How to setup with a OpenWRT router?
Posted by Max Biggavelli on 22 March 2015 12:14
A nice member of us wrote a tutorial for OpenWRT setup.
I wrote this little How-To on base of the "Barrier Breaker"(r42801) OpenWRT-Version.
I recommended you to delete all IPv6 Settings.
opkg update opkg install openvpn-openssl
cat >> /etc/config/network << EOF config interface 'nVPN' option proto 'none' option ifname 'tun0' EOF
3. Set your nVPN username and password:
cat >> /etc/openvpn/authuser << EOF nVPN-USERNAME nVPN-PASSWORD EOF
4. Set nVPN-config (simply Copy & Paste your downloaded config file):
cat >> /etc/openvpn/nvpn.ovpn << EOF client dev tun auth-user-pass authuser proto udp remote "your-nVPN-Hostname, something like uXXXXX.nvpn.so" 1194 resolv-retry infinite nobind persist-key persist-tun comp-lzo ca nVPN.crt verb 3 reneg-sec 0 tun-mtu 1500 EOF
cat >> /etc/openvpn/nVPN.crt << EOF "the nVPN certificate - see below on how to obtain (do NOT paste just this)" EOF
To get the nVPN certificate, open up the "nVPN.crt" file (it's in the same directory as the config listed above) in notepad
and copy the contents. Make sure there are line breaks in the cert and that it includes the ----BEGIN---- and ----END---- tags.
openvpn --cd /etc/openvpn --config /etc/openvpn/nvpn.ovpn
Type "ifconfig" an check if You See a "Tun0"-Interface to confirm that the openvpn create successfully the Tunnel-Device:
There are two ways to set the firewall. Option 1 allows outgoing connections only with an active VPN connection.
Option 1: All connections on the VPN-Network are limited. To be safe, backup the existing firewall rules with this first command:
mv /etc/config/firewall /etc/config/firewall.old
cat >> /etc/config/firewall << EOF config defaults option syn_flood '1' option input 'ACCEPT' option output 'ACCEPT' option forward 'REJECT'
Option 2: Allow Internet connections without VPN:
cp /etc/config/firewall /etc/config/firewall-backup
mv /etc/config/openvpn /etc/config/openvpn.old
Now Reboot, wait for 30 secs and verify your new Public-IP ( http://check.nvpn.net or http://www.whoer.net )
Thats is it!
Sometimes, for example when your first Router does the provider typical 24h-reconnect, it would drop the VPN-Connection.
This script below checks every 2 minutes, if the VPN-connection is still established and incase not it will perform a reconnect
to the VPN-connection:
cat >> /root/scripts/check-online.sh << EOF #!/bin/sh IP=220.127.116.11 LOG="/root/log_online.log" LOG_FAIL="/root/log_offline.log" HIDE_RUNS=false DEV="tun0" ###################### # TUN device online? # ###################### ping -c 1 -I $DEV $IP > /dev/null if [ $? == 0 ] then echo "`date` - OpenVPN(nVPN) up and I can ping through it." > $LOG else echo "`date` - OpenVPN(nVPN) up, but no ping! RESTARTING OPENVPN AND NETWORK." >> $LOG_FAIL /etc/init.d/openvpn stop sleep 1 /etc/init.d/network restart sleep 4 /etc/init.d/openvpn start sleep 15 /etc/init.d/openvpn start fi EOF
Go to Open-WRT Webinterface System->Sheduled Tasks and add this line:
*/2 * * * * /bin/sh /root/scripts/check-online.sh
0 1 * * 7 rm /root/log_offline.log
Then click submit and your connection is properly secured incase of a VPN connection loss, thats it. Incase of any problems with this tutorial, feel free to contact the writer of the tutorial at this email firstname.lastname@example.org