Sunday, 1 April 2012

OpenWRT OpenVPN Setup

I know most of you are Windows users, So I wrote this tutorial assuming you are using Windows OS.

log into the luci webif
go to system->software
click "Update package lists"
paste "luci-app-openvpn" into the "Download and install package" box and click "OK"

[Image: 86357142.gif]

While still in the luci webif
go to Network->Interface
type "vpn" in the box and click "Add entry"

[Image: 40462062.gif]

Protocol: none
Bride interface: unchecked
Interface: tun0 (drop down menu then select custom and type in "tun0")
Create / Assign firewall-zone: wan

[Image: 81409237.gif]

Download the vpn-config.zip from here:
http://hidemyass.com/vpn-config/vpn-config.zip

Extract the contents of the vpn-config.zip to a new folder of your choosing. I extracted mine to a folder called vpn-config which is on my Desktop. Inside my new folder named vpn-conf are many *.ovpn config files and a "keys" folder containing 3 key files (ca.crt, hmauser.crt, and hmauser.key)

The *.ovpn config file I'm going to choose for this example is:

Russia.Moscow.ovpn

Choose the one that is best for you.

For convenience, move your *.ovpn config file to your keys folder. In this case, it's the Russia.Moscow.ovpn I am moving.

Now we are going to be creating and editing text files. We need a text editor that is capable of saving text files in UNIX file format. In other words Do NOT use windows notepad or word-pad. I would recommend using “TextPad” or "NotePad PlusPlus".

You can download TextPad from here:
ftp://download.textpad.com/pub/textpad5.4/txpeng542.exe

Using "TextPad" or similar create a new text file and put your user-name in line 1 and your pass in line 2 and save it as "pass.txt". Make sure you choose UNIX file format when saving!! (See Screen Shot Below) Put the pass.txt in your keys folder as well.

[Image: 46185589.gif]

Using "TextPad" or similar edit your *.ovpn file, In this case, it's the Russia.Moscow.ovpn

edit the line

"auth-user-pass"

and change it to

"auth-user-pass ./pass.txt"

also edit the lines

ca ./keys/ca.crt
cert ./keys/hmauser.crt
key ./keys/hmauser.key

to

ca ./ca.crt
cert ./hmauser.crt
key ./hmauser.key

[Image: 64214201.gif]

Inside your keys folder you should now have the following files:

ca.crt
hmauser.crt
hmauser.key
Russia.Moscow.ovpn (or whatever vpn server config you choose)
pass.txt

Next download WinSCP from here:
http://winscp.net/download/winscp433setup.exe

Launch WinSCP

Host name: your router's ip (it's 192.168.1.1 unless you changed it)
Port number: 22
User Name: root
Password: your password to your router
Private key file: just leave it blank
File protocol: SCP

[Image: 75815378.gif]

Click "Login" (Ignore the error about user groups.)

Using WinSCP transfer your:

ca.crt
hmauser.crt
hmauser.key
Russia.Moscow.ovpn (or whatever vpn server config you choose)
pass.txt

to the

/etc/openvpn directory of your router.

I find it is easiest to just drag and drop while using WinSCP.

[Image: 58470728.gif]

Now it's time to run the hma vpn service on the router. We do this by issuing commands via the SSH protocol.

I would recommend the SSH client puTTY.

Download puTTY from here:
http://the.earth.li/~sgtatham/putty/late.../putty.exe

Launch puTTY,

Host Name: your router's ip (192.168.1.1 unless you changed it)
Port: 22
Connection type: SSH

Click "Open"

login as: "root"
enter your routers password

[Image: 85548507.gif]

In the puTTY terminal type:

cd /etc/openvpn/
openvpn --config Russia.Moscow.ovpn (change this to the *.opvn you choose)

Your vpn service should now be up and running. YOU MUST GET THE "Initialization Sequence Completed" message before proceeding!!

[Image: 53619651.gif]

If you didn't get the Sequence Completed" message, you made a mistake while editing your *.opvn file. Find the mistake and fix it.

Test your connection:

Open a web browser and go to a web site. http://www.google.com for example.

If it works, your done

If not.... (and I'm betting not) See below...

Trouble Shooting:

If you go to http://www.google.com and you get a web site not found error, try typing 64.233.169.91 into the address bar instead. If the Google page now comes up, you have a DNS problem. (like I did.)

The easiest way I have found to fix the DNS problem is to go here:
http://theos.in/windows-xp/free-fast-pub...rver-list/

(Tip: Ctrl+C to stop vpn or reboot router so you can go to the above public-dns-server-list address.)

and select a DNS server from the list.

I would recommend you ping each one to find the one that is fastest for you.

For this example I will choose the DnsAdvantage.

DnsAdvantage's ip is 156.154.70.1

Go back to your luci webif
go to Network->Interfaces
click on the edit button  for your vpn (small icon to the far right)

From the "Additional field" drop down menu select DNS-Server click "Add"
paste in your DNS-Server's IP (In this case it's 156.154.70.1 which is DnsAdvantage)
click Save and Apply.

That should fix any DNS problem.

Note:

Your luci webif might look different than mine. The newest build of Openwrt no longer has the Administrator / Essentials Selections. Also editing the vpn Interfaces are slightly different but are similar enough for you to find your way around.

Tip: Getting this to work can be tedious. Remember to clear your web cache between tries.

<Ctrl+C> will stop the vpn and openvpn --config *.opvn will start it.

More Trouble Shooting...

If your still having a hard time try this:

-With the vpn off, download a legal *.torrent to your Desktop. (just the *.torrent file, not the torrent itself. it's a tiny file, 30kb)

-Start vpn with the openvpn --config *.opvn command via puTTY

-Once you get Sequence Completed" message, Start downloading the actual torrent. (double clicking the *.torrent should start it)

-Open another puTTY terminal, SSH into your router again, and type ping 8.8.8.8
Is it pinging?

-Go to the luci webif->Network->Interfaces
Is the tun0 Interface active? Uptime? How many kb/mb have been transfered on the tun0? Do you still have the Sequence Completed" message?
-Try putting the DNS forward into Network->DCHP and DNS. Example 8.8.8.8 (8.8.8.8 is google's DNS server) (I have had to do this on some builds.)

No comments:

Post a Comment