So, if you come across with a router that is really limited on resources and a tiny flash, you may end up that the only option for running OpenVPN is the openvpn-nossl package, but then, you find out that there is close to zero explanations on how to configure OpenVPN in such way.
That's why Im posting this thread, to give some users a glimpse and hopes, these has been my personal experience from different sources, most outside OpenWrt site so I don't know if I'm totally correct or not, or if some steps are not required, so here we go:
Little glimpse I got from: https://subscription.packtpub.com/book/networking-and-servers/9781849510103/1/ch01lvl1sec15/complete-site-to-site-setup
And: https://gist.github.com/ArseniyShestakov/fd2d1ce3331b043042fa
Subject router D-Link DIR-600, Ive installed the packages: openvpn-nossl, luci-app-openvpn
DISCLAMER
This thread is about how I have configured the package openvpn-nossl and how to use it.
This is yet for testing purpose only, I share my experience with others so they don't have to search A LOT of sites about how can you get this package to work and maybe reunite all possible configs for these package to improve it!
These type of configuration present high risks on security manner since the VPN is stablished without any type of security challenge and no encryption at all!
USE IT WITH CAUTION AND AT YOU'RE OWN RISK!
DISCLAMER
And this is my config that has worked some sort of way, with the help of PuTTy or native ssh client:
Edit file: /etc/config/openvpn
config openvpn 'server'
option dev 'tun'
option keepalive '10 60'
option verb '3'
option enabled '1'
option proto 'udp'
option port '8443'
option persist_tun '1'
list push 'route 192.168.1.0 255.255.255.0'
option ifconfig '192.0.0.1 192.0.0.2'
Keep in mind that the local network behind the router is 192.168.1.0/24
Then, go to the web interface to:
VPN > OpenVPN
Name: server
Start/Stop: start
Create the Interface OPENVPN so you can assign it to a new firewall zone as this:
Network > Interface
Name: "OPENVPN"
Adapter: "tun0"
Protocol: "Unmanaged"
Create the firewall zone openvpn as this:
Network > Firewall
Name: "openvpn"
Input: "accept"
output: "accept"
Forward: "accept"
covered networks: "OPENVPN"
Allow forward to destination zones: "lan/wan"
Create the following firewall rule to accept incoming connections:
Network > Firewall > Traffic Rules
Rule "Allow-OpenVPN"
Protocol "TCP/UDP"
Source zone "WAN"
Destination zone "Device (input)"
Destination port "8443"
Action "ACCEPT"
For the client part, create a file client.ovpn:
remote <INTERNET IP OR HOSTNAME OF THE ROUTER>
port 8443
proto udp
nobind
persist-tun
dev tun
dev-type tun
ifconfig 192.0.0.2 192.0.0.1
keepalive 10 60
resolv-retry infinite
verb 3
So, there is my config, hope it helps someone and if you find something incorrect or not needed, help would be appreciated in these matter!
FURTHER NOTE: This configuration maybe a starting point also for another type of configuration of OpenVPN, I've seen some users using server-to-client config for establishing a site-to-site connection that IS NOT intended for that use! Instead this configuration IS part of the site-to-site natively use on OpenVPN, and may be well how Ubiquiti devices manage site-to-site connections, so it could be possible to establish a site-to-site VPN with this config between a Ubiquiti device on one site and a OpenWrt on the other site.