This post includes a collection of additional OpenWRT (LEDE fork - ROOter build) OpenVPN Client "recipes" which is OpenWRTs way of describing a template for creating OpenVPN client instances. These should work with OpenWRT and LEDE and will work with ROOter. ROOter is ready to go, OpenWRT and LEDE would require the appropriate OpenVPN and LuCI (the GUI) packages installed (which is not covered here).
A previous post contains the specifics (oriented towards ROOter on the RaspberryPi, but the concepts apply to any ROOter, LEDE or OpenWRT installation) of configuring an OpenVPN client with VPN providers like:
Private Internet Access (see the original post for this one)
Windscribe
ProtonVPN
Mullvad
Here's the post to use for the step by step:
https://www.snbforums.com/threads/r...e-fork-rooter-build-pia-openvpn-client.41024/
And here are the additional recipes for popular VPN providers (special thanks to @hamtator on the ROOter forum for contributions and testing):
Windscribe:
ProtonVPN:
Mullvad:
In each case when you actually create a new client instance in the LuCI GUI, you'll be selecting the relevant recipe and then editing the configuration to specify the specific vpn server name and port you want to use. Any of other items can be edited too.
In each case, per the guide linked to above, you'll be adding a [vpn provider name]_userpass.txt file to the router's /etc/openvpn folder (containing your username and password, on separate lines), for that service. Also any keys or certificates you've downloaded from your VPN provider should be renamed and placed in that same folder with the vpn provider name concatenated with the key or cert name separated by an underscore. See the above recipes for how the path and file names look if that explanation is unclear.
WinSCP is the best and easiest way to get any non-GUI tasks done. WinSCP works on any recent version of Windows and will also run on the Mac using the WINE "compatibility layer".
A previous post contains the specifics (oriented towards ROOter on the RaspberryPi, but the concepts apply to any ROOter, LEDE or OpenWRT installation) of configuring an OpenVPN client with VPN providers like:
Private Internet Access (see the original post for this one)
Windscribe
ProtonVPN
Mullvad
Here's the post to use for the step by step:
https://www.snbforums.com/threads/r...e-fork-rooter-build-pia-openvpn-client.41024/
And here are the additional recipes for popular VPN providers (special thanks to @hamtator on the ROOter forum for contributions and testing):
Windscribe:
Code:
config openvpn_recipe windscribe_client_tun
option _description "Client configuration for Windscribe"
option _role "client"
option client "1"
option dev "tun"
option proto "udp"
list remote "example.windscribe.com"
option port "443"
option resolv_retry "infinite"
option nobind "1"
option persist_key "1"
option persist_tun "1"
option cipher "aes-256-cbc"
option auth "sha512"
option tls_client "1"
option remote_cert_tls "server"
option key_direction "1"
option auth_user_pass "/etc/openvpn/windscribe_userpass.txt"
option comp_lzo "yes"
option verb "2"
option reneg_sec "432000"
option tls_auth "/etc/openvpn/windscribe_ta.key"
option ca "/etc/openvpn/windscribe_ca.crt"
option redirect_gateway "def1"
ProtonVPN:
Code:
config openvpn_recipe proton_client_tun
option _description "Client configuration for ProtonVPN"
option _role "client"
option client "1"
option dev "tun"
option proto "udp"
list remote "example.protonvpn.com"
option port "1194"
option resolv_retry "infinite"
option nobind "1"
option persist_key "1"
option persist_tun "1"
option cipher "aes-256-cbc"
option auth "sha512"
option tls_client "1"
option remote_cert_tls "server"
option key_direction "1"
option auth_user_pass "/etc/openvpn/proton_userpass.txt"
option comp_lzo "yes"
option verb "3"
option reneg_sec "0"
option tls_auth "/etc/openvpn/proton_ta.key"
option ca "/etc/openvpn/proton_ca.crt"
option redirect_gateway "def1"
Mullvad:
Code:
config openvpn_recipe mullvad_client_tun
option _description "Client configuration for Mullvad"
option _role "client"
option client "1"
option dev "tun"
option proto "udp"
list remote "example.mullvad.net"
option port "1194"
option resolv_retry "infinite"
option nobind "1"
option persist_key "1"
option persist_tun "1"
option cipher "aes-256-cbc"
option tls_client "1"
option remote_cert_tls "server"
option auth_user_pass "/etc/openvpn/mullvad_userpass.txt"
option comp_lzo "yes"
option verb "3"
option ca "/etc/openvpn/mullvad_ca.crt"
option crl_verify "/etc/openvpn/mullvad_crl.pem"
option redirect_gateway "def1"
In each case when you actually create a new client instance in the LuCI GUI, you'll be selecting the relevant recipe and then editing the configuration to specify the specific vpn server name and port you want to use. Any of other items can be edited too.
In each case, per the guide linked to above, you'll be adding a [vpn provider name]_userpass.txt file to the router's /etc/openvpn folder (containing your username and password, on separate lines), for that service. Also any keys or certificates you've downloaded from your VPN provider should be renamed and placed in that same folder with the vpn provider name concatenated with the key or cert name separated by an underscore. See the above recipes for how the path and file names look if that explanation is unclear.
WinSCP is the best and easiest way to get any non-GUI tasks done. WinSCP works on any recent version of Windows and will also run on the Mac using the WINE "compatibility layer".
Last edited: