Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
docs:guide-user:services:vpn:openvpn:client [2019/02/11 11:27] – [Introduction] Added wiki-link for OpenVPN vgaeteradocs:guide-user:services:vpn:openvpn:client [2023/10/14 05:16] (current) – use service invocation vgaetera
Line 1: Line 1:
-====== OpenVPN Client ====== +====== OpenVPN client ====== 
-{{page>meta:infobox:cli_setup&noheader&nofooter&noeditbtn}}+{{section>meta:infobox:howto_links#basic_skills&noheader&nofooter&noeditbutton}}
  
 ===== Introduction ===== ===== Introduction =====
-  * This guide describes how to configure OpenWrt to run [[wp>OpenVPN|OpenVPN]] client+  * This how-to describes the method for setting up [[wp>OpenVPN|OpenVPN]] client on OpenWrt
-  * You can use it to connect to your own OpenVPN server or a commercial OpenVPN provider+  * Follow [[docs:guide-user:services:vpn:openvpn:server|OpenVPN server]] for server setup and [[docs:guide-user:services:vpn:openvpn:extras|OpenVPN extras]] for additional tuning.
-  * Follow [[basic|OpenVPN Basic]] for server setup and [[extra|OpenVPN Extra]] for additional tuning.+
  
 ===== Goals ===== ===== Goals =====
-  * Encrypt your internet connection: +{{section>docs:guide-user:services:vpn:wireguard:server#goals&noheader&nofooter&noeditbutton}}
-    * Prevent data leak and traffic spoofing on the path to client-ISP. +
-    * Escape client-ISP content-filters and internet censorship. +
-  * Access your VPN-server LAN-services remotely without port forwarding. +
-  * Access region-restricted services and content using commercial VPN-providers.+
  
-===== Requirements ===== +===== Command-line instructions =====
-  * OpenWrt 18.06.1 +
-  * OpenVPN 2.4.5 +
- +
-===== Instructions =====+
 ==== 1. Preparation ==== ==== 1. Preparation ====
-[[docs:guide-user:installation:start|Install]] OpenWrt and perform initial [[docs:guide-user:network:start|network]] and [[docs:guide-user:firewall:start|firewall]] setup.+Install the required packages.
  
-==== 2. Network ==== 
-Replace client-ISP DNS-servers with [[wp>Public_recursive_name_server|public DNS-servers]] to prevent DNS-leak. 
-Create a VPN-interface. 
 <code bash> <code bash>
-uci set network.wan.peerdns="0" +# Install packages 
-uci set network.wan.dns="8.8.8.8 8.8.4.4" +opkg update 
-uci set network.wan6.peerdns="0" +opkg install openvpn-openssl
-uci set network.wan6.dns="2001:4860:4860::8888 2001:4860:4860::8844" +
-uci set network.vpnclient="interface" +
-uci set network.vpnclient.ifname="tun0" +
-uci set network.vpnclient.proto="none" +
-uci commit network +
-service network reload+
 </code> </code>
  
-==== 3. Firewall ==== +==== 2. Firewall ==== 
-To minimize firewall setup consider VPN-network as public and assign it to WAN-zone.+Consider VPN network as public
 +Assign VPN interface to WAN zone to minimize firewall setup. 
 <code bash> <code bash>
-uci add_list firewall.@zone[1].network="vpnclient"+# Configure firewall 
 +uci rename firewall.@zone[0]="lan" 
 +uci rename firewall.@zone[1]="wan" 
 +uci del_list firewall.wan.device="tun+" 
 +uci add_list firewall.wan.device="tun+"
 uci commit firewall uci commit firewall
 service firewall restart service firewall restart
 </code> </code>
  
-==== 4. VPN-Client ==== +==== 3. VPN service ==== 
-Save your client profile+Save your client profile to configure VPN service. 
-Drop VPN-service privileges and ensure VPN-interface name matches network configuration+
-Configure OpenVPN client.+
 <code bash> <code bash>
-cat << "EOF> /etc/openvpn/vpnclient.ovpn+# Save VPN client profile 
 +umask go= 
 +cat << EOF > /etc/openvpn/client.conf
 COPY_PASTE_CLIENT_PROFILE_HERE COPY_PASTE_CLIENT_PROFILE_HERE
 EOF EOF
- +service openvpn restart
-chmod 600 /etc/openvpn/vpnclient.ovpn +
-sed -i -e " +
-s/\r//g +
-\$a user nobody +
-\$a group nogroup +
-/^\s*dev/+
-\$a dev $(uci get network.vpnclient.ifname) +
-" /etc/openvpn/vpnclient.ovpn +
- +
-opkg update +
-opkg install openvpn-openssl +
-uci set openvpn.vpnclient="openvpn" +
-uci set openvpn.vpnclient.enabled="1" +
-uci set openvpn.vpnclient.config="/etc/openvpn/vpnclient.ovpn" +
-uci commit openvpn +
-service openvpn restart vpnclient +
-</code> +
- +
-If using a commercial VPN-provider, set up credentials for username/password authentication and enforce gateway redirect. +
-<code bash> +
-cat << "EOF" > /etc/openvpn/vpnclient.auth +
-YOUR_VPN_USERNAME +
-YOUR_VPN_PASSWORD +
-EOF +
- +
-chmod 600 /etc/openvpn/vpnclient.auth +
-sed -i -e " +
-/^\s*auth-user-pass/+
-\$a auth-user-pass /etc/openvpn/vpnclient.auth +
-/^\s*redirect-gateway/+
-\$a redirect-gateway def1 ipv6 +
-" /etc/openvpn/vpnclient.ovpn +
- +
-service openvpn restart vpnclient+
 </code> </code>
  
-==== 5. Testing ==== +Specify credentials for [[docs:guide-user:services:vpn:openvpn:extras#commercial_provider|commercial provider]] and configure [[docs:guide-user:services:vpn:openvpn:extras#dynamic_connection|dynamic connection]] if necessary.
-[[extra#testing|OpenVPN Extra > Testing]]+
  
-==== 6. Troubleshooting ==== +===== Testing ===== 
-[[extra#troubleshooting|OpenVPN Extra Troubleshooting]]+{{section>docs:guide-user:services:vpn:wireguard:server#testing&noheader&nofooter&noeditbutton}}
  
-{{tag>VPN OpenVPN}}+===== Troubleshooting ===== 
 +{{section>docs:guide-user:services:vpn:openvpn:server#troubleshooting&noheader&nofooter&noeditbutton}}
  
  • Last modified: 2023/10/14 05:16
  • by vgaetera