[Base directions from https://hide.me/en/vpnsetup/openwrt/openvpn/]

These directions assume you already have an account with astrill.com

https://www.astrill.com/member-zone/tools/openvpn-certificates Create new Certificate Give it a meaningful name like OpenVPN Router Click Check Box Click the left most arrow for all Astrill Servers Unzip Astrill-OpenWRT Router.zip Pick the server you wish to use and find its .ovpn file.

Login to your router. Possibly 192.168.0.1 or 192.168.1.1 or whatever you configured, in my case 192.168.215.1) Navigate to System: Software http://192.168.215.1/cgi-bin/luci/admin/system/opkg update list filter “openvpn”

• luci-app-openvpn
• openvpn-easy-rsa
• openvpn-openssl

install each

1. Refresh Webpage (F5 on Windows)
2. Look for VPN tab.
3. Under VPN Click on OpenVPN
4. Under OVPN configuration file upload select a the .ovpn file you selected above
5. give it a meaningful Name (I suggest something similar to the one provided by Astrill to make switching servers later more intuitive)
6. Click Upload
7. under OpenVPN instances there is a new line with the Name you just typed, on the right Click Edit
8. In the bottom you'll see “Section to add an optional 'auth-user-pass' file with your credentials (/etc/openvpn/<Name>.auth)
9. Enter your Astrill.com Password
10. Save
11. Click on VPN: OpenVPN at the top to go back to the OpenVPN instances page
12. Save & Apply
13. (I'm rewriting these directions after having already done the intial configuration, so its possible there may be some variation between what I'm writing and what you're seeing, sorry about that)
14. Check the Enable box for your new VPN line
15. Save & Apply

You have finished the VPN configuration now, but you still need to configure the interface as well as the Firewall.

1. From the Menu at the top select Networking → Interfaces.
2. Click the “Add new interface…” button.
3. Name: “Astrill_VPN” (or whatever you want)
4. Protocol of the new interface: Unmanaged
5. Cover the following interface: Custom Interface: tun0
6. Right of “Interfaces » ASTRIL_VPN” Click Edit

Under General Setting

1. Leave a checkmark on “Bring up on boot”
2. Click on “Advanced Settings”
3. remove checkmark from “Use builtin IPV6-management”

At the top, Under Network Click on Firewall Settings

1. Under Zones In “unspecified” field, type the zone name – “astrill_fw”.
2. Click on “Save”
3. Now edit the astrill_fw zone.

Under Firewall - Zone Settings In the General Settings tab, select the following settings:

1. Set “Input” to “reject”
2. Set “Output” to “accept”
3. Set “Forward” to “reject”
4. Click Save & Apply
5. Edit Astril_FW
6. Put check mark on “Masquerading”
7. Covered networks – checkmark on “astril_vpn”
8. In the “Inter-Zone Forwarding” section, set the checkbox for “Allow forward from source zones: lan”.

Under Firewall - Zone Settings In the Advanced Settings Tab

1. Covered devices tun0

Save

Save & Apply