator?

anon57995562 · February 14, 2018, 7:37am

I am not.

Leaders/Sys Admins -

@tmomas
@richb-hanover
@jow
@thess

Apologies to anyone I missed.

BTW, did you contact PIA?

Greg · February 14, 2018, 8:29pm

Yes I started a ticket on Saturday. They only just responded today. All they had to say however was that they were going to escalate it to their advanced tech team, so I’m back to waiting.

anon57995562 · February 14, 2018, 8:52pm

While you're waiting, you might consider doing the following...

Back up your current configuration.
Reset LEDE to factory defaults, which will wipe out any configs you have done, including installed packages.
Try doing the PIA installation before doing any other configuration on the router.

This would eliminate the possibility that something in the configuration is blocking the installation.

Greg · February 14, 2018, 10:44pm

Yes I’ve done that. It simply seems to be that open vpn does not get installed in the /etc/ directory upon completing the command in the pia guide. I’ve typed in opkg find openvpn to see what is available and have experimented with the ones that are. One that does create the directory in /etc/ is openvpn-mbedtls. I experimented with using the pia guide to a t while also adding that package to see if it would work. I got to the end and can’t start the connection. Maybe with some modifications it would work like that, but I wouldn’t know how to go about that. Thanks for your help.

anon57995562 · February 14, 2018, 11:33pm

PIA should answer that for you.

Greg · February 15, 2018, 12:09am

Out of curiosity, is it possible that the PIA guide for setting up LEDE was done on a previous version of LEDE and that for whatever reason the new version of LEDE is no longer compatible with that exact procedure? If so, where would I get an older version of LEDE? Just so I can try it out. Thanks again

anon57995562 · February 15, 2018, 1:31am

Possible, but I noticed the instructions were posted on February 4, 2018.

Of course that doesn't mean they were written then.

All releases can be found here...

https://downloads.lede-project.org/releases/

Greg · February 15, 2018, 2:01am

I'm sorry, but when I look at that I'm not exactly sure what to download. Should I be going to /targets/kirkwwod/ ? Thanks

Greg · February 15, 2018, 2:09am

Never mind, I figured it out. Thanks anyway

Greg · February 15, 2018, 2:32am

well I tried 17.01.1 and it didn't help. I did notice just now though that vi /etc/sysupgrade.conf contains this.

## This file contains files and directories that should
## be preserved during an upgrade.

# /etc/example.conf
# /etc/openvpn/

does that help, or is it just stating that if /etc/openvpn/ was already there it would preserve it if I upgraded to a newer version of LEDE?

thanks again

anon57995562 · February 15, 2018, 2:39am

See this section of the OpenWrt wiki system upgrade procedure...

https://wiki.openwrt.org/doc/howto/generic.sysupgrade#ensure_desired_configuration_files_will_be_saved

stangri · February 15, 2018, 4:21am

I believe I've posted the complete set of uci commands and instructions to achieve working PIA OpenVPN connection somewhere on the old forum.

You should consider posting your /etc/config/openvpn, /etc/config/network and /etc/config/firewall files rather than links to guides you've tried to use. Also, wouldn't hurt to post the output of opkg list-installed.

Greg · February 15, 2018, 6:50pm

Ok upon typing vi /etc/config/openvpn the file is empty. upon typing vi /etc/config/network this is the entry:

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd12:a7b1:d2e6::/48'

config interface 'lan'
        option type 'bridge'
        option ifname 'eth0'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config interface 'wan'
        option ifname 'eth1'
        option proto 'dhcp'

config interface 'wan6'
        option ifname 'eth1'
        option proto 'dhcpv6'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '0 1 2 3 5'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '4 6'

vi /etc/config/firewall:

config defaults
        option syn_flood        1
        option input            ACCEPT
        option output           ACCEPT
        option forward          REJECT
# Uncomment this line to disable ipv6 rules
#       option disable_ipv6     1

config zone
        option name             lan
        list   network          'lan'
        option input            ACCEPT
        option output           ACCEPT
        option forward          ACCEPT

config zone
        option name             wan
        list   network          'wan'
        list   network          'wan6'
        option input            REJECT
        option output           ACCEPT
        option forward          REJECT
        option masq             1
        option mtu_fix          1

config forwarding
        option src              lan
        option dest             wan

# We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108
config rule
        option name             Allow-DHCP-Renew
        option src              wan
        option proto            udp
        option dest_port        68
        option target           ACCEPT
        option family           ipv4

# Allow IPv4 ping
config rule
        option name             Allow-Ping
        option src              wan
        option proto            icmp
        option icmp_type        echo-request
        option family           ipv4
        option target           ACCEPT

opkg list-installed:

base-files - 173.1-r3560-79f57e422d
busybox - 1.25.1-4
dnsmasq - 2.78-1
dropbear - 2017.75-2
firewall - 2017-05-27-a4d98aea-1
fstools - 2017-06-30-bdcb075f-1
fwtool - 1
hostapd-common - 2016-12-19-ad02e79d-6
ip6tables - 1.4.21-2
iptables - 1.4.21-2
iw - 4.9-1
jshn - 2017-02-24-96305a3c-1
jsonfilter - 2016-07-02-dea067ad-1
kernel - 4.4.92-1-b8bd86f60f584e07b50723333348e36e
kmod-cfg80211 - 4.4.92+2017-01-31-3
kmod-ip6tables - 4.4.92-1
kmod-ipt-conntrack - 4.4.92-1
kmod-ipt-core - 4.4.92-1
kmod-ipt-nat - 4.4.92-1
kmod-lib-crc-ccitt - 4.4.92-1
kmod-mac80211 - 4.4.92+2017-01-31-3
kmod-mwl8k - 4.4.92+2017-01-31-3
kmod-nf-conntrack - 4.4.92-1
kmod-nf-conntrack6 - 4.4.92-1
kmod-nf-ipt - 4.4.92-1
kmod-nf-ipt6 - 4.4.92-1
kmod-nf-nat - 4.4.92-1
kmod-ppp - 4.4.92-1
kmod-pppoe - 4.4.92-1
kmod-pppox - 4.4.92-1
kmod-slhc - 4.4.92-1
lede-keyring - 2017-01-20-a50b7529-1
libblobmsg-json - 2017-02-24-96305a3c-1
libc - 1.1.16-1
libgcc - 5.4.0-1
libip4tc - 1.4.21-2
libip6tc - 1.4.21-2
libiwinfo - 2016-09-21-fd9e17be-1
libiwinfo-lua - 2016-09-21-fd9e17be-1
libjson-c - 0.12.1-1
libjson-script - 2017-02-24-96305a3c-1
liblua - 5.1.5-1
libnl-tiny - 0.1-5
libpthread - 1.1.16-1
libubox - 2017-02-24-96305a3c-1
libubus - 2017-02-18-34c6e818-1
libubus-lua - 2017-02-18-34c6e818-1
libuci - 2016-07-04-e1bf4356-1
libuci-lua - 2016-07-04-e1bf4356-1
libuclient - 2017-09-06-24d6eded-1
libxtables - 1.4.21-2
logd - 2017-03-10-16f7e161-1
lua - 5.1.5-1
luci - git-17.290.79498-d3f0685-1
luci-app-firewall - git-17.290.79498-d3f0685-1
luci-app-openvpn - git-18.039.58469-1c94003-1
luci-base - git-17.290.79498-d3f0685-1
luci-lib-ip - git-17.290.79498-d3f0685-1
luci-lib-jsonc - git-17.290.79498-d3f0685-1
luci-lib-nixio - git-17.290.79498-d3f0685-1
luci-mod-admin-full - git-17.290.79498-d3f0685-1
luci-proto-ipv6 - git-17.290.79498-d3f0685-1
luci-proto-ppp - git-17.290.79498-d3f0685-1
luci-theme-bootstrap - git-17.290.79498-d3f0685-1
mtd - 21
mwl8k-firmware - 2016-09-21-42ad5367-1
netifd - 2017-01-25-650758b1-1
odhcp6c - 2017-01-30-c13b6a05-2
odhcpd - 2017-10-02-c6f3d5d4-2
openssh-sftp-server - 7.4p1-1
opkg - 2017-03-23-1d0263bb-1
ppp - 2.4.7-11
ppp-mod-pppoe - 2.4.7-11
procd - 2017-08-08-66be6a23-1
procd-nand - 2017-08-08-66be6a23-1
rpcd - 2016-12-03-0577cfc1-1
swconfig - 11
ubi-utils - 1.5.2-1
uboot-envtools - 2015.10-1
ubox - 2017-03-10-16f7e161-1
ubus - 2017-02-18-34c6e818-1
ubusd - 2017-02-18-34c6e818-1
uci - 2016-07-04-e1bf4356-1
uclient-fetch - 2017-09-06-24d6eded-1
uhttpd - 2017-08-19-3fd58e9b-1
uhttpd-mod-ubus - 2017-08-19-3fd58e9b-1
usign - 2015-07-04-ef641914-1
wpad-mini - 2016-12-19-ad02e79d-6

this is after entering the first step on the pia setup guide. As I can't do the second step, for the reasons mentioned above. Thanks

Greg · February 15, 2018, 7:10pm

Also I've learned something, but have a question. When following this guide:

https://openwrt.org/docs/user-guide/openvpn.client

after completing this step:

uci set openvpn.provider.config='/etc/openvpn/ipvanish-US-Los-Angeles-lax-a01.ovpn # NOTE: use whatever your file is above.

The command line acts differently. It looks the same as when you use EOF. Only when I'm finished with the whole list of uci commands, and at the end enter uci commit, it doesn't close. The CLI stays the same as when I was entering the uci commands. Does anyone know how to finish/close that? I'm sure its just a simple command, but I don't know what it is. thanks

anon57995562 · February 15, 2018, 10:49pm

Type in exit at the command prompt.

Greg · February 16, 2018, 12:16am

I don’t mean like that. When the command prompt starts with

Root@LEDE:~#

Exit will close the command prompt

I’m talking about when the command prompt starts with just

“>”

And that’s it. Like I said in the previous post. It starts after I enter this command.

uci set openvpn.provider.config='/etc/openvpn/ipvanish-US-Los-Angeles-lax-a01.ovpn # NOTE: use whatever your file is above

anon57995562 · February 16, 2018, 12:27am

Did you remove this from the command line?

# NOTE: use whatever your file is above