Router Setup
OpenWrt OpenVPN Setup Guide
Install required packages
-
In your router’s webUI, navigate to
System
-Software
, clickUpdate lists
-
In the Filter field, type OpenVPN, locate and install openvpn-openssl & luci-app-openvpn packages
-
Restart your router
If you receive an error while attempting to install the 'luci-app-openvpn' package, check the 'Overwrite files from other package(s)' checkbox
Create a VPN profile
-
Download and extract our config files to your computer
-
In your router, navigate to
VPN
-OpenVPN
-
Under the OVPN configuration file upload section,
Browse
for the .ovpn config file with the VPN server you would like to connect to, give it any name, then clickUpload
-
Click the
Edit
button next to the created OpenVPN instance and enter your IVPN account ID that begins with letters ‘ivpnXXXXXXXX’ or ‘i-XXXX-XXXX-XXXX’ (case-sensitive) and any password (e.g. ivpn) in 2 separate lines in the text box at the bottom -
Append the credentials file path to the auth-user-pass line in the first text box. The full path is visible just above the second text box, e.g. -
auth-user-pass /etc/openvpn/Austria.auth
. ClickSave
-
Replace the hostname of the VPN server in line 4 with its IP address -
remote 185.244.212.66 2049
.
To turn the hostname of the server into an IP address use, e.g. thenslookup at.gw.ivpn.net
command in your computer’s terminal:$ nslookup at.gw.ivpn.net
…
Name: at.gw.ivpn.net
Address: 185.244.212.66 -
Click
Save
. Return to mainOpenVPN
section, check theEnabled
checkbox and click on theSave & Apply
button.
Create an Interface
-
Navigate to
Network
-Interfaces
-
Click on the
Add new interface
button and enter the following configuration:- Name - Give it any name, e.g. ivpnAustria
- Protocol - Unmanaged
- Interface - tun0
-
Create interface
-
In the interface properties window, ensure that Bring up on boot is checked, then click
Save
&Save & Apply
buttons.
Add a Firewall zone
-
Navigate to
Network
-Firewall
-
Click the
Add
button and enter the following configuration:- Name - Give it any name, e.g. ivpn_fw
- Input - Reject
- Output - Accept
- Forward - Reject
- Masquerading - Checked
- MSS clamping - Checked
- Covered networks - select the previously created VPN tunnel interface, e.g. ivpnAustria
- Allow forward to destination zones - Unspecified
- Allow forward from source zones - lan
-
Click
Save
&Save & Apply
buttons.
Configure a Kill-switch (optional)
To ensure the traffic on your LAN devices travels strictly via the VPN tunnel and to prevent any possible leaks if the router disconnects from the VPN server for any reason, edit your lan firewall zone and remove WAN from the Allow forward to destination zones
field, then click Save
& Save & Apply
buttons.
DNS
-
Navigate to
Network
-Interfaces
-
Click on the
Edit
button next to the WAN interface -
In the
Advanced Settings
tab, uncheck theUser DNS servers advertised by peer
and specify one of the following DNS servers in theUse custom DNS servers
field:- 10.0.254.1 = regular DNS with no blocking
- 10.0.254.2 = standard AntiTracker to block advertising and malware domains
- 10.0.254.3 = Hardcore Mode AntiTracker to also block Google and Facebook domains
-
Click
Save
&Save & Apply
buttons.
Final Steps
- A device reboot is not required, though it may be useful to confirm that everything behaves as expected.
- Run a leak test at https://www.dnsleaktest.com via one of the internal network clients attached to your OpenWRT router.
Please note: If you plan to use a Multi-hop setup please see this guide and make the required changes in the .ovpn config file.