Hello friends, I am a newbie on the VPN issue and I need help.
I tell you my idea to correct me if necessary:
Until a while ago, my ISP delivered public IP, but for a few days it does not, it only delivers private IP. With this change I can no longer remotely access my LAN devices (I cannot do port forwarding).
My idea, if possible, will be to use a free VPN service to be able to access again the services of my devices on the LAN (SSH for example) but I cannot find the correct configuration.
I am trying to configure ProtonVPN but I can't make it work, this is my configuration and outputs by LOG:
Router:
TP-Link TL-WR1043N/ND v1
OpenWrt 18.06.5 r7897-9d401013fc / LuCI openwrt-18.06 branch (git-19.334.34552-3a3d8f4)
VPN:
config openvpn 'ProtonVPN'
option float '1'
option client '1'
option reneg_sec '0'
option verb '3'
option persist_key '1'
option nobind '1'
option remote_cert_tls 'server'
list remote 'nl-free-01.protonvpn.com'
option remote_random '1'
option tun_mtu '1500'
option cipher 'AES-256-CBC'
option tun_mtu_extra '32'
option auth 'SHA512'
option persist_tun '1'
option pull '1'
option auth_user_pass '/etc/openvpn/userpass.txt'
option fast_io '1'
option tls_auth '/etc/openvpn/tlsauth.key'
option tls_client '1'
option proto 'udp'
option ca '/etc/openvpn/cbid.openvpn.ProtonVPN.ca'
option comp_lzo 'no'
option port '443'
option redirect_gateway 'def1'
option resolv_retry 'infinite'
option ifconfig_nowarn '1'
option dev 'tun'
option enabled '1'
Log:
Thu Dec 5 12:08:10 2019 daemon.notice openvpn(ProtonVPN)[5043]: OpenVPN 2.4.5 mips-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Thu Dec 5 12:08:10 2019 daemon.notice openvpn(ProtonVPN)[5043]: library versions: OpenSSL 1.0.2t 10 Sep 2019, LZO 2.10
Thu Dec 5 12:08:10 2019 daemon.notice openvpn(ProtonVPN)[5043]: Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Thu Dec 5 12:08:10 2019 daemon.notice openvpn(ProtonVPN)[5043]: Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Thu Dec 5 12:08:10 2019 daemon.notice openvpn(ProtonVPN)[5043]: TCP/UDP: Preserving recently used remote address: [AF_INET]46.166.142.214:443
Thu Dec 5 12:08:10 2019 daemon.notice openvpn(ProtonVPN)[5043]: Socket Buffers: R=[163840->163840] S=[163840->163840]
Thu Dec 5 12:08:10 2019 daemon.notice openvpn(ProtonVPN)[5043]: UDP link local: (not bound)
Thu Dec 5 12:08:10 2019 daemon.notice openvpn(ProtonVPN)[5043]: UDP link remote: [AF_INET]46.166.142.214:443
Network:
config interface 'ProtonVPN'
option proto 'none'
option ifname 'tun0'
option auto '1'
option delegate '0'
Firewall:
config zone
option name 'VPNFW'
option input 'ACCEPT'
option forward 'REJECT'
option output 'ACCEPT'
option network 'ProtonVPN'
option masq '1'
option mtu_fix '1'
config forwarding
option dest 'VPNFW'
option src 'lan'
config forwarding
option dest 'VPNFW'
option src 'wan'
config forwarding
option dest 'lan'
option src 'VPNFW'
config forwarding
option dest 'wan'
option src 'VPNFW'
ifconfig:
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
UP POINTOPOINT NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Somebody could help me?
Also, if this idea is possible, I would use DDNS to obtain a domain and access from outside as I did with public IP (dynamic)
Anyway, I might be trying to do something impossible ... Feel free to correct my crazy idea or propose some other solution !!!
Thank you!!!