So im setting up own openvpn and am trying to figure out how to use the openvpn on services in openwrt?

Am looking at this and had some progress, but cant seem to figure the (Configure the network on the OpenWrt router) https://wiki.openwrt.org/doc/howto/vpn.openvpn

(Last edited by noviceuserhere on 22 May 2017, 04:42)

From a theory standpoint, the OpenVPN services in OpenWRT create one or more virtual networks that overlay another network or networks. A virtual private network (VPN) cannot, by definition, exist on its own. It always requires an underlying network over which it is laid.

The underlying network can be a physical cabled network (a basic LAN network), a physical wireless network (a basic WLAN network), an Internet- or Intranet-connected network provided to you by a third party (e.g. home broadband connection) or it can be another virtual network, such as an already-active OpenVPN network.

The process in using OpenVPN with OpenWRT always follows these steps:

1) Design the physical network, with LAN and maybe WLAN, and usually some sort of WAN connection as well
2) Implement the physical network using OpenWRT's configuration options: https://wiki.openwrt.org/doc/uci/network
3) Ensure that your physical network works the way you designed in 1). "ping www.google.com" for example

Once this is done, you can move to the OpenVPN side:

1) Design the virtual network that you want to achieve. This is usually the most difficult part
2) Implement the network settings required to achieve the virtual network. For this, you basically use the same tools as for the physical network configuration before
3) Configure the settings required by OpenVPN so it can operate on the virtual network that you just created
4) Test the network connectivity

The Wiki part "Configure the network on the OpenWRT router" is all about 2) above, that is, defining the virtual network settings that OpenVPN is supposed to operate on.

I just dont know how to use the command line that well, would i put all of this (uci set network.vpn0=interface), or just this (set network.vpn0=interface)?

You'd put all of it.

Using the 'uci' program, you begin by issuing a number of 'uci set' commands, and after you are finished, you call 'uci commit' to save your changes.

Look at the "Configuring the network on the OpenWRT router" section in the Wiki. You can see it begins with 'uci set' commands and eventually calls 'uci commit'. After committing the changes, the services are restarted by using the init.d scripts.

If you are unfamiliar with the command-line tools, you can also use 'nano' or 'vi' to modify the configuration files directly, and then use the init.d scripts to restart the services. Please note that editing the files directly carries the risk of making your router inaccessible if there is a syntax or a semantic error in the configuration files. I believe the 'uci' command-line tool might do some kind of validation before committing the changes, but I am not sure. I have not used the tool myself, as I prefer editing the files by hand.

Can you show me how you do it please, to be honest i find this all very confusing. I put all of this in (uci set network.vpn0=interface) and get nothing but this (root@OpenWrt:~#) I think manually will help me better understand it; im using putty and WinSCP btw

When the prompt comes back with no error message, that means the command was accepted and it is ready for another one.
I also prefer to edit files directly, that way you can see all the settings as you make them.

Which file will all this (uci set network.vpn0=interface) be going into, so i know which one to edit?

I believe that all "uci set network"-commands modify the /etc/config/network file. I am not 100% certain, though.

Man i just can't figure this out. Can someone just give a step by step tutorial on this, or guide me via discord?

Since you have written nothing about your network topology or how exactly you want to use OpenVPN services, we have pretty much no way of knowing how we could help you.

Usually there are two ways that ordinary users would want to use OpenVPN on an OpenWRT router:

1) To allow individual remote clients (smartphone, laptop or a desktop PC) to access the router -- and the local network behind the router -- in a secure fashion over the public Internet

2) To connect their local network in a secure fashion to a VPN service provider's remote network over the public Internet

Start by telling which use case you're after, then I can try finding a suitable guide that you can read through.

While I am looking for the guide, you should read through the following documents in the order shown below:
- https://wiki.openwrt.org/doc/uci
- https://wiki.openwrt.org/doc/uci/system
- https://wiki.openwrt.org/doc/uci/network
- https://wiki.openwrt.org/doc/uci/dhcp
- https://wiki.openwrt.org/doc/uci/firewall
- https://wiki.openwrt.org/doc/uci/dropbear
- https://wiki.openwrt.org/doc/uci/wireless

When reading them through, do not just skim through. Set aside a few solid hours so you can carefully read, and understand each and every one.

"1) To allow individual remote clients (smartphone, laptop or a desktop PC) to access the router -- and the local network behind the router -- in a secure fashion over the public Internet"  I want to block traffic going to my other router/isp logging information, etc

For personal reasons, I would tell you but I don't think this site is friendly to this sorta of thing, not that it's that bad.

(Last edited by noviceuserhere on 26 May 2017, 22:09)

It sounds like you want to conceal your traffic from your ISP. Whatever your reasons are for doing so do not matter to me, and I doubt they matter to anyone else reading this forum either. Why would we care?

Just bear in mind that a VPN tunnel is not a magic pill. The VPN service provider, to whose network you create the VPN tunnel, will most likely log and monitor your traffic just as the ISP would. It is a legal security measure to waive their liability if a client engages in activity that is illegal or in the gray zone of legality. Using the log files is their way of stating "It's not us, it's that guy over there. Go blame him."

Anyhow, what you want is the use case #2, so here's a guide for setting up a TAP-based OpenVPN client: https://wiki.openwrt.org/doc/howto/vpn. … penvpn.tap

If you want to use a TUN-based solution instead, just replace the "tap0" device name and tcp protocol with "tun0" device name and udp. Other settings remain as they are.

Good luck!

Yeah I can't figure this shit out for the life of me maybe im an idiot or something, i can read all those links word for word and still not figure it out I need a hands on guide, like a proper youtube video to explain it to me... and i know people will say "then you wont learn anything" But the truth is ill be entitled to research more into it once ive done it all.

I can understand your frustration. I've been there and done that. When I first started using OpenWRT, I did pray for someone to deliver me a hands-on guide to "just get things done".

But then I realized something crucial: if I do not fully understand what I am doing, then if something breaks down, nobody can help me. I cannot take my router to a repair center, give them the cash and have them fix it. When using OpenWRT, there is no such service available.

Anyhow, I recommend looking at the LEDE's documentation as well, at https://lede-project.org/docs/user-guide/start

LEDE is very, very similar to OpenWRT, so the documentation and examples they have apply to OpenWRT to some extent. A key point is that the theory is the same, but the practicalities differ a little bit. Maybe reading through their documentation as well helps you understand the big picture better?