User Tools

Site Tools


docs:guide-user:services:vpn:openvpn.torguard

Torguard VPN Setup

This documentation was created from the topic in the LEDE Forum at https://forum.lede-project.org/t/solved-lede-openwrt-torguard-vpn-setup It needs successful testing before declaring it complete and removing this comment.
If you follow this tutorial and it works for you, please post in the forum to confirm that it worked.

About Torguard VPN

TorGuard VPN is a commercial VPN/Proxy server provider. You pay them to provide a VPN server (using openVPN and others) with a public IP address so you can connect your devices no matter where they are, and also offers dedicated applications for mobile devices.

Their focus is on anonymity, and provide various features to increase the anonimity of their users on the Internet.

On their site they claim to use technologies to make their VPN look like normal HTTP traffic for DPI (deep packet inspection) firewalls that would otherwise be able to detect and block normal VPN traffic. For example the so called Great Firewall of China, a state-run Chinese firewall that filters the access to the rest of the Internet.

According to their FAQ, “Tor” in TorGuard relates to “torrents” and guarding one’s privacy when using bitorrent.
Torguard is not related in any way to the Tor project nor uses the Tor network.

It appears that the original tutorial posted in the forums comes from email exchanges with the Torguard VPN customer support staff.

Installation and Configuration, Part 1

This tutorial requires you to connect with ssh to the router to configure it.

  1. Install first all software needed by this tutorial:
    opkg update ; opkg install openvpn-openssl nano
  1. Generate an OpenVPN config file from the TorGuard site, go to https://torguard.net/tgconf.php?action=vpn-openvpnconfig and choose OpenWrt.
  2. Install the config file in the router at /etc/config/openvpn, you can use an scp client like winscp to log into the router and save the config file at /etc/config/openvpn or you can ssh into the router and copy/paste the config file.
    If you chose the latter:
    1. Type nano /etc/config/openvpn to open the file for editing
    2. Erase the file's contents
    3. Paste in the contents of the config file (use rightclick –> paste with mouse, Ctrl + v will not work as nano uses that command for some other function)
    4. Press Ctrl + x to close the file, press “y” to confirm you want to save the file and then pres Enter to confirm the name and go back into ssh shell
  3. Create /etc/openvpn/torguard folder with mkdir -p /etc/openvpn/torguard
  4. Download needed key files in the folder you just created with the following commands (copy-paste them in the shell and press Enter)
    wget --no-check-certificate -P /etc/openvpn/torguard https://torguard.net/downloads/ta.key  
    wget --no-check-certificate -P /etc/openvpn/torguard https://torguard.net/downloads/ca.crt
  5. Create a file for your login credentials by writing nano /etc/openvpn/torguard/userpass.txt
    1. in the empty text file write your TorGuard Vpn username in the first line, then write your TorGuard Vpn password in the second line
    2. Press Ctrl + x to close the file, press “y” to confirm you want to save the file and then pres Enter to confirm the name and go back into ssh shell
  6. Change permissions to the files you downloaded and created
    chmod 0777 /etc/openvpn/torguard/ta.key
    chmod 0777 /etc/openvpn/torguard/ca.crt
    chmod 0400 /etc/openvpn/torguard/userpass.txt

Installation and Configuration, Part 2a, still with ssh commands

There are two alternative methods available in order to create the necessary openvpn network interface and complimentary firewall rules. This part will be done with ssh command line. Part 2b will do the same operations by using Luci web interface instead.

  1. Create a TorGuard OpenVpn Network Interface:
    uci set network.myvpnc=interface
    uci set network.myvpnc.proto=none
    uci set network.myvpnc.ifname=tun0
    uci commit network
  2. Create firewall rules for TorGuard OpenVpn
    uci add firewall zone
    uci set firewall.@zone[-1]=zone
    uci set firewall.@zone[-1].name=myvpnc_fw
    uci set firewall.@zone[-1].network=myvpnc
    uci set firewall.@zone[-1].input=REJECT
    uci set firewall.@zone[-1].output=ACCEPT
    uci set firewall.@zone[-1].forward=REJECT
    uci set firewall.@zone[-1].masq=1
    uci set firewall.@zone[-1].mtu_fix=1
    uci add firewall forwarding
    uci set firewall.@forwarding[-1]=forwarding
    uci set firewall.@forwarding[-1].src=lan
    uci set firewall.@forwarding[-1].dest=myvpnc_fw
    uci commit firewall
  3. reboot your router with reboot; exit command

Installation and Configuration, Part 2b, with Luci web interface

There are two alternative methods available in order to create the necessary openvpn network interface and complimentary firewall rules. This part will be done with Luci web interface . Part 2a will do the same operations by using ssh command line instead.

Installation of required packages

In Luci Gui go to System > Software, do update of package lists.
Then install luci-app-openvpn

TorGuard OpenVpn - Luci ( Web Gui ) Network Interface Creation and Setup and Firewall Rules Setup

  1. Go to Network > Interfaces and add new interface name the interface (for example MYVPN ) - make sure the Protocol of the new interface at top of page is set to Unmanaged, at the bottom of page select Custom and enter tun0 ( tun number zero ) in the field next to custom radio button.
  2. Click On Submit, then Save and Apply Settings
  3. Go to Network > Firewall section, click add new zone, and make it to accept ( accept all options ) input/output/forward/masquarde.
  4. Then click check mark in box next to interface VPN (Covered networks).
  5. Then in bottom box Inter-Zone Forwarding “Allow forward from source zones” click both radio buttons next to LAN in last section on firewall newzone you just created.
  6. Click on Save and Apply Settings
  7. Go to Services > Openvpn and start the VPN service.

Sample Config File

Sample of a working /etc/config/openvpn config file - adjust yours as you see fit but stick with the config from https://torguard.net/tgconf.php?action=vpn-openvpnconfig as your basic guide -

        config openvpn 'TorGuard_AES256GCM_SHA256'
        option client '1'
        option dev 'tun'
        option proto 'udp'
        option resolv_retry 'infinite'
        option nobind '1'
        option persist_key '1'
        option persist_tun '1'
        option ca '/etc/openvpn/torguard/ca.crt'
        option remote_cert_tls 'server'
        option tls_auth '/etc/openvpn/torguard/ta.key 1'
        option cipher 'AES-256-GCM'
        option comp_lzo 'adaptive'
        option verb '4'
        option fast_io '1'
        option auth_user_pass '/etc/openvpn/torguard/userpass.txt'
        option remote_random '0'
        option auth 'SHA256'
        option reneg_sec '0'
        option port '1195'
        list remote 'ny.east.usa.torguardvpnaccess.com'
        option sndbuf '393216'
        option rcvbuf '393216'
        option enabled '1'
        option keepalive '10 120'
        option auth_nocache '1'
        option tls_client '1'
        option setenv 'CLIENT_CERT 0'
        option tls_version_min '1.2'
        option tls_cipher 'TLS-DHE-RSA-WITH-AES-256-GCM-SHA384'
        option ncp_ciphers 'AES-256-GCM:AES-128-GCM'
        option tun_mtu '1500'
        option tun_mtu_extra '32'
        option ncp_disable '1'
        option engine 'dynamic'
        option mute_replay_warnings '1'
        option disable_occ '1'
        option keysize '256'
        option mssfix '1450'
        option script_security '2'
        option reneg_bytes '1073741824'
        option mute '20'
        option pull '1'
        option log '/tmp/openvpn.log'
docs/guide-user/services/vpn/openvpn.torguard.txt · Last modified: 2018/03/03 20:30 by bobafetthotmail