Disclaimer

I am not responsible if your devices send you back in time, explodes, implodes, bricks or flies into space from the use of any software I put up.

Search

Loading...

Monday, September 8, 2014

Enable OpenVPN Tunnel on OpenWrt

This post is about how to enable OpenVPN on OpenWrt Barrier Breaker.
First we need to install openvpn-openssl
opkg update
opkg install openvpn-openssl
Next we will be using the provided ovpn file instead of OpenWRT config.
It is actually the same thing because OpenWrt converts the config file to a file readable by openvpn but using a vendor provided config is more convenient and less error prone.

In this example we have 3 files
  1. The ovpn file provided by your VPN Provider (Netherlands.ovpn)
  2. Password File (Password.txt)
  3. Certificate File (TrustedRoot.pem)
 Lets take a look at the ovpn file
client
dev tun
proto udp
remote XX.XXX.XX XXXX
cipher AES-128-CBC
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
ca TrustedRoot.pem
verb 3
auth-user-pass Password.txt
reneg-sec 0

Note that ca refers to the certificate file indicated by TrustedRoot.pem
And auth-user-pass refer to the password file.
If your VPN provider uses TLS you need to provide cert and key.
cert my-server.crt
key my-server.key
For this example it is just username and password
The password file looks like this:
username
password
Thats it.

So we upload all 3 files to /etc/openvpn

To start OpenVPN type the below and enter
openvpn --cd /etc/openvpn --daemon --config /etc/openvpn/Netherlands.conf
You should see this in syslog
Sun Sep  7 17:41:35 2014 daemon.notice openvpn[2284]: Initialization Sequence Completed
Next in LuCI

Add a new Interface in this example I call it "hide"


Physical Interface is set to "tun0"
Protocol is "unmanaged"


 Firewall is set to "wan" To make OpenVPN start persistently on boot add this to LuCI startup



That is all! You should be able to see transmit and receive packets on the tun0 interface indicating that it is working.

If you go to http://www.whatismyip.com/ it should tell you that you have another ip of another country origin.