1 (edited by Nikotine 2013-03-21 00:21:35)

Topic: OpenVPN client setup

Hi,

Can someone please point me to a guide to configure OpenWRT as an OpenVPN client. Preferably with screenshots of how Luci should look. I've read several articles on the wiki, but most of them refer to an obsolete luci openvpn package, or talk about configuring a VPN server instead of client. Sometimes a new interface needs to be created, sometimes just some firewall rules... I'm lost.

I'd like to use Mullvad as a VPN provider. I have uploaded the key, conf, ovpn and crt files to root.

I would also like to only assign one LAN IP address to the VPN, the other IP's should not use the VPN. Is that possible?

Re: OpenVPN client setup

for a client, all you need to do is open the appropriate port
http://wiki.openwrt.org/doc/howto/vpn.server.openvpn.tun?s%5B%5D=openvpn&s%5B%5D=client

Re: OpenVPN client setup

Maybe I'm using the wrong terminology, but isn't that page about setting OpenWRT as a VPN server? I need OpenWRT to connect to an external VPN server (Mullvad) and tunnel only traffic from one lan IP.

Re: OpenVPN client setup

Anyone, please?

I noticed that I might have posted this in the wrong section, this not being a Howto...

5 (edited by Nikotine 2013-03-21 00:43:52)

Re: OpenVPN client setup

So I've been messing around and have a VPN connection running!
All wiki's or how-to's I found were just utter crap, so for future reference and anyone else having trouble with it, this is what I did:

- Install the OpenVPN package
- upload your key, conf and crt files to /etc/openvpn
- If needed, edit the conf file to your liking
- SSH into your OpenWRT using putty (root) and cd into /etc/openvpn
- openvpn --config mullvad.conf (replace with your conf file name)
- If you get the message "Initialization Sequence Completed", openvpn is running, but you'll notice you don't have internet access
- Go to Network > Interfaces and make a new Interface
- Name it vpn_interface, choose protocol 'unmanaged' and select tun0 as the covered interface (this one's new after you've started openvpn)
- Assign this interface to the wan firewall zone
- We want openvpn to start when the router boots, so go to System > Startup and at the bottom put this

# Put your custom commands here that should be executed once
# the system init finished. By default this file does nothing.

/usr/sbin/openvpn --cd /etc/openvpn --daemon --config /etc/openvpn/mullvad.conf &

exit 0

and hit submit.
All of the guides I found had different rc.local scripts. This is the only one that works.
- reboot the router, the VPN will connect, you will have internet access, check your ip at http://whatismyipaddress.com/.

My interfaces look like this:
http://img546.imageshack.us/img546/4857/interfaces.png

My firewall looks like this:
http://imageshack.us/a/img203/9541/firewall.png

6 (edited by Nikotine 2013-03-21 02:02:16)

Re: OpenVPN client setup

Last remaining issue is that I want to use the VPN for only one of the LAN ip addresses. How can I obtain this?
So only 192.168.1.3 should use VPN, all other LAN ip addresses must use the standard ISP WAN.

Re: OpenVPN client setup

Hi guys, I need your advice here. Can you please help?

Re: OpenVPN client setup

No one, really?

Re: OpenVPN client setup

You are asking in the wrong part of the Forum.
You should post Documentation and HOWTO's here and not ask for help or questions.

That could be the reason why you don't get answers.

Re: OpenVPN client setup

Yeah, I've noticed this above, a few posts ago. Anyone cares to move it before I double post?

Re: OpenVPN client setup

I'm stuck here Nikotine:

"- upload your key, conf and crt files to /etc/openvpn"

I have two VPN providers, VyprVPN from Giganews and Private Internet Access.

I can only find the crt file, there's no config file and key on the data folder of both software.
Each provider uses their own installer based on openVPN.

Do you have any idea what can be done?

Re: OpenVPN client setup

ok, found a tutorial here:

https://code.google.com/p/rt-n56u/issues/detail?id=39

And I managed to go up to here:
http://imgur.com/YoG8fm5

I can enjoy internet but it's not passing through the vpn.
I'm getting my own IP

13 (edited by Nikotine 2013-04-05 23:33:57)

Re: OpenVPN client setup

Can you post what you get when you do 'route -n' in terminal? And a copy of your vpn configuration file.
You can find some screenshots from within Luci of my current setup in this topic https://forum.openwrt.org/viewtopic.php?pid=197419
I guess you haven't setup the firewall rules correctly. Don't look at the screenshot above, look at the ones in the other topic.

Re: OpenVPN client setup

I got the vpn connected and all traffic routed through it using this guide: http://wiki.hidemyass.com/OpenWRT_OpenVPN_Setup
The hard part was to actually stop all my traffic going through it...

Re: OpenVPN client setup

Here:

You can check how's the connection is starting and the route in terminal:

http://i.imgur.com/iytTduJ.jpg

http://i.imgur.com/FF9cZk3.jpg

http://i.imgur.com/5Ym0K5e.jpg

Re: OpenVPN client setup

It Worked!!

Re: OpenVPN client setup

i have done this, but still no internet?

Re: OpenVPN client setup

its import to keep the order in line wink

Re: OpenVPN client setup

@openwrt438 does this mean you are up and running?

Re: OpenVPN client setup

robthebrew wrote:

@openwrt438 does this mean you are up and running?

yes sir! but i had to add some dns forwardings

i wanted to say: its important to keep the order in line wink

21

Re: OpenVPN client setup

Nikotine wrote:

So I've been messing around and have a VPN connection running!
All wiki's or how-to's I found were just utter crap, so for future reference and anyone else having trouble with it, this is what I did:

Just created an account for this forum to say one thing:
You are my HERO!

I spent hours trying several manuals, which all had their own issues. Your manual worked out of the box!

Re: OpenVPN client setup

Nikotine wrote:

So I've been messing around and have a VPN connection running!
All wiki's or how-to's I found were just utter crap, so for future reference and anyone else having trouble with it, this is what I did:

Thanks for posting this! I was also scratching my head for hours until I read your post. It helped me configure my TP-Link WR703n (SLBoat mod) to act as a Universal Repeater and Wireless Client Bridge over routed OpenVPN tunnel. I basically replaced your br-wan with a Wifi-Client and added a startup script that monitors the routes and fixes them whenever OpenVPN restarts or the Wifi-Client reconnects. Awesome :-)

-PG

23 (edited by jigglywiggly 2014-01-31 09:00:12)

Re: OpenVPN client setup

I followed that guide, except all my traffic is going through the vpn now. I do not want that, it ignores the gateway metric for some reason.


Edit: add route-nopull to the end of your config


To get the rest of my traffic configured I just use mwan3.

For me

client
dev tun
proto udp
remote 198.23.71.93 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
tls-client
remote-cert-tls server
auth-user-pass vyprvpn.pas
verb 1
reneg-sec 0
route-nopull

Re: OpenVPN client setup

Not in reply to anyone in particular...

SOLVED!  Kind of...  *** my notes included, based on experience with StrongVPN, installing OpenVPN, on OpenWRT, with a WD N750 Router ***

So I've been messing around and have a VPN connection running!
All wiki's or how-to's I found were just utter crap, so for future reference and anyone else having trouble with it, this is what I did:
- Install the OpenVPN package
***  NOTE THE PACKAGE NAMES CHANGE, SO JUST SEARCH FOR OpenVPN  ***
- upload your key, conf and crt files to /etc/openvpn
***  For StrongVPN, have them e-mail the openvpn setup files to you in a zip file.  Unzip the files, copy ALL to /etc/openvpn ***
- If needed, edit the conf file to your liking
***  For StrongVPN, the conf file ends in something like .ovpn.  I suggest you copy the file or just change the extension to .conf  ***
- SSH into your OpenWRT using putty (root) and cd into /etc/openvpn
- openvpn --config mullvad.conf (replace with your conf file name)
- If you get the message "Initialization Sequence Completed", openvpn is running, but you'll notice you don't have internet access
***  If you are connecting to StrongVPN and get a "exit" error, edit the .conf file to DELETE the line that includes the wording of the exit error.  ***
- Go to Network > Interfaces and make a new Interface
- Name it vpn_interface, choose protocol 'unmanaged' and select tun0 as the covered interface (this one's new after you've started openvpn)
- Assign this interface to the wan firewall zone
- We want openvpn to start when the router boots, so go to System > Startup and at the bottom put this
# Put your custom commands here that should be executed once
# the system init finished. By default this file does nothing.

/usr/sbin/openvpn --cd /etc/openvpn --daemon --config /etc/openvpn/mullvad.conf &

exit 0
and hit submit.
All of the guides I found had different rc.local scripts. This is the only one that works.
- reboot the router, the VPN will connect, you will have internet access, check your ip at http://whatismyipaddress.com/.

The above procedure WORKS!  But...
Here is "the catch".  If your router cost less than about $1,000 USD in (February, 2014 Internet prices)...
It's probably not going to work very well.

The problem is, bandwidth is limited by the (single-threaded) CPU speed of the router.  If you've got a really high-end router, you will maybe hit 5M download speed.  This is because routers generally use CPUs with clock speed below 1GHz.
To get a decent VPN connection using OpenVPN, your CPU (in the ROUTER, not talking about your computer!) will need to be about 2.5GHz or faster...(and number of cores does not matter). 

If you are like me and sitting on a really fast synchronous fiber connection...and you have found this topic while trying to figure out how to get openvpn running on a router...

You might want to do some research on pfsense