Setup OpenVPN on OpenWrt via Luci

Install Packages

# ssh root@192.168.31.1
$ opkg update
$ opkg intall openvpn-openssl luci-app-openvpn

Luci Config

  • 打开Services->OpenVPN页面, 创建一个Profile, 并且上传client.p12文件, 保存Profile后, 需要对配置文件(/etc/config/openvpn)进一步修改.

  • 打开Network->DHCP&DNS页面, 创建DNS记录, 并且忽略resolve文件.

$ vim miwifi.ovpn

$ tree
├── ca.crt
├── client.crt
├── client.key
├── ta.key
└── miwifi.ovpn

$ openssl pkcs12 -export -out client.p12 -inkey client.key -in client.crt -certfile ca.crt -passout pass:

$ scp ta.key root@192.168.31.1:/etc/openvpn/tlsauth.key

Console Config

# ssh root@192.168.31.1
$ vi /etc/init.d/openvpn
$ vi /etc/config/openvpn
$ /etc/init.d/openvpn start
$ ifconfig tun0

/etc/config/dhcp (via Luci)

config dnsmasq  
    option domainneeded '1'
    option boguspriv '1'
    option localise_queries '1'
    option rebind_protection '1'
    option rebind_localhost '1'
    option local '/lan/'
    option domain 'lan'
    option expandhosts '1'
    option authoritative '1'
    option readethers '1'
    option leasefile '/tmp/dhcp.leases'
    option localservice '1'
    option noresolv '1'
    list server '208.67.222.222'
    list server '208.67.220.220'
    option nonwildcard '0'

Ignore resolve file: YES

/etc/init.d/openvpn (patch)

start_instance() {  
        # append params
        append_params "$s" \
        # ... \
        key_direction
        # ...
}

/etc/config/openvpn

config openvpn 'client'  
    option nobind '1'
    option client '1'
    option dev 'tun'
    option verb '3'
    option remote_cert_tls 'server'
    option proto 'tcp'
    list remote 'openvpn.easypi.info'
    option tls_auth '/etc/openvpn/tlsauth.key'
    option key_direction '1'
    option redirect_gateway 'def1'
    option pkcs12 '/etc/luci-uploads/cbid.openvpn.client.pkcs12'
    option enabled '1'

Read More