Skip to main content

Tutorial: Configure an OpenWrt Router To Connect to CloudConnexa

Abstract

This tutorial contains instructions on how to use an OpenWrt router and configure it to use a Connector profile to connect to CloudConnexa and make the network part of your WPC.

Introduction

Many of our Users have expressed interest in using CloudConnexa protocol compatible routers to connect to CloudConnexa instead of using the Connector application.

While connecting in this manner may not yield the best performance, due to the limited processing power and memory of the router, it could be useful in cases where convenience, rather than high throughput, is required.

Important

The information provided here is for EDUCATIONAL and INFORMATIONAL purposes only. We are not responsible for any damages you incur as a result of using these instructions here. For technical support, you need to contact the supplier of the router or the appropriate community forums. It is not guaranteed that all versions of the firmware will work as expected with CloudConnexa and some features may be incompatible. It is best to update the firmware to the latest version.

Note

Refer to instructions from OpenWrt for the latest information.

Downloading the Connector Profile

To configure the routers you need to use specific sections of the OpenVPN Connector Profile in specific setting configurations.

First, you need to download the Profile in .ovpn format from the Network configuration you have created in the Administration portal to represent the router’s Network.

The Profile can be downloaded by selecting it as the option in the drop-down list shown after clicking on Deploy.

Open the downloaded Profile file in a text editor. In Windows, the file must be opened in a text editor other than Notepad (e.g. Wordpad / Notepad++).

Configuring OpenWrt

To connect to the CloudConnexa service using your OpenWrt router, please follow the steps below:

  1. If you have not already upgraded to the latest of OpenWrt, please follow the instructions on the OpenWrt website.

  2. Login to the LuCI web interface, and then go to System -> Software.

  3. Install the openvpn-openssl and the luci-app-openvpn packages on your system by putting the name of the package in the Download and install package: textbox and then click OK.

  4. After the packages have been installed, refresh the web page. The OpenVPN option should appear under VPN. If the option does not appear, log out of the administration interface and then log back in.

  5. In the LuCI interface, go to VPN > OpenVPN.

  6. If your router supports the OVPN configuration file upload option, follow the steps in OVPN configuration file upload, otherwise follow Template based configuration.

OVPN configuration file upload

To upload the Profile to your router, follow the steps below:

  1. VPN > OpenVPN.

  2. Under ovpn configuration file upload, in the textbox instance name, enter CloudConnexa; Choose the downloaded profile in .ovpn format and click upload.

  3. Under the OpenVPN instances, check the Enabled checkbox from the newly created instance (CloudConnexa) and click start.

  4. Click Save and Apply.

Template based configuration

  1. In the blank text box that appears, enter CloudConnexa as the name, and use the Client configuration for a routed multi-client WPC drop-down option, and click Add.

    Note

    This is in the template-based configuration text box instance name.

  2. In the Profile editor that appears, click the Switch to advanced configuration >> link.

    Note

    You will need to edit the newly created instance.

  3. From VPN > OpenVPN in the Profile editor:

    1. Choose from the "additional field" drop-down list fast_io.

    2. Check the fast_io checkbox.

    3. Click the Save button.

  4. In the Networking tab of the Profile editor:

    1. Under — Additional Field —, add the sndbuf and rcvbuf fields.

    2. Change the sndbuf and rcvbuf values to both 0.

    3. Change the dev textbox to read tun0.

    4. Select adaptive under the comp_lzo option.

    5. Click the Save button.

  5. In the VPN tab of the Profile editor:

    1. Check the pull checkbox.

    2. In the remote text box, enter the remote value from your Profile file. They should be near the top of the file and after the word remote (e.g. eu-west.gw.openvpn.com 1194 udp).

    3. Click the + button next to the text box, and repeat the entry for the 443 tcp entry below (e.g. eu-west.gw.openvpn.com 443 tcp).

    4. Click the Save button.

  6. In the Cryptography tab of the Profile editor:

    1. Under –Additional Field— , add the ca field.

      1. In the Profile you have downloaded, copy the contents between the <ca> and </ca> tag into a new file. Make sure you include all of the —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—– lines in the new file. There should be a total of four of such lines, and when copying the contents into a new file, omit the <ca> and </ca> tags in the beginning and the end, since these will be added automatically by OpenWrt.

      2. Upload the certificate into OpenWrt by selecting the new file you have created.

    2. Under –Additional Field— , add the cert field.

      1. In the Profile you have downloaded, copy the contents between the <cert> and </cert> tag into a new file. Make sure you include all of the —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—– lines in the new file. There should be a total of two of such lines, and when copying the contents into a new file, omit the <cert> and </cert> tags in the beginning and the end, since these will be added automatically by OpenWrt.

      2. Upload the certificate into OpenWrt by selecting the new file you have created.

    3. Under –Additional Field— , add the key field.

      1. In the Profile you have downloaded, copy the contents between the <key> and </key> tag into a new file. Make sure you include all of the —–BEGIN RSA PRIVATE KEY—– and —–END RSA PRIVATE KEY—– lines in the new file. There should be a total of two of such lines, and when copying the contents into a new file, omit the <key> and </key> tags in the beginning and the end, since these will be added automatically by OpenWrt.

      2. Upload the key into OpenWrt by selecting the new file you have created.

    4. Under –Additional Field— , add the tls_auth field.

      1. In the Profile you have downloaded, copy the contents between the <tls-auth> and </tls-auth> tag into a new file. Make sure you include all of the —–BEGIN CloudConnexa Static key V1—– and —–END CloudConnexa Static key V1—– lines in the new file. There should be a total of two of such lines, and when copying the contents into a new file, omit the <tls-auth> and </tls-auth> tags in the beginning and the end, since these will be added automatically by OpenWrt.

      2. Upload the TLS auth key file using SCP to your router in the /etc/openvpn/ folder with the file name tlsauth.key. If you already have a WPC Profile that is using this file name, change the file name accordingly and then update the path value in the tls_auth text box that appears. If you are using Notepad++ to copy the contents of the file over a PuTTY or an SSH session, please make sure the new file is using the Windows EOL format, otherwise the copied lines will not be transferred properly. This option can be changed in Edit -> EOL Conversion -> Windows Format.

  7. Click Save & Apply to save the CloudConnexa configuration on your router.

  8. On the top of the LuCI interface, go to Network -> Interfaces.

    1. Click Add new interfaces…

    2. Enter CloudConnexa under the Name text box.

    3. Select Unmanaged under the Protocol text box.

    4. Click the drop-down next to Interface: and enter tun0 into the text box.

    5. Click Create interface to save the custom interface.

  9. On the top of the LuCI interface, go to Network -> Firewall.

    1. Click the Add button.

    2. Use the following settings for the newly created zone:

      1. Name: OC

      2. Input: drop

      3. Output: accept

      4. Forward: drop

      5. Masquerading: Checked

      6. MSS Clamping: Unchecked

      7. Covered Networks: CloudConnexa (checked)

      8. Inter-Zone Forwarding -> Allow forward from source zones: lan (checked)

    3. Click Save & Apply to save the newly created zone.

  10. To start the VPN connection, go to VPN -> OpenVPN, check the Enabled checkbox and then the start button under the CloudConnexa Profile.