User Tools

Site Tools


docs:guide-user:services:vpn:openvpn:astrill

Configure Astrill OpenVPN on OpenWrt

[Base directions from https://hide.me/en/vpnsetup/openwrt/openvpn/]

These directions assume you already have an account with astrill.com

Create a new Certificate for your Router

https://www.astrill.com/member-zone/tools/openvpn-certificates Create new Certificate Give it a meaningful name like OpenVPN Router Click Check Box Click the left most arrow for all Astrill Servers Unzip Astrill-OpenWRT Router.zip Pick the server you wish to use and find its .ovpn file.

Initial Configuration of Router

Login to your router. Possibly 192.168.0.1 or 192.168.1.1 or whatever you configured, in my case 192.168.215.1) Navigate to System: Software http://192.168.215.1/cgi-bin/luci/admin/system/opkg update list filter “openvpn”

  • luci-app-openvpn
  • openvpn-easy-rsa
  • openvpn-openssl

install each

  1. Refresh Webpage (F5 on Windows)
  2. Look for VPN tab.
  3. Under VPN Click on OpenVPN
  4. Under OVPN configuration file upload select a the .ovpn file you selected above
  5. give it a meaningful Name (I suggest something similar to the one provided by Astrill to make switching servers later more intuitive)
  6. Click Upload
  7. under OpenVPN instances there is a new line with the Name you just typed, on the right Click Edit
  8. In the bottom you'll see “Section to add an optional 'auth-user-pass' file with your credentials (/etc/openvpn/<Name>.auth)
  9. Enter your Astrill.com Password
  10. Save
  11. Click on VPN: OpenVPN at the top to go back to the OpenVPN instances page
  12. Save & Apply
  13. (I'm rewriting these directions after having already done the intial configuration, so its possible there may be some variation between what I'm writing and what you're seeing, sorry about that)
  14. Check the Enable box for your new VPN line
  15. Save & Apply

Configure Interface & Firewall

You have finished the VPN configuration now, but you still need to configure the interface as well as the Firewall.

  1. From the Menu at the top select Networking → Interfaces.
  2. Click the “Add new interface…” button.
  3. Name: “Astrill_VPN” (or whatever you want)
  4. Protocol of the new interface: Unmanaged
  5. Cover the following interface: Custom Interface: tun0
  6. Right of “Interfaces » ASTRIL_VPN” Click Edit

Interfaces » ASTRIL_VPN

Under General Setting

  1. Leave a checkmark on “Bring up on boot
  2. Click on “Advanced Settings
  3. remove checkmark from “Use builtin IPV6-management

At the top, Under Network Click on Firewall Settings

  1. Under Zones In “unspecified” field, type the zone name – “astrill_fw”.
  2. Click on “Save
  3. Now edit the astrill_fw zone.

Under Firewall - Zone Settings In the General Settings tab, select the following settings:

  1. Set “Input” to “reject
  2. Set “Output” to “accept
  3. Set “Forward” to “reject
  4. Click Save & Apply
  5. Edit Astril_FW
  6. Put check mark on “Masquerading
  7. Covered networks – checkmark on “astril_vpn”
  8. In the “Inter-Zone Forwarding” section, set the checkbox for “Allow forward from source zones: lan”.

Under Firewall - Zone Settings In the Advanced Settings Tab

  1. Covered devices tun0

Save

Save & Apply

This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
docs/guide-user/services/vpn/openvpn/astrill.txt · Last modified: 2020/07/02 15:44 by bobafetthotmail