Hello,
I use OpenWrt 18.06.1 r7258-5eb055306f.
On i have configured adblock 3.5.5-3 and a openvpn clien.
I Have various questions 
1°) Is it possible to active vpn only one of wifi or only by lan ?
if it's possible it will be configurated selecting vpn client on network, Wireless, edit advance settings :
2°)I have a big speedtest diferrence between openwrt (ping 40ms Download 15 upload 10 )or directly on my 4g modem (ping 36ms Download 75mb Upload 10Mb)
Have a nice day !
The question is not very clear. However in the drop down menu that you show you specify the wired interface that the wireless interface will be bridged. Unless you know what you are doing, you should leave that to LAN.
Please post here the output of the following command, all in one line
cat /etc/config/network; cat /etc/config/firewall; cat /etc/config/wireless ; cat /etc/config/dhcp ; ip -4 addr ; ip -4 ro ; ip -4 ru
Please use "Preformatted text </>" for logs, scripts, configs and general console output.
For a separate VPN network you need two new networks, one for the VPN users and one that is the VPN tunnel. The vpnuser network has a DHCP server and can be connected to a wifi AP or Ethernet port(s) as needed. It's like a guest network except that it forwards to the VPN tunnel instead of to the WAN. So you need a new firewall zone for each of these new networks, forwarding between them, and masquerade set on the tunnel side.
VPN encryption is done in user-space software, it requires a lot of CPU power, so speed will depend on your hardware.
Hello,
Thanks for your help here the result
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd46:cb88:8a90::/48'
config interface 'lan'
option type 'bridge'
option ifname 'eth0.1'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config device 'lan_dev'
option name 'eth0.1'
option macaddr '50:64:2b:b2:71:cc'
config interface 'wan'
option ifname 'eth0.2'
option proto 'dhcp'
option type 'bridge'
config interface 'wan6'
option ifname 'eth0.2'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '2 3 6t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '1 6t'
config interface 'vpnclient'
option ifname 'tun0'
option proto 'none'
config interface '4G'
option proto 'dhcp'
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'wan wan6 4G'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config zone
option name 'vpnclient'
list network 'vpnclient'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'vpnclient'
config zone
option name 'vpnclient'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'vpnclient'
config forwarding
option src 'lan'
option dest 'vpnclient'
config wifi-device 'radio0'
option type 'mac80211'
option path 'pci0000:00/0000:00:00.0/0000:01:00.0'
option htmode 'HT20'
option country '00'
option legacy_rates '1'
option disabled '0'
option hwmode '11a'
option channel 'auto'
config wifi-device 'radio1'
option type 'mac80211'
option channel '36'
option hwmode '11a'
option path 'pci0000:00/0000:00:01.0/0000:02:00.0'
option htmode 'VHT80'
option country '00'
option legacy_rates '1'
config wifi-iface
option device 'radio1'
option mode 'ap'
option ssid 'OpenWrt'
option encryption 'psk2'
option key 'xxx'
option network 'lan'
config wifi-iface
option network '4G'
option encryption 'psk2'
option device 'radio0'
option mode 'sta'
option bssid '8C:25:05:EF:42:C8'
option key 'xxx'
option ssid '4G_Xiaomi'
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option serversfile '/tmp/adb_list.overall'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv6 'server'
option ra 'server'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
5: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
valid_lft forever preferred_lft forever
7: br-wan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
inet 192.168.0.253/24 brd 192.168.0.255 scope global br-wan
valid_lft forever preferred_lft forever
11: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN qlen 100
inet 10.8.9.46 peer 10.8.9.45/32 scope global tun0
valid_lft forever preferred_lft forever
0.0.0.0/1 via 10.8.9.45 dev tun0
default via 192.168.0.254 dev br-wan src 192.168.0.253
10.8.9.1 via 10.8.9.45 dev tun0
10.8.9.45 dev tun0 scope link src 10.8.9.46
128.0.0.0/1 via 10.8.9.45 dev tun0
192.168.0.0/24 dev br-wan scope link src 192.168.0.253
192.168.1.0/24 dev br-lan scope link src 192.168.1.1
198.27.70.139 via 192.168.0.254 dev br-wan
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
Sorry for my bad english ...
I woul'd like in a perfect world 1 Wifi with VPN and 1 wifi and the Lan in normal mode (with out VPN)
Regards
That is pretty clear.
What needs to be done:
Thanks for your help !!!
1°) How can i remove the default routre from vpn stoping the service VPN client ?
2°) I have created a new Wifi. ESSID MyWifiVPN with a network créated WifiVPN (but wireless is not associated)
I put a statick ip on 192.168.2.1 with gateway 192.168.1.1 (the ip of the router)
and i have activated DHCP on
.
For the moment it's Ok ? (i don't have bigs idea for 3 and 4)...
I am trying to do exactly that but with two ethernet ports and two vpn clients. Can you point to some tutorials or explanatory pages on how to do split tunneling on OpenWrt, the IPtables part gets me lost. Can it be donc in Luci?
config rule
option in 'wifivpn'
option lookup '100'
config 'route' 'vpn'
option 'interface' 'vpnclient'
option 'target' '0.0.0.0'
option 'netmask' '0.0.0.0'
Thank's for you help again ...
But i have updated my version OpenWrt 18.06.1 to OpenWrt 18.06.2 and i loose my vpn config ...i try to restore an archive but it's do not work ...
so i try to reinstall my VPN but it's not work ...
i do this :
ssh root@192.168.1.1
opkg update
opkg install openvpn-openssl luci-app-openvpn
opkg install libustream-openssl ca-bundle ca-certificates
->Cmder
λ cd
cd vpn
C:\vpn
λ scp vpnclient.ovpn root@192.168.1.1:/etc/openvpn/vpnclient.ovpn
vpnclient.ovpn 100% 1520 367.3KB/s 00:00
ssh root@192.168.1.1
cat > /etc/openvpn/userpass.txt << EOF
myVPN_Username
myVPN_Password
EOF
OPENVPN_LOCATION=US4
VPN_PROVIDER=ZOOGVPN
OVPN_INAME="$VPN_PROVIDER"_"$OPENVPN_LOCATION"
uci show openvpn.ZOOGVPN_US4
openvpn.ZOOGVPN_US4=openvpn
openvpn.ZOOGVPN_US4.enabled='0'
openvpn.ZOOGVPN_US4.config='/etc/openvpn/ZOOGVPN_US4.ovpn'
sed -i '/auth-user-pass*/a log-append /var/log/openvpn.log\nstatus /var/log/openvpn-status.log' /etc/openvpn/*.ovpn
uci set network."$VPN_PROVIDER"_vpn=interface
uci set network."$VPN_PROVIDER"_vpn.proto='none'
uci set network."$VPN_PROVIDER"_vpn.ifname='tun0'
uci set network."$VPN_PROVIDER"_vpn.metric='10'
uci add firewall zone
uci set firewall.@zone[-1].name='vpn'
uci set firewall.@zone[-1].input='REJECT'
uci set firewall.@zone[-1].output='ACCEPT'
uci set firewall.@zone[-1].forward='REJECT'
uci set firewall.@zone[-1].masq='1'
uci set firewall.@zone[-1].mtu_fix='1'
uci add_list firewall.@zone[-1].network="$VPN_PROVIDER"_vpn
uci add firewall forwarding
uci set firewall.@forwarding[-1].src='lan'
uci set firewall.@forwarding[-1].dest='vpn'
uci commit
/etc/init.d/firewall reload
/etc/init.d/network restart
/etc/init.d/openvpn restart
uci add_list dhcp.lan.dhcp_option='6,208.67.222.222,208.67.220.220'
uci add_list dhcp.lan.dhcp_option='6,8.8.8.8,8.8.4.4'
uci set network.wan.peerdns='0' # Désactive les DNS fournis par DHCP
uci del network.wan.dns # Supprime les DNS existants s'ils existent
uci add_list network.wan.dns='208.67.222.222'
uci add_list network.wan.dns='208.67.220.220'
uci add_list network.wan.dns='8.8.8.8'
uci add_list network.wan.dns='8.8.4.4'
My vpnclient.ovpn file :
client
dev tun
proto udp
remote us4.east.zoogvpn.com 1194
cipher AES-256-CBC
auth SHA256
resolv-retry infinite
nobind
persist-key
persist-tun
persist-remote-ip
-----BEGIN CERTIFICATE-----
MIIDjTCCAvagAwIBAgIJALBMSxQKBBi6MA0GCSqGSIb3DQEBBQUAMIGMMQswCQYD
VQQGEwJVUzENMAsGA1UECBMEVVRBSDESMBAGA1UEBxMJU2FsdCBMYWtlMQ8wDQYD
VQQKEwZab29nVFYxEjAQBgNVBAsTCUFNRVIxIFZQTjESMBAGA1UEAxMJWm9vZ1RW
IENBMSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QHpvb2d0di5jb20wHhcNMTQwNjA5
MjEyNzU2WhcNMjQwNjA2MjEyNzU2WjCBjDELMAkGA1UEBhMCVVMxDTALBgNVBAgT
BFVUQUgxEjAQBgNVBAcTCVNhbHQgTGFrZTEPMA0GA1UEChMGWm9vZ1RWMRIwEAYD
VQQLEwlBTUVSMSBWUE4xEjAQBgNVBAMTCVpvb2dUViBDQTEhMB8GCSqGSIb3DQEJ
ARYSc3VwcG9ydEB6b29ndHYuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
gQC7kIiPpph0xTYtmdEASddEHxgQVWAeg8gv+AzLEvvmcIHjsO4Rl0x765r7PViE
FDlrE6ShXUoOLxmS7mLj1fOlMPTnTGS5xr37mQmAjWJllLzoncYSuWOhY0tIOAsE
0R2juwyddyZCnu+iqC/MFLKG3ldgA4dOfVwnbMVcdtj+QQIDAQABo4H0MIHxMB0G
A1UdDgQWBBSkH6efW4hbVd5TIBJYrBpMs6/lPjCBwQYDVR0jBIG5MIG2gBSkH6ef
W4hbVd5TIBJYrBpMs6/lPqGBkqSBjzCBjDELMAkGA1UEBhMCVVMxDTALBgNVBAgT
BFVUQUgxEjAQBgNVBAcTCVNhbHQgTGFrZTEPMA0GA1UEChMGWm9vZ1RWMRIwEAYD
VQQLEwlBTUVSMSBWUE4xEjAQBgNVBAMTCVpvb2dUViBDQTEhMB8GCSqGSIb3DQEJ
ARYSc3VwcG9ydEB6b29ndHYuY29tggkAsExLFAoEGLowDAYDVR0TBAUwAwEB/zAN
BgkqhkiG9w0BAQUFAAOBgQAZ/cLbuSDEGZXf+aA5OAQnFmsO4fT8/Gq3B4FMa3mr
Ddi2VQ01tGzCalK4KDHRNAkqcuf5ao4suj8XEqi5fyXgvZwn2Cs+We+epDG7WXUn
sbNy1hhTFbi+3jl3He84KUoulPO6CFYgN44juuN3qjVklioxg+IhGsoHHe7AHPKw
FA==
-----END CERTIFICATE-----
fast-io
auth-user-pass
reneg-bytes 0
reneg-sec 0
verb 3
The vpn do not start ...
The enabled option is 0 in UCI. Change it to 1 in /etc/config/openvpn.
This line : uci set network.wan.peerdns='0' ? replace by uci set network.wan.peerdns='1'
That needs to be 1.
Realize that you are working with three files:
/etc/config/openvpn
This contains a trivial configuration which will launch an instance of openvpn and have it read its configuration from the next file
/etc/openvpn/ZOOGVPN_US4.ovpn
which is conventional OpenVPN configuration described on the openvpn site. Most commercial providers supply an example .ovpn file to use.
There is a problem (which you have yet to discover since it didn't get this far) in there that you have auth-user-pass but don't reference the user-pass file. That line should be auth-user-pass /etc/openvpn/userpass.txt
The final file being /etc/openvpn/userpass.txt which contains your username and password assigned by the service to sign on to the VPN server.
I usually create a directory under /etc/config, for example /etc/config/openvpnfiles, and store the .ovpn file, userpass file, certificate files, etc. there. These will be kept during a sysupgrade so typically you need only re-install openvpn on the new version and it will already be configured.
I try
root@OpenWrt:~# uci set network.wan.peerdns='1'
root@OpenWrt:~# /etc/init.d/openvpn restart
root@OpenWrt:~#
but's it's doesen't works more.
root@OpenWrt:~# logread -e openvpn; netstat -l -n -p | grep -e openvpn
Mon Jun 17 15:15:03 2019 daemon.err openvpn(ZOOGVPN_US4)[5398]: Options error: You must define TUN/TAP device (--dev)
Mon Jun 17 15:15:03 2019 daemon.warn openvpn(ZOOGVPN_US4)[5398]: Use --help for more information.
Mon Jun 17 15:15:08 2019 daemon.err openvpn(ZOOGVPN_US4)[5406]: Options error: You must define TUN/TAP device (--dev)
Mon Jun 17 15:15:08 2019 daemon.warn openvpn(ZOOGVPN_US4)[5406]: Use --help for more information.
Mon Jun 17 15:15:13 2019 daemon.err openvpn(ZOOGVPN_US4)[5407]: Options error: You must define TUN/TAP device (--dev)
what's the sentence to see the directory on the rooter the files because i'm not shure than i have a.conf file ?
root@OpenWrt:~# head -n -0 /etc/openvpn/*.conf
head: /etc/openvpn/*.conf: No such file or directory
root@OpenWrt:~# head -n -0 /etc/openvpn/*.*
==> /etc/openvpn/userpass.txt <==
xxxx
xxxx
==> /etc/openvpn/vpnclient.ovpn <==
client
dev tun
proto udp
remote us4.east.zoogvpn.com 1194
cipher AES-256-CBC
auth SHA256
resolv-retry infinite
nobind
persist-key
persist-tun
persist-remote-ip
<ca>
-----BEGIN CERTIFICATE-----
MIIDjTCCAvagAwIBAgIJALBMSxQKBBi6MA0GCSqGSIb3DQEBBQUAMIGMMQswCQYD
VQQGEwJVUzENMAsGA1UECBMEVVRBSDESMBAGA1UEBxMJU2FsdCBMYWtlMQ8wDQYD
VQQKEwZab29nVFYxEjAQBgNVBAsTCUFNRVIxIFZQTjESMBAGA1UEAxMJWm9vZ1RW
IENBMSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QHpvb2d0di5jb20wHhcNMTQwNjA5
MjEyNzU2WhcNMjQwNjA2MjEyNzU2WjCBjDELMAkGA1UEBhMCVVMxDTALBgNVBAgT
BFVUQUgxEjAQBgNVBAcTCVNhbHQgTGFrZTEPMA0GA1UEChMGWm9vZ1RWMRIwEAYD
VQQLEwlBTUVSMSBWUE4xEjAQBgNVBAMTCVpvb2dUViBDQTEhMB8GCSqGSIb3DQEJ
ARYSc3VwcG9ydEB6b29ndHYuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
gQC7kIiPpph0xTYtmdEASddEHxgQVWAeg8gv+AzLEvvmcIHjsO4Rl0x765r7PViE
FDlrE6ShXUoOLxmS7mLj1fOlMPTnTGS5xr37mQmAjWJllLzoncYSuWOhY0tIOAsE
0R2juwyddyZCnu+iqC/MFLKG3ldgA4dOfVwnbMVcdtj+QQIDAQABo4H0MIHxMB0G
A1UdDgQWBBSkH6efW4hbVd5TIBJYrBpMs6/lPjCBwQYDVR0jBIG5MIG2gBSkH6ef
W4hbVd5TIBJYrBpMs6/lPqGBkqSBjzCBjDELMAkGA1UEBhMCVVMxDTALBgNVBAgT
BFVUQUgxEjAQBgNVBAcTCVNhbHQgTGFrZTEPMA0GA1UEChMGWm9vZ1RWMRIwEAYD
VQQLEwlBTUVSMSBWUE4xEjAQBgNVBAMTCVpvb2dUViBDQTEhMB8GCSqGSIb3DQEJ
ARYSc3VwcG9ydEB6b29ndHYuY29tggkAsExLFAoEGLowDAYDVR0TBAUwAwEB/zAN
BgkqhkiG9w0BAQUFAAOBgQAZ/cLbuSDEGZXf+aA5OAQnFmsO4fT8/Gq3B4FMa3mr
Ddi2VQ01tGzCalK4KDHRNAkqcuf5ao4suj8XEqi5fyXgvZwn2Cs+We+epDG7WXUn
sbNy1hhTFbi+3jl3He84KUoulPO6CFYgN44juuN3qjVklioxg+IhGsoHHe7AHPKw
FA==
-----END CERTIFICATE-----
</ca>
fast-io
auth-user-pass
log-append /var/log/openvpn.log
status /var/log/openvpn-status.log
reneg-bytes 0
reneg-sec 0
verb 3
-> There are no .conf files is it the pb ? or the pb it's because there are 2 diferrent name vpnclient.ovpn and ZOOGVPN_US4.ovpn ?
As @mk24 told you, this needs to be 1. You were changing the wrong value.
You don't need to have conf files, you have the ovpn.
Hello,
it was already change 
root@OpenWrt:~# uci show openvpn.ZOOGVPN_US4
openvpn.ZOOGVPN_US4=openvpn
openvpn.ZOOGVPN_US4.config='/etc/openvpn/ZOOGVPN_US4.ovpn'
openvpn.ZOOGVPN_US4.enabled='1'
openvpn.ZOOGVPN_US4.client='1'
openvpn.ZOOGVPN_US4.up_restart='1'
root@OpenWrt:~#
I like to start from scratch
all informations are here : https://openwrt.org/docs/guide-user/services/vpn/openvpn/client ?
Where can i see the log files to show where is the pb ?
Regards
These are your settings
log-append /var/log/openvpn.log
status /var/log/openvpn-status.log
i'm sorry to bother you again, I must be a fish because i don't arrive to the vpn works agains (but i'm shure i understand beter like 1 week and ten reset ago) ...
I try to woorks with 2 ovpn files (zoogvpn_ca1.ovpn;zoogvpn_us4.ovpn) .
I reset again and i do this :
ssh root@192.168.1.1
opkg update
opkg install openvpn-openssl luci-app-openvpn
opkg install libustream-openssl ca-bundle ca-certificates
C:\vpn
λ scp *.ovpn root@192.168.1.1:/etc/openvpn/
zoogvpn_ca1.ovpn 100% 1555 380.7KB/s 00:00
zoogvpn_us4.ovpn 100% 1515 494.7KB/s 00:00
ssh root@192.168.1.1
VPN_PROVIDER=zoogvpn
sed -i "/auth-user-pass/c\auth-user-pass \/etc\/openvpn\/${VPN_PROVIDER}_auth.txt" /etc/openvpn/${VPN_PROVIDER}_*.ovpn
tail -n +1 /etc/openvpn/*.ovpn | grep -E ".ovpn|auth-user-pass"
==> /etc/openvpn/zoogvpn_ca1.ovpn <==
auth-user-pass /etc/openvpn/zoogvpn_auth.txt
==> /etc/openvpn/zoogvpn_us4.ovpn <==
auth-user-pass /etc/openvpn/zoogvpn_auth.txt
touch /etc/openvpn/${VPN_PROVIDER}_auth.txt
echo "my account" > /etc/openvpn/${VPN_PROVIDER}_auth.txt
echo "my password" >> /etc/openvpn/${VPN_PROVIDER}_auth.txt
chmod 400 /etc/openvpn/${VPN_PROVIDER}_auth.txt
# Résultat :
root@OpenWrt:~# cat /etc/openvpn/zoogvpn_auth.txt
my account
my password
ls -l /etc/openvpn/ | grep .ovpn
-rw-r--r-- 1 root root 1545 Jun 18 20:37 zoogvpn_ca1.ovpn
-rw-r--r-- 1 root root 1585 Jun 18 20:37 zoogvpn_us4.ovpn
OPENVPN_LOCATION=ca1
VPN_PROVIDER=zoogvpn
OVPN_INAME="$VPN_PROVIDER"_"$OPENVPN_LOCATION"
uci set openvpn."$OVPN_INAME"=zoogvpn
uci set openvpn."$OVPN_INAME".enabled='1'
uci set openvpn."$OVPN_INAME".config=/etc/openvpn/"$OVPN_INAME".ovpn
uci show openvpn.zoogvpn_ca1
openvpn.zoogvpn_ca1=zoogvpn
openvpn.zoogvpn_ca1.enabled='1'
openvpn.zoogvpn_ca1.config='/etc/openvpn/zoogvpn_ca1.ovpn'
OPENVPN_LOCATION=us4
VPN_PROVIDER=zoogvpn
OVPN_INAME="$VPN_PROVIDER"_"$OPENVPN_LOCATION"
uci set openvpn."$OVPN_INAME"=zoogvpn
uci set openvpn."$OVPN_INAME".enabled='1'
uci set openvpn."$OVPN_INAME".config=/etc/openvpn/"$OVPN_INAME".ovpn
uci show openvpn.zoogvpn_us4
openvpn.zoogvpn_us4=zoogvpn
openvpn.zoogvpn_us4.enabled='1'
openvpn.zoogvpn_us4.config='/etc/openvpn/zoogvpn_us4.ovpn'
uci set network."$VPN_PROVIDER"_vpn=interface
uci set network."$VPN_PROVIDER"_vpn.proto='none'
uci set network."$VPN_PROVIDER"_vpn.ifname='tun0'
uci set network."$VPN_PROVIDER"_vpn.metric='10'
uci show network.zoogvpn_vpn
network.zoogvpn_vpn=interface
network.zoogvpn_vpn.proto='none'
network.zoogvpn_vpn.ifname='tun0'
network.zoogvpn_vpn.metric='10'
uci add firewall zone
uci set firewall.@zone[-1].name='vpn'
uci set firewall.@zone[-1].input='REJECT'
uci set firewall.@zone[-1].output='ACCEPT'
uci set firewall.@zone[-1].forward='REJECT'
uci set firewall.@zone[-1].masq='1'
uci set firewall.@zone[-1].mtu_fix='1'
uci set firewall.@zone[-1].mtu_fix='1'
uci show firewall.@zone[-1]
uci show firewall.@zone[-1]
# firewall.cfg1edc81=zone
# firewall.cfg1edc81.name='vpn'
# firewall.cfg1edc81.input='REJECT'
# firewall.cfg1edc81.output='ACCEPT'
# firewall.cfg1edc81.forward='REJECT'
# firewall.cfg1edc81.masq='1'
# firewall.cfg1edc81.mtu_fix='1'
uci add firewall forwarding
uci set firewall.@forwarding[-1].src='lan'
uci set firewall.@forwarding[-1].dest='vpn'
uci show firewall.@forwarding[-1]
firewall.cfg10ad58=forwarding
firewall.cfg10ad58.src='lan'
firewall.cfg10ad58.dest='vpn'
uci commit
/etc/init.d/firewall reload
/etc/init.d/network restart
/etc/init.d/openvpn restart
I don't understant why it's dos not works the vpn was no created on services, openvpn there only one custum and 2 sample (no zoogvpn_us4 or zoogvpn_ca1.ovpn)
What's i'm doing wrong ?
Best regards
This is wrong. It should be
uci set openvpn."$OVPN_INAME"=openvpn
which along with the others should result in an /etc/config/openvpn file of exactly this:
config openvpn zoogvpn_ca1
option enabled 1
option config '/etc/openvpn/zoogvpn_ca1.ovpn'I really discourage running uci manually, it's meant for GUI or scripts but when you are configuring by hand, editing the /etc/config files directly makes it much easier to understand the big picture.
This config file should at least start an instance of openvpn and have it read your .ovpn file. That will result in a lot of messages in the system log (view using logread) as it starts up and attempts to connect to the zoogvpn server. You really need to look at those messages.