Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| docs:guide-user:services:vpn:openvpn:client [2019/02/11 20:36] – [Goals] vgaetera | docs:guide-user:services:vpn:openvpn:client [2021/09/27 03:25] – [2. Firewall] vgaetera | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== OpenVPN | + | ====== OpenVPN |
| - | {{page> | + | {{section> |
| ===== Introduction ===== | ===== Introduction ===== | ||
| - | * This guide describes | + | * This how-to describes the method for setting up [[wp> |
| - | * You can use it to connect to your own OpenVPN server or a commercial OpenVPN provider. | + | * Follow [[docs: |
| - | * Follow [[basic|OpenVPN | + | |
| ===== Goals ===== | ===== Goals ===== | ||
| - | * Encrypt your internet connection to enforce protection and privacy: | + | {{section> |
| - | * Prevent data leak and traffic spoofing on the path to client-ISP. | + | |
| - | * Escape client-ISP content-filters and internet censorship. | + | |
| - | * Access your VPN-server | + | |
| - | * Access region-restricted services and content using commercial VPN-providers. | + | |
| - | ===== Requirements ===== | + | ===== Command-line instructions |
| - | * OpenWrt 18.06.1 | + | |
| - | * OpenVPN 2.4.5 | + | |
| - | + | ||
| - | ===== Instructions | + | |
| ==== 1. Preparation ==== | ==== 1. Preparation ==== | ||
| - | [[docs: | + | Install |
| - | ==== 2. Network ==== | ||
| - | Replace client-ISP DNS-servers with [[wp> | ||
| - | Create a VPN-interface. | ||
| <code bash> | <code bash> | ||
| - | uci set network.wan.peerdns=" | + | # Install packages |
| - | uci set network.wan.dns=" | + | opkg update |
| - | uci set network.wan6.peerdns=" | + | opkg install openvpn-openssl |
| - | uci set network.wan6.dns=" | + | |
| - | uci set network.vpnclient=" | + | |
| - | uci set network.vpnclient.ifname=" | + | |
| - | uci set network.vpnclient.proto=" | + | |
| - | uci commit network | + | |
| - | service network reload | + | |
| </ | </ | ||
| - | ==== 3. Firewall ==== | + | ==== 2. Firewall ==== |
| - | To minimize firewall setup consider | + | Consider |
| + | Assign VPN interface | ||
| <code bash> | <code bash> | ||
| - | uci add_list | + | # Configure firewall |
| + | uci rename firewall.@zone[0]=" | ||
| + | uci rename | ||
| + | uci del_list firewall.wan.device=" | ||
| + | uci add_list firewall.wan.device="tun+" | ||
| uci commit firewall | uci commit firewall | ||
| - | service | + | / |
| </ | </ | ||
| - | ==== 4. VPN-Client | + | ==== 3. VPN service |
| - | Save your client profile. | + | Save your client profile |
| - | Drop VPN-service | + | |
| - | Install and configure OpenVPN client. | + | |
| <code bash> | <code bash> | ||
| - | cat << | + | # Save VPN client profile |
| + | umask go= | ||
| + | cat << EOF > / | ||
| COPY_PASTE_CLIENT_PROFILE_HERE | COPY_PASTE_CLIENT_PROFILE_HERE | ||
| EOF | EOF | ||
| - | + | /etc/init.d/openvpn restart | |
| - | chmod 600 /etc/openvpn/ | + | |
| - | sed -i -e " | + | |
| - | s/\r//g | + | |
| - | \$a user nobody | + | |
| - | \$a group nogroup | + | |
| - | /^\s*dev/d | + | |
| - | \$a dev $(uci get network.vpnclient.ifname) | + | |
| - | " | + | |
| - | + | ||
| - | opkg update | + | |
| - | opkg install openvpn-openssl | + | |
| - | uci set openvpn.vpnclient=" | + | |
| - | uci set openvpn.vpnclient.enabled=" | + | |
| - | uci set openvpn.vpnclient.config="/ | + | |
| - | uci commit openvpn | + | |
| - | service openvpn restart vpnclient | + | |
| - | </ | + | |
| - | + | ||
| - | If using a commercial VPN-provider, | + | |
| - | <code bash> | + | |
| - | cat << " | + | |
| - | YOUR_VPN_USERNAME | + | |
| - | YOUR_VPN_PASSWORD | + | |
| - | EOF | + | |
| - | + | ||
| - | chmod 600 / | + | |
| - | sed -i -e " | + | |
| - | / | + | |
| - | \$a auth-user-pass / | + | |
| - | / | + | |
| - | \$a redirect-gateway def1 ipv6 | + | |
| - | " / | + | |
| - | + | ||
| - | service | + | |
| </ | </ | ||
| - | ==== 5. Testing ==== | + | Configure credentials for [[docs: |
| - | [[extra#testing|OpenVPN Extra > Testing]] | + | |
| - | ==== 6. Troubleshooting | + | ===== Testing ===== |
| - | [[extra# | + | {{section>docs: |
| - | {{tag>VPN OpenVPN}} | + | ===== Troubleshooting ===== |
| + | {{section>docs: | ||