User Tools

Site Tools


Degree of Difficulty: Intermediate This guide assumes you can:

OpenVPN Client


VPN Client Purpose

  • An OpenVPN Client on Your Router Allows You to:
    • Encrypt your connection to the internet [WAN]

    • Circumvent firewall & content filters not blocking the VPN itself:
      Bypass China's Great Firewall [GFW] for internet access

    • Spoof location-based services:
      Access region-restricted content on sites like Netflix

  • Prevents your Internet Service Provider (ISP) from:
    • Snooping through your traffic and DNS requests
    • Meddling with your DNS requests and/or traffic

File & Folder Locations

  1. Config Locations:
    • Firewall: /etc/config/firewall
    • Network: /etc/config/network
    • OpenVPN: /etc/config/openvpn

  2. Folder Locations:
    • OpenVPN: /etc/openvpn/

VPN Client Usage

  • Obtain credentials from a corresponding OpenVPN Server:
    • Commercial third party OpenVPN provider
    • Private host (router/VPS) running an OpenVPN server

  • Once Router's Configured as a Client:
    • Route all WAN traffic over the VPN
    • Only route certain traffic from a specific interface


Opkg Wiki

  • Install:
    opkg update && opkg install openvpn-openssl luci-app-openvpn


Network Wiki

  • Create Network Interface:
    uci set network.vpnclient="interface"
    uci set network.vpnclient.ifname="tun0"
    uci set network.vpnclient.proto="none"
    uci commit network && service network restart


Firewall Wiki

  • Configure Default Rules & Forwarding:
    uci add firewall zone
    uci set firewall.@zone[-1].name="vpnclient"
    uci add_list firewall.@zone[-1].network="vpnclient"
    uci set firewall.@zone[-1].input="REJECT"
    uci set firewall.@zone[-1].output="ACCEPT"
    uci set firewall.@zone[-1].forward="REJECT"
    uci set firewall.@zone[-1].masq="​1"​
    uci add firewall forwarding
    uci set firewall.@forwarding[-1].src="lan"
    uci set firewall.@forwarding[-1].dest="vpnclient"
    uci commit firewall && service firewall restart


OpenVPN HowTo OpenVPN Man Page

  1. Configure Provider:
    uci set openvpn.vpnclient="openvpn"
    uci set openvpn.vpnclient.enabled="1"
    uci set openvpn.vpnclient.config="/etc/openvpn/my-client.ovpn"
    uci commit openvpn && service openvpn restart


Managing Services

  1. Ensure OpenVPN Client service is running
    ps | grep [o]penvpn
    logread -e openvpn
  2. Validate Your External IP-address has Changed
    1. If It Has Not:
      1. Verify config options are correct
      2. Create a thread in the OpenWrt | OpenVPN forum, providing the information requested in Troubleshooting


If asking for help in a forum, please perform the following steps to include in your initial post:

  1. Client:
    1. Modify /etc/openvpn/my-client.ovpn:
      proto tcp
      verb 7
      1. Not all servers will support support tcp

    2. Restart:
      service openvpn restart
  2. Once client connects / fails to connect, please post:
    1. Client log and Firewall, Network, & OpenVPN configs
      1. Please ensure WAN IP-address & login info are removed from configs & logs


docs/guide-user/services/vpn/openvpn/client.txt · Last modified: 2018/09/25 15:57 by vgaetera