OpenWrt Forum Archive

Topic: OpenVPN client setup

The content of this topic has been archived on 16 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Hi,

Can someone please point me to a guide to configure OpenWRT as an OpenVPN client. Preferably with screenshots of how Luci should look. I've read several articles on the wiki, but most of them refer to an obsolete luci openvpn package, or talk about configuring a VPN server instead of client. Sometimes a new interface needs to be created, sometimes just some firewall rules... I'm lost.

I'd like to use Mullvad as a VPN provider. I have uploaded the key, conf, ovpn and crt files to root.

I would also like to only assign one LAN IP address to the VPN, the other IP's should not use the VPN. Is that possible?

(Last edited by Nikotine on 21 Mar 2013, 00:21)

Maybe I'm using the wrong terminology, but isn't that page about setting OpenWRT as a VPN server? I need OpenWRT to connect to an external VPN server (Mullvad) and tunnel only traffic from one lan IP.

Anyone, please?

I noticed that I might have posted this in the wrong section, this not being a Howto...

So I've been messing around and have a VPN connection running!
All wiki's or how-to's I found were just utter crap, so for future reference and anyone else having trouble with it, this is what I did:

- Install the OpenVPN package
- upload your key, conf and crt files to /etc/openvpn
- If needed, edit the conf file to your liking
- SSH into your OpenWRT using putty (root) and cd into /etc/openvpn
- openvpn --config mullvad.conf (replace with your conf file name)
- If you get the message "Initialization Sequence Completed", openvpn is running, but you'll notice you don't have internet access
- Go to Network > Interfaces and make a new Interface
- Name it vpn_interface, choose protocol 'unmanaged' and select tun0 as the covered interface (this one's new after you've started openvpn)
- Assign this interface to the wan firewall zone
- We want openvpn to start when the router boots, so go to System > Startup and at the bottom put this

# Put your custom commands here that should be executed once
# the system init finished. By default this file does nothing.

/usr/sbin/openvpn --cd /etc/openvpn --daemon --config /etc/openvpn/mullvad.conf &

exit 0

and hit submit.
All of the guides I found had different rc.local scripts. This is the only one that works.
- reboot the router, the VPN will connect, you will have internet access, check your ip at http://whatismyipaddress.com/.

My interfaces look like this:
http://img546.imageshack.us/img546/4857/interfaces.png

My firewall looks like this:
http://imageshack.us/a/img203/9541/firewall.png

(Last edited by Nikotine on 21 Mar 2013, 00:43)

Last remaining issue is that I want to use the VPN for only one of the LAN ip addresses. How can I obtain this?
So only 192.168.1.3 should use VPN, all other LAN ip addresses must use the standard ISP WAN.

(Last edited by Nikotine on 21 Mar 2013, 02:02)

Hi guys, I need your advice here. Can you please help?

No one, really?

You are asking in the wrong part of the Forum.
You should post Documentation and HOWTO's here and not ask for help or questions.

That could be the reason why you don't get answers.

Yeah, I've noticed this above, a few posts ago. Anyone cares to move it before I double post?

I'm stuck here Nikotine:

"- upload your key, conf and crt files to /etc/openvpn"

I have two VPN providers, VyprVPN from Giganews and Private Internet Access.

I can only find the crt file, there's no config file and key on the data folder of both software.
Each provider uses their own installer based on openVPN.

Do you have any idea what can be done?

Can you post what you get when you do 'route -n' in terminal? And a copy of your vpn configuration file.
You can find some screenshots from within Luci of my current setup in this topic https://forum.openwrt.org/viewtopic.php?pid=197419
I guess you haven't setup the firewall rules correctly. Don't look at the screenshot above, look at the ones in the other topic.

(Last edited by Nikotine on 5 Apr 2013, 23:33)

It Worked!!

i have done this, but still no internet?

its import to keep the order in line wink

@openwrt438 does this mean you are up and running?

robthebrew wrote:

@openwrt438 does this mean you are up and running?

yes sir! but i had to add some dns forwardings

i wanted to say: its important to keep the order in line wink

Nikotine wrote:

So I've been messing around and have a VPN connection running!
All wiki's or how-to's I found were just utter crap, so for future reference and anyone else having trouble with it, this is what I did:

Just created an account for this forum to say one thing:
You are my HERO!

I spent hours trying several manuals, which all had their own issues. Your manual worked out of the box!

Nikotine wrote:

So I've been messing around and have a VPN connection running!
All wiki's or how-to's I found were just utter crap, so for future reference and anyone else having trouble with it, this is what I did:

Thanks for posting this! I was also scratching my head for hours until I read your post. It helped me configure my TP-Link WR703n (SLBoat mod) to act as a Universal Repeater and Wireless Client Bridge over routed OpenVPN tunnel. I basically replaced your br-wan with a Wifi-Client and added a startup script that monitors the routes and fixes them whenever OpenVPN restarts or the Wifi-Client reconnects. Awesome :-)

-PG

I followed that guide, except all my traffic is going through the vpn now. I do not want that, it ignores the gateway metric for some reason.


Edit: add route-nopull to the end of your config


To get the rest of my traffic configured I just use mwan3.

For me

client
dev tun
proto udp
remote 198.23.71.93 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
tls-client
remote-cert-tls server
auth-user-pass vyprvpn.pas
verb 1
reneg-sec 0
route-nopull

(Last edited by jigglywiggly on 31 Jan 2014, 09:00)

Not in reply to anyone in particular...

SOLVED!  Kind of...  *** my notes included, based on experience with StrongVPN, installing OpenVPN, on OpenWRT, with a WD N750 Router ***

So I've been messing around and have a VPN connection running!
All wiki's or how-to's I found were just utter crap, so for future reference and anyone else having trouble with it, this is what I did:
- Install the OpenVPN package
***  NOTE THE PACKAGE NAMES CHANGE, SO JUST SEARCH FOR OpenVPN  ***
- upload your key, conf and crt files to /etc/openvpn
***  For StrongVPN, have them e-mail the openvpn setup files to you in a zip file.  Unzip the files, copy ALL to /etc/openvpn ***
- If needed, edit the conf file to your liking
***  For StrongVPN, the conf file ends in something like .ovpn.  I suggest you copy the file or just change the extension to .conf  ***
- SSH into your OpenWRT using putty (root) and cd into /etc/openvpn
- openvpn --config mullvad.conf (replace with your conf file name)
- If you get the message "Initialization Sequence Completed", openvpn is running, but you'll notice you don't have internet access
***  If you are connecting to StrongVPN and get a "exit" error, edit the .conf file to DELETE the line that includes the wording of the exit error.  ***
- Go to Network > Interfaces and make a new Interface
- Name it vpn_interface, choose protocol 'unmanaged' and select tun0 as the covered interface (this one's new after you've started openvpn)
- Assign this interface to the wan firewall zone
- We want openvpn to start when the router boots, so go to System > Startup and at the bottom put this
# Put your custom commands here that should be executed once
# the system init finished. By default this file does nothing.

/usr/sbin/openvpn --cd /etc/openvpn --daemon --config /etc/openvpn/mullvad.conf &

exit 0
and hit submit.
All of the guides I found had different rc.local scripts. This is the only one that works.
- reboot the router, the VPN will connect, you will have internet access, check your ip at http://whatismyipaddress.com/.

The above procedure WORKS!  But...
Here is "the catch".  If your router cost less than about $1,000 USD in (February, 2014 Internet prices)...
It's probably not going to work very well.

The problem is, bandwidth is limited by the (single-threaded) CPU speed of the router.  If you've got a really high-end router, you will maybe hit 5M download speed.  This is because routers generally use CPUs with clock speed below 1GHz.
To get a decent VPN connection using OpenVPN, your CPU (in the ROUTER, not talking about your computer!) will need to be about 2.5GHz or faster...(and number of cores does not matter). 

If you are like me and sitting on a really fast synchronous fiber connection...and you have found this topic while trying to figure out how to get openvpn running on a router...

You might want to do some research on pfsense

The discussion might have continued from here.