— a humbly committed student 2019/01/19 10:31
The purpose of this wiki is to show users how to configure an OpenWrt 18.01 router to serve multiple OpenVPN Servers that connect to their own respected VLAN.
This example contains one OpenWrt router configured as the OpenVPN server and having it also generate the security certs for the client files that will be given to the end user. In this example, the Linksys WRT 3200acm router with OpenWrt 18.01 was used, tested, and validated to work. It has also worked on OpenWrt 17.01.
These procedures are primarily done on the cli on the routers config files with limited configuration via the Luci GUI. Due to me not being able to attach screenshots, I have done the configuration through the routers config files via an ssh session into the router.
The directories and configuration files that will be used:
It is recommended to be familiar with the following wiki articles to perform this task.
I primarily used the OpenVPN Basic tutorial as a guide throughout this build. However, I tried using the
script that was provided in an older version of the OpenVPN Basic tutorial, to try and create multiple vlan servers and interfaces by simply changing some of the commands to create different naming conventions, directory outputs, configs, etc. I even had problems running the
commands and ran into problems, so I went with manually editing the config files to create different OpenVPN servers and tunnel network interfaces that were desired.
This is a network topology for this example:
There are three VLANs created in this example. Each Network interface was added to their own specific VLAN ID with a respective VPN server configured to connect to them.
List of VLANs:
1. Run the following Scripts (modify/create/copy each of these scripts to match the requirements your infrastructure i.e. naming convention for each of the separate VLANs, number of VLANs you will have, the number of OpenVPN servers that is desired).
1a. This script will create a VPN Server to connect to private lan network.
1b. This script will create a VPN Server to connect to guest slave network.
1c. This script will create a VPN Server to connect to the tor network.
2. Run this script to create .ovpn files for end-users
2a. This script will create the .ovpn client file for end-user to connect via VPN to private lan network.
2b. This script will create the .ovpn client file for end-user to connect via VPN to the slave network.
2c. This script will create the .ovpn client file for end-user to connect via VPN to the tor network.
3. Check the contents of the /etc/openvpn directory to confirm certs and .ovpn files were cerated.
4. Create the following firewall rules
Be sure to confirm the firewall configurations are reflected in Luci web GUI to confirm the configurations were saved and are functioning properly
5. Create the following Network configurations for each respect tunnel interfaces the VPNs will connect to.
Be sure to check the network interfaces in the Luci Web GUI to confirm and validate their create and are functioning properly
6. Configure the OpenVPN config file with the following configurations to match the network interfaces created in step 5. and security certificates created in steps 1.
7. reboot the router
8. confirm openvpn is up and running
8a. check to see the openvpn process is running
ps -ef | grep -i openvpn
8b. check to see if openvpn created network routes
9. Troubleshooting: There may be times when the router reboots and the openvpn servers do not create the routes and in turn it still allows vpn clients to connect but they will not have access to network resources or the internet. Simply check if the routes are created with the
command mentioned in step 8b. to confirm if the routes are up. If they are not, restart the openvpn service.
service ovpn restart