OpenVPN client setup guide using Voxel's Firmware on a Nighthawk X4S R7800

48 posts / 0 new
Last post
WhoIsHomer
WhoIsHomer's picture
opps, sorry for the double

opps, sorry for the double post.  

kamoj
kamoj's picture
This is an up-to-date

This is an up-to-date instruction for Voxel FW:

Suppose you have the configuration-file from your provider.

1 Rename the file to: nordvpn.ovpn
2 Edit nordvpn.ovpn by changing the "auth-user-pass" line to: auth-user-pass nordvpn.auth
3 Create nordvpn.auth. It shall contain exactly 2 lines. The 1st line with your (at NORD VPN) USERNAME, the 2nd line with PASSWORD.
4 Copy both files (nordvpn.ovpn and nordvpn.auth)  to /etc/openvpn/config/client. (Remove all other files from there!)
5 Reboot or start manually: /etc/init.d/openvpn-client start

Good Luck!

 

WhoIsHomer
WhoIsHomer's picture
Great thank you, but the

Great thank you, but the nordvpn .ovpn file doesn't contain a username or password.  That is entered direclty into dd-wrt.

They also have a section called aditional config that contains several lines of text.  Where would I but that in this firmware?

 

 

 

 

kamoj
kamoj's picture
The nordvpn.ovpn file does

Sorry for my bad English, I'm not native and must have expressed myself unclearly. I try again:

The nordvpn.ovpn file does not, and shall not, contain username and password.
Instead it contains a reference to another file with login credentilas (username+ password).
This line should be like this: auth-user-pass nordvpn.auth

As I wrote:
"3 Create nordvpn.auth. It shall contain exactly 2 lines. The 1st line with your (at NORD VPN) USERNAME, the 2nd line with PASSWORD."

Additional configurations simply goes directly into the nordvpn.ovpn file.
You can add them at the beginning of the file if you want.

WhoIsHomer
WhoIsHomer's picture
ah, thank you very much!

ah, thank you very much!

WhoIsHomer
WhoIsHomer's picture
Alright so I got the files on

Alright so I got the files on my stick and they copied over to the router.  But vpn doesn't seem to be working.  I can see the log file is being created, but how do I get it copied over to my computer so I can veiw it? 

kamoj
kamoj's picture
Log in with telnet and "print

Log in with telnet and "print" the log-file to the "telnet console window":

cat /var/log/openvpn-client.log

Then copy and paste with the mouse.
 

Skich
Skich's picture
New to this custom firmware

New to this custom firmware on a router and working on a Windows machine if it matters. I setup using the read me. Got everything working for the most part except for the one script and automation. I opened note pad, pasted the script code from the appendix read me  and saved a text file to create the vpncmon script and then Renamed the extension to .sh from txt . I then moved this file to the correct directory per the read me. How do I tell if the script is running on start up per the Rc file I edited?

Further to this question I opened an ssh putty session and ran crontab -e. Hit the insert button and then put in the automation command to run the vpncmon script every 5 min. I hit esc then :w :q . When I run crontab -l root it shows the line correctly. Once I restart the router though  this is not saved and the crontab does not display the line. I also moved the actual file from the router and edited it in notepad and then saved it back to the router. Same thing, it reset itself on startup. Note I do not have the usb stock connected to the router with the swap file and vpn credentials if that matters. Can you help me to get it to save? Also it seems I can’t find the crontab log so how do I also tell it is running every 5 min?

Thanks for any help you can provide.

owencool
owencool's picture
 

 

U have to make the .sh file executable, in this case your vpncmon.sh

navigate to the vpncmon.sh directory and then run “chmod 0700 vpncmon.sh”

running “ls” command should give color to the vpncmon.sh which means it is executable

to further test if vpncmon.sh work or not, u can execute it manually using “./vpncmon.sh”

this should not give u error

owencool
owencool's picture
I dont know about crontab

I dont know about crontab since mine is working as expected. Have u installed cron using entware provided by voxel?

owencool
owencool's picture
Hey kamoj,

Hey kamoj,

Ur script work thanks but, the ddns feature in the voxel firmware is always update with the vpn IP instead of the ISP IP. Is there a way to set the ddns to resolve and update with the ISP IP? Thx

owencool
owencool's picture
I think I know what’s my

I think I know what’s my problem, apparently as my router has its own ip which is 192.168.1.1, I did not include it in the bypass openvpn script, so I think the connection of my router as 192.168.1.1 uses openvpn tunnel hence it uses my VPN IP to update the ddns. Adding 192.168.1.1 to the bypass openvpn script however causes loss of internet connection and access to my router (I cant access webgui, telnet and ssh of my router). Is there any other solution of this problem?

Skich
Skich's picture
So being completly new at

So being completly new at this I did not realize that once I installed Entware on the USB drive I needed to then run the command in terminal to install crontab and dnscrypt-proxy. Did that and it all worked. Ended up that the issue with the script was fixed by getting notepad ++ and then saving it as an .sh file rather than converting it as I did. Thanks for the assist.

 

 

owencool
owencool's picture
I have come up with solution

I have come up with solution to my problem. Here to solve my problem i have to make all my traffic by default going to the ISP, and only IP address of my choosing will go to the VPN tunnel.

in order for this to work u have to input “pull-filter ignore redirect-gateway” in ur .ovpn file to make the script below to work.

using kamoj’s script as a base, I modified it to become only the selected IP address going through vpn tunnel. There’s still some bug but it’s working

PATH=/bin:/sbin:/usr/bin:/usr/sbin:$PATH

ip route add $remote_1 via `ip route | awk '/^default /{print $3,$4,$5}'`

ip route add default via $route_vpn_gateway dev $dev metric 1

 

VPN_LST="10.0.0.25"

while [ $(ip route list table 200 default | grep "default" | wc -l) != "0" ]; do ip route del table 200 default 2>/dev/null; done

while [ $(ip route list table 200 | grep "default" | wc -l) != "0" ]; do ip route del table 200 2>/dev/null; done

while [ $(ip rule list | grep "lookup 200" | wc -l) != "0" ]; do ip rule del table 200 2>/dev/null; done

 

ip route flush cache

sleep 1

 

for includeip in $VPN_LST; do

        [ $(ip rule list | grep "${includeip} lookup 200" | wc -l) = "0" ] && ip rule add from ${includeip} table 200

done

 

ip route add table 200 default via $route_vpn_gateway dev $dev metric 1

 

 

 

owencool
owencool's picture
I have come up with solution

I have come up with solution to my problem. Here to solve my problem i have to make all my traffic by default going to the ISP, and only IP address of my choosing will go to the VPN tunnel.

in order for this to work u have to input “pull-filter ignore redirect-gateway” in ur .ovpn file to make the script below to work.

using kamoj’s script as a base, I modified it to become only the selected IP address going through vpn tunnel. There’s still some bug but it’s working

PATH=/bin:/sbin:/usr/bin:/usr/sbin:$PATH

ip route add $remote_1 via `ip route | awk '/^default /{print $3,$4,$5}'`

ip route add default via $route_vpn_gateway dev $dev metric 1

 

VPN_LST="10.0.0.25"

while [ $(ip route list table 200 default | grep "default" | wc -l) != "0" ]; do ip route del table 200 default 2>/dev/null; done

while [ $(ip route list table 200 | grep "default" | wc -l) != "0" ]; do ip route del table 200 2>/dev/null; done

while [ $(ip rule list | grep "lookup 200" | wc -l) != "0" ]; do ip rule del table 200 2>/dev/null; done

 

ip route flush cache

sleep 1

 

for includeip in $VPN_LST; do

        [ $(ip rule list | grep "${includeip} lookup 200" | wc -l) = "0" ] && ip rule add from ${includeip} table 200

done

 

ip route add table 200 default via $route_vpn_gateway dev $dev metric 1

owencool
owencool's picture
Why I can’t post my script

Why I can’t post my script here?

Hi and thanks for your

Hi and thanks for your complete guide.

Everything works fine on my R9000.

I've only one more question that probably you have just addressed .....

When you set up a VPN tunnel is made of "everithing through tunnel except the IP list". There is the way to made the same but in reverse mode ? something like "only the IP list go through tunnel"

Thanks in advace for your time

Roby

Pages