TP-Link Archer C7 v4 - Trying to get OpenVPN on the router as well as my iPhone

GUINNESS · January 15, 2023, 9:41pm

Sorry, it is late ...
How do I restart the FW?

psherman · January 15, 2023, 9:42pm

If you deleted from the web interface, the firewall restarts when you hit save & apply. If you used command line methods, then you want to issue the following command

/etc/init.d/firewall restart

GUINNESS · January 15, 2023, 9:43pm

Done but when I tried the app on my iPhone ... Connection Timeout

psherman · January 15, 2023, 9:45pm

Ok... so lots more to check.... let's now look at your client config.

EDIT: before that, let's verify that your WAN IP is a public IP.

Please check the LuCI web interface main status page -- find the "IPv4 upstream" section and make a note of the IP address shown there.
Then google "what's my IP"
Do the results match? If in doubt, post the first two octets of the IP address (in bold aaa.bbb.ccc.ddd)

GUINNESS · January 15, 2023, 9:51pm

I am using NOIP, so my public address can be kept static
Wrong words but I am sure you know what I mean
My iPhone is set to connect to my NOIP 'name'

GUINNESS · January 15, 2023, 9:52pm

I need to go to bed shortly but happy to continue later if you are ?

psherman · January 15, 2023, 9:53pm

That's fine (and the recommended method for setting this up), but we must make sure you have a true public IP on the WAN of your OpenWrt router -- the results from the ddns services can be misleading at times.

GUINNESS · January 15, 2023, 9:54pm

Yes, they do

psherman · January 15, 2023, 9:55pm

Great. Next thing is to post your client config file. You can do this whenever you have time.

GUINNESS · January 15, 2023, 9:57pm

Will do.
Thank you so much for taking the interest!
Speak soon!!!!

GUINNESS · January 16, 2023, 4:33am

Ahhh , that might be the issue!
On my laptop, as well as my iPhone, I am trying to connect to my DNS name but the .ovpn profile is empty
So, I think the question is
"How do I export the 'info' from OpenWRT to the Laptop/iPhone?"

psherman · January 16, 2023, 4:49am

Empty? What is specifically is in there and what is missing?

You need to create certs/keys for each of the clients, create a openvpn client config file and then distribute those -- have you already done that? Is it just a matter of copying the files out?

Did you follow the directions in the OpenVPN tutorial?

Alternatively, Wireguard is quite a lot easier to configure, and it is also much more performant.

GUINNESS · January 16, 2023, 4:54am

Would you recommend ditching OpenVPN is using Wireguard then?
To be clear ... I am trying to access my NAS remotely on my iPhone. I used to use FileBrowser, but it is insecure
If i can VPN into my network, i can then use FileBrowser in 'local' mode

psherman · January 16, 2023, 5:11am

Yes. Wireguard is really a lot easier.

GUINNESS · January 16, 2023, 5:43am

OK, sure,
I will uninstall teh OpenVPN stuff and go the Wireguard route
TiA!

GUINNESS · January 16, 2023, 6:02pm

OK ...
Wireguard is "in the router"
Not sure what to do next - been a long day!!!

psherman · January 16, 2023, 6:10pm

The info should all be in the link I provided above (specifically the road warrior scenario)... did you go through that tutorial? Did you have any issues with or questions about the process?

GUINNESS · January 16, 2023, 7:02pm

Let me try that again ... bare with me

GUINNESS · February 16, 2023, 11:39am

I tried the tutorial but got lost @ line one
Is there an idiots guide?

GUINNESS · February 16, 2023, 2:12pm

I found this guide and it all "made sense to me" ...

Didnt work though
haha