This is an old revision of the document!


OpenVPN Client

  • This guide describes how to configure OpenWrt to run OpenVPN client.
  • You can use it to connect to your own OpenVPN server or a commercial OpenVPN provider.
  • Follow OpenVPN Basic for server setup and OpenVPN Extra for additional tuning.
  • Encrypt your internet connection:
    • Prevent data leak and traffic spoofing on the path to client-ISP.
    • Escape client-ISP content-filters and internet censorship.
  • Access your VPN-server LAN-services remotely without port forwarding.
  • Access region-restricted services and content using commercial VPN-providers.
  • OpenWrt 18.06.1
  • OpenVPN 2.4.5

Install OpenWrt and perform initial network and firewall setup.

Replace client-ISP DNS-servers with public DNS-servers to prevent DNS-leak. Create a VPN-interface.

uci set network.wan.peerdns="0"
uci set network.wan.dns="8.8.8.8 8.8.4.4"
uci set network.wan6.peerdns="0"
uci set network.wan6.dns="2001:4860:4860::8888 2001:4860:4860::8844"
uci set network.vpnclient="interface"
uci set network.vpnclient.ifname="tun0"
uci set network.vpnclient.proto="none"
uci commit network
service network reload

To minimize firewall setup consider VPN-network as public and assign it to WAN-zone.

uci add_list firewall.@zone[1].network="vpnclient"
uci commit firewall
service firewall restart

Save your client profile. Drop VPN-service privileges and ensure VPN-interface name matches network configuration. Install and configure OpenVPN client.

cat << "EOF" > /etc/openvpn/vpnclient.ovpn
COPY_PASTE_CLIENT_PROFILE_HERE
EOF
 
chmod 600 /etc/openvpn/vpnclient.ovpn
sed -i -e "
s/\r//g
\$a user nobody
\$a group nogroup
/^\s*dev/d
\$a dev $(uci get network.vpnclient.ifname)
" /etc/openvpn/vpnclient.ovpn
 
opkg update
opkg install openvpn-openssl
uci set openvpn.vpnclient="openvpn"
uci set openvpn.vpnclient.enabled="1"
uci set openvpn.vpnclient.config="/etc/openvpn/vpnclient.ovpn"
uci commit openvpn
service openvpn restart vpnclient

If using a commercial VPN-provider, set up credentials for username/password authentication and enforce gateway redirect.

cat << "EOF" > /etc/openvpn/vpnclient.auth
YOUR_VPN_USERNAME
YOUR_VPN_PASSWORD
EOF
 
chmod 600 /etc/openvpn/vpnclient.auth
sed -i -e "
/^\s*auth-user-pass/d
\$a auth-user-pass /etc/openvpn/vpnclient.auth
/^\s*redirect-gateway/d
\$a redirect-gateway def1 ipv6
" /etc/openvpn/vpnclient.ovpn
 
service openvpn restart vpnclient
This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
  • Last modified: 2019/02/11 14:24
  • by vgaetera