Setup OpenVPN with OpenWRT/LEDE

LTE und 5G Antennen
20 Juli 2015
210
140
Here I show you how to use VPN tunnel with OpenWRT/LEDE.
I'm using NordVPN, but the steps are similar with other providers.

Install needed modules:
Code:
opkg update
opkg install libustream-openssl openvpn-openssl luci-app-openvpn unzip

Download .ovpn configuration files. Then we modify all files to search username/password from file 'secret'.
Code:
cd /etc/openvpn/
wget https://nordvpn.com/api/files/zip
unzip zip
sed -i -- 's/auth-user-pass/auth-user-pass secret/g' *.ovpn

Let's create this file, just put first line username, second line password. Nothing else, then save.
Code:
nano secret

Configuring OpenVPN with chosen *.ovpn file. You can see diffrent server with 'ls' command.
Code:
uci set openvpn.nordvpn=openvpn
uci set openvpn.nordvpn.enabled='1'
uci set openvpn.nordvpn.config='/etc/openvpn/al1.nordvpn.com.tcp443.ovpn'
uci commit openvpn
cat /etc/config/openvpn

Should look like this:
Code:
config openvpn 'nordvpn'
        option enabled '1'
        option config '/etc/openvpn/al1.nordvpn.com.tcp443.ovpn'
Make new network interface:
Code:
uci set network.nordvpntun=interface
uci set network.nordvpntun.proto='none'
uci set network.nordvpntunh.ifname='tun0'
uci commit network
cat /etc/config/network

New network interface:
Code:
config interface 'nordvpntun'
        option proto 'none'
        option ifname 'tun0'
Make new firewall zone:
Code:
uci add firewall zone
uci set firewall.@zone[-1].name='vpnfirewall'
uci set firewall.@zone[-1].input='REJECT'
uci set firewall.@zone[-1].output='ACCEPT'
uci set firewall.@zone[-1].forward='REJECT'
uci set firewall.@zone[-1].masq='1'
uci set firewall.@zone[-1].mtu_fix='1'
uci add_list firewall.@zone[-1].network='nordvpntun'
uci add firewall forwarding
uci set firewall.@forwarding[-1].src='lan'
uci set firewall.@forwarding[-1].dest='vpnfirewall'
uci commit firewall
cat  /etc/config/firewall

The zone should look like this:
Code:
config zone
        option name 'vpnfirewall'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        list network 'nordvpntun'

config forwarding
        option src 'lan'
        option dest 'vpnfirewall'

Setup DNS for WAN, this will prevent DNS leak. Using Google DNS. (If you have modified mbim.sh remove lines that set operator DNS!!):
Code:
uci set network.wan.peerdns='0'
uci del network.wan.dns
uci add_list network.wan.dns='8.8.8.8'
uci add_list network.wan.dns='8.8.4.4'
uci commit

Start OpenVPN:
Code:
/etc/init.d/openvpn start

Should work like a plague:
nordvpn.jpg