OpenVPN client

  • Encrypt your internet connection to enforce security and privacy.
    • Prevent data leak and traffic spoofing on the client side.
  • Bypass regional restrictions using commercial providers.
    • Escape client side content filters and internet censorship.
  • Access your LAN services remotely without port forwarding.

Install the required packages.

# Install packages
opkg update
opkg install openvpn-openssl

Consider VPN network as public. Assign VPN interface to WAN zone to minimize firewall setup.

# Configure firewall
uci rename firewall.@zone[0]="lan"
uci rename firewall.@zone[1]="wan"
uci del_list firewall.wan.device="tun+"
uci add_list firewall.wan.device="tun+"
uci commit firewall
/etc/init.d/firewall restart

Save your client profile to configure VPN service.

# Save VPN client profile
umask go=
cat << EOF > /etc/openvpn/client.conf
/etc/init.d/openvpn restart

Specify credentials for commercial provider and configure dynamic connection if necessary.

Establish the VPN connection. Use traceroute and traceroute6 to verify your client traffic is routed via the VPN gateway.


Check your client public IP addresses.

Make sure there is no DNS leak on the client side.

Delegate a public IPv6 prefix to the VPN network to use IPv6 by default.

Collect and analyze the following information.

# Restart services
/etc/init.d/log restart; /etc/init.d/openvpn restart; sleep 10
# Log and status
logread -e openvpn; netstat -l -n -p | grep -e openvpn
# Runtime configuration
pgrep -f -a openvpn
ip address show; ip route show table all
ip rule show; iptables-save -c
ip -6 rule show; ip6tables-save -c
# Persistent configuration
uci show network; uci show firewall; uci show openvpn
head -v -n -0 /etc/openvpn/*.conf
This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
  • Last modified: 2021/10/04 10:29
  • by vgaetera