StartGuidesOpenWrt

Guide to install OpenVPN for OpenWrt

1. Choose how you want to connect to OVPN

2. Install OpenVPN on your router

First, connect to LUCI (the interface on your router) by going through your browser. By default, your router should have the IP address 192.168.1.1.

Login as root using your normal password for the router. Navigate to SystemSoftware and click on Update lists

Under Download and install package, search for luci-app-openvpn, openvpn-easy-rsa and openvpn-openssl. Press OK on each of them to download and install them.

3. Configure OVPN

Navigate to ServicesOpenVPN.

Type in the name of the OpenVPN instance (eg. OVPN). Select Client configuration for a router multi-client VPN and click Add.

Click on Switch to advanced configuration. Note the new sub category of menu items: Service, Networking, VPN and Cryptography.

3.1 Configuration category: Service

On the Service tab, leave everything as-is.

3.2 Configuration category: Networking

Navigate to Networking. Make sure the settings are as followed:

float Should be selected
nobind Should be selected
dev tun
tun_ipv6 Should not be selected
ifconfig_noexec Should not be selected
ifconfig_nowarn Should not be selected
route_noexec Should not be selected
route_nopull Should not be selected
mtu_test Should not be selected
comp_lzo yes
ping_timer_rem Should not be selected
persist_tun Should be selected
persist_key Should be selected
persist_local_ip Should not be selected
persist_remote_ip Should not be selected
management_query_password Should not be selected
management_hold Should not be selected

3.3 Configuration category: VPN

Navigate to VPN.

Click on the dropdown that says -- Additional Field-- at the bottom of the page. Select auth_user_pass and click on Add.

Click on the dropdown again and select proto. Click on Add.

Make sure the settings are as followed:

3.4 Configuration category: Cryptography

Navigate to Cryptography.

Click on the dropdown that says -- Additional Field-- at the bottom of the page. Select auth, cipher, ca and tls_auth. Click on Add for each option.

Make sure the settings are as followed:

auth SHA1
cipher AES-256-GCM
no_replay Should not be selected
mute_replay_warnings Should be selected
no_iv Should not be selected
tls_client Should be selected
ca Download and import this file
reneg_sec 0
single_session Should not be selected
tls_exit Should not be selected
tls_auth /etc/openvpn/ovpn-tls.key
auth_nocache Should not be selected
remote_cert_tls server

Click Save & Apply

4. Configure the interface

Navigate to NetworkingInterfaces. Click on Add new interface.

Make sure the settings are as followed:

Name of the new interface OVPN
Protocol of the new interface Unmanaged
Cover the following interface Custom interface: tun0

Click Submit

Navigate to Advanced Settings. Make sure the settings are as followed:

Bring up on boot Should be selected
Use bultin IPv6-management Should be selected

Navigate to Firewall Settings.

In the field unspecified -or- create field, write: ovpn_fw.

Click Save & Apply

5. Configure the firewall

Navigate to NetworkingFirewall. Find ovpn_fw in the list of interfaces and click on Edit.

Make sure the settings are as followed:

Input reject
Output accept
Forward reject
Masquerading Should be selected
MSS clamping Should be selected
Covered networks Should be selected OVPN

Scroll down to Inter-Zone Forwarding. Select Allow forward from source zones: lan

Click Save & Apply

6. SSH

Connect to your router through SSH. On Linux and OSX you can use Terminal by typing ssh root@ip_address, where ip_address is the IP address of your router. Once you have connected to your router, enter your password. On Windows you can connect by using the program Putty.

Once you are connected and logged into your router, type:

You must be logged in to see this.

7. Connect to OVPN

Go back to LUCI (the interface on your router) by going through your browser. Navigate to ServicesOpenVPN.

Make sure Enabled is selected for the OVPN profile and then click on Save & Apply. Click Start.

After a few seconds connection should be established. If you successfully connected to the server, you should see the following:

8. Finished

You should now be connected to OVPN and be able to browse the internet safely. To make sure everything was set up correctly, please check the dashboard to verify that you are connected.