I am not responsible if your devices send you back in time, explodes, implodes, bricks or flies into space from the use of any software I put up.


Monday, September 8, 2014

Enable OpenVPN Tunnel on OpenWrt

This post is about how to enable OpenVPN on OpenWrt Barrier Breaker.
First we need to install openvpn-openssl
opkg update
opkg install openvpn-openssl
Next we will be using the provided ovpn file instead of OpenWRT config.
It is actually the same thing because OpenWrt converts the config file to a file readable by openvpn but using a vendor provided config is more convenient and less error prone.

In this example we have 3 files
  1. The ovpn file provided by your VPN Provider (Netherlands.ovpn)
  2. Password File (Password.txt)
  3. Certificate File (TrustedRoot.pem)
 Lets take a look at the ovpn file
dev tun
proto udp
cipher AES-128-CBC
resolv-retry infinite
ca TrustedRoot.pem
verb 3
auth-user-pass Password.txt
reneg-sec 0

Note that ca refers to the certificate file indicated by TrustedRoot.pem
And auth-user-pass refer to the password file.
If your VPN provider uses TLS you need to provide cert and key.
cert my-server.crt
key my-server.key
For this example it is just username and password
The password file looks like this:
Thats it.

So we upload all 3 files to /etc/openvpn

To start OpenVPN type the below and enter
openvpn --cd /etc/openvpn --daemon --config /etc/openvpn/Netherlands.conf
You should see this in syslog
Sun Sep  7 17:41:35 2014 daemon.notice openvpn[2284]: Initialization Sequence Completed
Next in LuCI

Add a new Interface in this example I call it "hide"

Physical Interface is set to "tun0"
Protocol is "unmanaged"

 Firewall is set to "wan" To make OpenVPN start persistently on boot add this to LuCI startup

That is all! You should be able to see transmit and receive packets on the tun0 interface indicating that it is working.

If you go to http://www.whatismyip.com/ it should tell you that you have another ip of another country origin.

1 comment:

Wilfried Gödert said...

Hi Admin,
i just like to know,
FromWhich base you start. Original TP-Link Firmware to and than which of yours Builds you use at starting point at the moment.

Doyou have experience with the TOR?
What you suggest? How to install additional for example Garyole addon. I do not use it personaly but i was asked about it
with TOR the user told me it is not his interest to be fast. Just to protect the privacy. I know inthisEurope and special Germany a lot of people feel that politicians try to destroy the democracy not respecting their privacy...
I am very interest how the tech szene in Singapore is sensible about this topic.