How to Setup OpenVPN on OpenWRT routers

The following is an example of working config kindly provided by a member of the VanishedVPN community.

In this example config is applied via command line. You should be reasonably tech savvy to be able to complete this, and leave yourself 30 mins > 1 hour to configure and test.

  • Using the Web interface enable NTP and set the timezone, ensure the time on the device is correct.
  • Log into the router using SSH.
  • Install OpenVPN
opkg update
opkg install openvpn-openssl openvpn-easy-rsa luci-app-openvpn openssh-sftp-server
  • Verify the packages/programs wget, scp and kmod-tun are installed, OpenVPN relies on the tun kernel module being installed – In theory opkg should have installed these dependencies.
  • Move the /etc/easy-rsa directory to somewhere else, in case you do an upgrade and overwrite your files.
mkdir /etc/config/openvpn-config
mv /etc/easy-rsa/* /etc/config/openvpn-config/
rm -rf /etc/easy-rsa/
ln -s /etc/config/openvpn-config/ /etc/easy-rsa
rm /etc/config/openvpn_recipes
touch /etc/config/openvpn-config/client.ovpn
  • Create a password file in /etc/openvpn eg usa.txt
  • Put the username and password on two separate lines in the text file
  • Edit the ovpn file from Vanished
  • Add the password filename to the auth-user-pass line, e.g.: auth-user-pass usa.txt
cp usa.ovpn /etc/openvpn
chmod 400 /etc/openvpn/1300WebProDC.txt
  • Create a tun interface for OpenVPN to use
cat >> /etc/config/network << EOF
config interface ‘Vanished_VPN'
    option proto 'none'
    option ifname 'tun0'
EOF

In the web interface add the tunnel interfaces (Tun0) to the Wan Zone 

Select Ovpn File

Then Select WAN for the Zone 

Select Ovpn File
  • Save and Exit
  • Go to System->Startup
  • In the system startup command put
openvpn --cd /etc/openvpn --config /etc/openvpn/usa.ovpn
  • Save and exit
  • Reboot the router

——
Here is copies of some of our configs:
/etc/openvpn/usa.ovpn ——client

nobind

dev tun1

comp-lzo no

auth-user-pass usa.txt

resolv-retry infinite

persist-key

persist-tun

reneg-sec 0

verb 3

proto udp

tun-mtu 1200

remote usa.vanishedvpn.com 1194 udp

route-nopull 

script-security 2 

up /etc/openvpn/usa-up.sh

<ca>

—–BEGIN CERTIFICATE—–

MIIDNTCCAh2gAwIBAgIJAMQa+rPdk6lHMA0GCSqGSIb3DQEBCwUAMBYxFDASBgNV

BAMMC1ZhbmlzaGVkVlBOMB4XDTE2MTAyNzA3NTQwN1oXDTI2MTAyNTA3NTQwN1ow

FjEUMBIGA1UEAwwLVmFuaXNoZWRWUE4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw

ggEKAoIBAQCarKifraPvg94Bfiy5EcHYnpAG6sUwvf4nH9YXQXXaNjz3uqRI+Pzs

03Z94ApLkzZm0jC1SyFbY6JxbqF5N87nw7PuWumamwr0VIOiu5ZeDgRMuxu5QK+c

w8AzrmZruPMdWIxUl5I9akC0Aucm1AcK0P3Ksd1VHWzox/ixJz42zJ0sTeIHjarp

IHsczCWc4VFk2K1D43F/HG9IXGusumwbOvY1HMQ/2qgN2q3FIuS9imLv0etApqMp

C4tDPQC5YWQSMhr0N2zjB5gsIgac5v+OIIr5VwLBTnmXYmCMfxG6E4TDQX3axc1x

Y0vB0w3r74u38iz2MNLF7xfH+/DY3N1fAgMBAAGjgYUwgYIwHQYDVR0OBBYEFJxs

VLWgp+toUyDtYNU9fmgyXyOEMEYGA1UdIwQ/MD2AFJxsVLWgp+toUyDtYNU9fmgy

XyOEoRqkGDAWMRQwEgYDVQQDDAtWYW5pc2hlZFZQToIJAMQa+rPdk6lHMAwGA1Ud

EwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQCJUHg1wrH2

X9AQGed2MJe02TKG3qnYQlHpAo0TnveyEBr0eEP5wsI4YvrMSw+NJL4jq/KYXmPJ

DARTJjDKRx/GxLm51AQRZJSFWQ00QxQ3mXskPZOsWN6pv13EUvxUdJ3f8N4kEIDA

rQ/+ssSxJuyFKIOp2Lyhc22oGfhwYp8CXbFkNRCCyQNk+MuKlZP8wFV46lewDysN

mh8lKCdHihyT6bdsOPG0jKQCB/y3jNBoscdpEHOdkQYFlW6Hd8xixP0e5yejVJXz

K9WyBPQXrswv0/3Blbv/BCFpIN5ObGnfLx2qO3S27uzNfVjWCTaWH85LkksiiTBY

1GmsvVD/8aCt

—–END CERTIFICATE—–

——

/etc/config/network 

——

config interface ‘Vanished_USA’

option proto ‘none’

option ifname ‘tun1’

option defaultroute ‘0’

option mtu ‘1200’

——

Our startup script:

——

#!/bin/ash

logger “OVPN: ifconfig_remote = $ifconfig_remote”

logger “OVPN: ifconfig_local = $ifconfig_local”

logger “OVPN: trusted_ip = $trusted_ip”

table=100

rule=”rule add from 10.1.2.0/24 priority 10 table $table”

route=”route add 10.1.2.0/24 dev $dev table $table”

route2=”route add default via $ifconfig_local dev $dev table $table”

logger “OVPN: ip $route”

logger “OVPN: ip $route2”

logger “OVPN: ip $rule”

ip $rule

ip $route

ip $route2

iptable1=”-I FORWARD -o $dev -j ACCEPT”

iptable2=”-t nat -I POSTROUTING -o $dev -j MASQUERADE”

iptable3=”-I FORWARD -i br-vanished -o eth0 -j ACCEPT”

logger “OVPN: iptables $iptable1”

logger “OVPN: iptables $iptable2”

logger “OVPN: iptables $iptable3”

iptables $iptable1

iptables $iptable2

iptables $iptable3

flush=”route flush cache”

logger “OVPN: ip $flush”

ip $flush

——

VanishedVPN Support

7-day money-back guarantee

Give VanishedVPN a test drive. All plans are fully refundable, no questions asked.

Get Vanished VPN