Configured on OpenWRT "Chaos Calmer" 15.05 via CLI + LuCI
Please note: Golden Frog offers limited support for this platform due to many variables that can cause connection or performance issues. This firmware is open-source with many versions and a growing list of supported hardware. Setup instructions are provided as-is with no guarantee of functionality or performance.
1.Connect as root to the router via SSH using the client of your choice. Terminal or PuTTY are popular options. Unless changed, the default gateway of the router will be 192.168.1.1.
For example: In Terminal, type: ssh firstname.lastname@example.org
2. Update your package list and install the necessary OpenVPN packages using the commands below. Note: These are two separate commands. Updating your package list will take a moment. Run the second command afterwards.
opkg update opkg install openvpn-openssl luci-app-openvpn
3. Once the packages are installed, configure the password text file that the connection will use. To do this, type the following command and press Enter:
cat > /etc/openvpn/userpass.txt << EOF
This will create a new text file to store your username and password (on two separate lines). Typing EOF + Enter at the end saves and closes the file.
email@example.com p@ssW0rd EOF
This file will be used by the OpenVPN client configuration for username-password authentication.
4. Modify permissions of the text file by entering this command:
chmod 0400 /etc/openvpn/userpass.txt
5. Type exit and press Enter to close the SSH session.
6. Log into the OpenWRT firmware via the LuCI web panel in your web browser. By default, the gateway is 192.168.1.1.
6. Go to the Services menu and click OpenVPN.
7. Create a new instance named VyprVPN and select the 3rd option from the drop-down: Simple client configuration for a routed point-to-point VPN. Click Add.
8. Now we need to configure the OpenVPN client settings. To do this, click Switch to advanced configuration towards the top of the page where it says Overview.
9. Leave the Service category set to defaults. No need to make any changes here.
10. Click on Networking and fill in the information below.
Note: You will need to add certain fields if they are missing from your configuration. You can add the appropriate extra fields towards the bottom of the page where you see the Additional Field drop-down. * indicates an added field.
- float: Not verified
- nobind: Verified
- dev: tun (this should be the default)
- tun_ipv6: Not verified
- ifconfig: Delete the addresses listed here. Leave blank.
- ifconfig_noexec: Not verified
- ifconfig_nowarn: Not verified
- route_noexec: Not verified
- mtu_test: Not verified
- comp_lzo: Yes (this should be the default)
- *tun_mtu: 1500
- *keepalive: 10 60
- ping_timer_rem: Not verified
- persist_tun: Verified
- persist_key: Verified
- persist_local_ip: Not verified
- persist_remote_ip: Verified
- management_query_passwords: Not verified
- management_hold: Not verified
11. Click Save at the bottom of the page.
12. Click on VPN towards the top of the page and fill in the information below. Same rule applies for additional fields. Some may need to be added using the drop-down at the bottom of the page. * indicates an added field.
- client: Checked
- pull: Unchecked
- *auth_user_pass: /etc/openvpn/userpass.txt (this should be the default)
- remote: Fill in your desired VyprVPN Server address using the server list page. (Example: us1.vpn.goldenfrog.com)
- remote_random: Checked
- *proto: udp
- http_proxy_retry: Unchecked
- *resolv_retry: infinite (this should be the default)
13. Click Save at the bottom of the page.
14. Click on Cryptography towards the top of the page and fill in the information below. Same rule applies for additional fields. Some may need to be added using the drop-down at the bottom of the page. * indicates an added field.
- secret: Delete the text listed here. Leave blank
- no_replay: Unchecked
- mute_replay_warnings: Unchecked
- no_iv: Unchecked
- tls_client: Checked
- *ca: Download the CA certificate from this link and upload it for this setting.
- single_session: Unchecked
- tls_exit: Unchecked
- auth_nocache: Checked
15. Click Save & Apply at the bottom of the page.
This completes the configuration of the OpenVPN client settings. If you are familiar with OpenVPN configuration settings, you can customize client-side options for keepalive, tun_mtu, etc.
16. Now we need to configure the interface for the VyprVPN connection. Go to the Network menu and click Interfaces.
17. Click Add new interface...
18. The name of the new interface should be VyprVPN.
19. Select Unmanaged for the protocol.
20. Select Custom Interface and type in tun0
21. Click Submit.
22. Go back to Network > Interfaces and click Edit for LAN.
23. Under Common Configuration for Use custom DNS servers, enter the custom DNS of your choosing. Currently, VyprDNS does not work with this setup. We recommend Google DNS or OpenDNS, but you can use whatever you like.
Google DNS: 18.104.22.168 and 22.214.171.124 OpenDNS: 126.96.36.199 and 188.8.131.52
24. Click Save & Apply at the bottom of the page.
25. Now we need to configure the firewall for the VyprVPN connection. Go to the Network menu and click Firewall.
26. Click Add.
27. Configure the following settings for the new firewall zone:
- Name: VyprVPN
- Input: reject
- Output: accept
- Forward: reject
- Masquerading: Checked
- MSS clamping: Checked
- Covered networks: Select VyprVPN.
28. For Inter-Zone Forwarding select the following:
- Allow forward to destination zones: All unchecked
- Allow forward from source zones: Check lan
29. Click Save & Apply at the bottom of the page.
30. Assign the new firewall zone to the VyprVPN interface. Go back to Network > Interfaces and click Edit for VyprVPN.
31. Click the Firewall Settings tab. Select VyprVPN for the assigned firewall zone and click Save & Apply.
32. VyprVPN is now configured in your OpenWRT router! Go to Services > OpenVPN, check the box for Enabled next to VyprVPN, then click the Start button to initiate the connection.
33. Allow a minute or two for the connection to establish, then check your IP address using our IP checker web page.
34. Enjoy VyprVPN in your OpenWRT router!
- This setup establishes a connection that will automatically establish when you restart your router or if the connection is lost. This is ideal if you want a persistent VyprVPN connection.
- During internal testing, it has been observed that the OpenVPN instance may continually restart even when you click Stop and uncheck the option to enable the instance. To completely stop OpenVPN, SSH to the router and login as root. Run this command: /etc/init.d/openvpn stop
If you need any further assistance, please contact support and we'll be happy to help!
Last reviewed/updated March 2020