This documentation was created from the topic in the LEDE Forum at https://forum.lede-project.org/t/solved-lede-openwrt-torguard-vpn-setup It needs successful testing before declaring it complete and removing this comment.
If you follow this tutorial and it works for you, please post in the forum to confirm that it worked.
TorGuard VPN is a commercial VPN/Proxy server provider. You pay them to provide a VPN server (using openVPN and others) with a public IP address so you can connect your devices no matter where they are, and also offers dedicated applications for mobile devices.
Their focus is on anonymity, and provide various features to increase the anonimity of their users on the Internet.
On their site they claim to use technologies to make their VPN look like normal HTTP traffic for DPI (deep packet inspection) firewalls that would otherwise be able to detect and block normal VPN traffic. For example the so called Great Firewall of China, a state-run Chinese firewall that filters the access to the rest of the Internet.
According to their FAQ, “Tor” in TorGuard relates to “torrents” and guarding one’s privacy when using bitorrent.
Torguard is not related in any way to the Tor project nor uses the Tor network.
It appears that the original tutorial posted in the forums comes from email exchanges with the Torguard VPN customer support staff.
This tutorial requires you to connect with ssh to the router to configure it.
opkg update ; opkg install openvpn-openssl nano
nano /etc/config/openvpnto open the file for editing
mkdir -p /etc/openvpn/torguard
wget --no-check-certificate -P /etc/openvpn/torguard https://torguard.net/downloads/ta.key wget --no-check-certificate -P /etc/openvpn/torguard https://torguard.net/downloads/ca.crt
chmod 0777 /etc/openvpn/torguard/ta.key chmod 0777 /etc/openvpn/torguard/ca.crt chmod 0400 /etc/openvpn/torguard/userpass.txt
There are two alternative methods available in order to create the necessary openvpn network interface and complimentary firewall rules. This part will be done with ssh command line. Part 2b will do the same operations by using Luci web interface instead.
uci set network.myvpnc=interface uci set network.myvpnc.proto=none uci set network.myvpnc.ifname=tun0 uci commit network
uci add firewall zone uci set firewall.@zone[-1]=zone uci set firewall.@zone[-1].name=myvpnc_fw uci set firewall.@zone[-1].network=myvpnc uci set firewall.@zone[-1].input=REJECT uci set firewall.@zone[-1].output=ACCEPT uci set firewall.@zone[-1].forward=REJECT uci set firewall.@zone[-1].masq=1 uci set firewall.@zone[-1].mtu_fix=1 uci add firewall forwarding uci set firewall.@forwarding[-1]=forwarding uci set firewall.@forwarding[-1].src=lan uci set firewall.@forwarding[-1].dest=myvpnc_fw uci commit firewall
There are two alternative methods available in order to create the necessary openvpn network interface and complimentary firewall rules. This part will be done with Luci web interface . Part 2a will do the same operations by using ssh command line instead.
In Luci Gui go to System > Software, do update of package lists.
Then install luci-app-openvpn
Sample of a working /etc/config/openvpn config file - adjust yours as you see fit but stick with the config from https://torguard.net/tgconf.php?action=vpn-openvpnconfig as your basic guide -
config openvpn 'TorGuard_AES256GCM_SHA256' option client '1' option dev 'tun' option proto 'udp' option resolv_retry 'infinite' option nobind '1' option persist_key '1' option persist_tun '1' option ca '/etc/openvpn/torguard/ca.crt' option remote_cert_tls 'server' option tls_auth '/etc/openvpn/torguard/ta.key 1' option cipher 'AES-256-GCM' option comp_lzo 'adaptive' option verb '4' option fast_io '1' option auth_user_pass '/etc/openvpn/torguard/userpass.txt' option remote_random '0' option auth 'SHA256' option reneg_sec '0' option port '1195' list remote 'ny.east.usa.torguardvpnaccess.com' option sndbuf '393216' option rcvbuf '393216' option enabled '1' option keepalive '10 120' option auth_nocache '1' option tls_client '1' option setenv 'CLIENT_CERT 0' option tls_version_min '1.2' option tls_cipher 'TLS-DHE-RSA-WITH-AES-256-GCM-SHA384' option ncp_ciphers 'AES-256-GCM:AES-128-GCM' option tun_mtu '1500' option tun_mtu_extra '32' option ncp_disable '1' option engine 'dynamic' option mute_replay_warnings '1' option disable_occ '1' option keysize '256' option mssfix '1450' option script_security '2' option reneg_bytes '1073741824' option mute '20' option pull '1' option log '/tmp/openvpn.log'