OPENVPN CLOUD IS LIVE: TRY TODAY FOR FREE
Using OpenVPN Cloud profile to configure OpenWrt

Introduction

Many of our users have expressed interest in using OpenVPN protocol compatible routers to connect to OpenVPN Cloud instead of using the Connector application.

While connecting in this manner may not yield the best performance, due to the limited processing power and memory of the router, it could be useful in the cases where convenience, rather than high throughput, is required.

Please note that the information provided here is for EDUCATION and INFORMATIONAL uses only. We are not responsible for any damages you incur as a result of using these instructions here. For technical support, you need to contact the supplier of the router or the appropriate community forums.

It is not guaranteed that all versions of the firmware will work as expected with OpenVPN Cloud and some features may be incompatible. It is best to update the firmware to the latest version.

Downloading the Connector profile

To configure the routers you need to use specific sections of the OpenVPN Cloud Connector profile in specific setting configurations.

First, you need to download the profile in .ovpn format from the Network configuration you have created in the Administration portal to represent the router’s network.

The profile can be downloaded by selecting it as the option in the drop-down list shown after clicking on the download icon. See, picture.

OpenVPN Cloud profile to configure OpenWrt

Open the downloaded profile file in a text editor. In Windows, the file must be opened in a text editor other than Notepad (e.g. Wordpad / Notepad++).

Configuring OpenWrt

To connect to the OpenVPN Cloud service using your OpenWrt router, please follow the steps below:

  1. If you have not already upgraded to the latest of OpenWrt, please follow the instructions on the OpenWrt website.
  2. Login to the LuCI web interface, and then go to System -> Software.
  3. Install the openvpnpolarssl and the luci-app-openvpn packages on your system by putting the name of the package in the Download and install package: textbox and then click OK.
  4. After the packages have been installed, refresh the web page. The OpenVPN option should appear under Services. If the option does not appear, log out of the administration interface and then log back in.
  5. In the LuCI interface, go to Services -> OpenVPN.
  6. In the blank text box that appears, enter OpenVPNCloud as the name, and use the Client configuration for a routed multi-client VPN drop down option, and click Add.
  7. In the profile editor that appears, click the Switch to advanced configuration >> link.
  8. In the Service tab of the profile editor:
    1. Check the fast_io checkbox.
    2. Click the Save button.
  9. In the Networking tab of the profile editor:
    1. Under — Additional Field —, add the sndbuf and rcvbuf fields.
    2. Change the sndbuf and rcvbuf values to both 0.
    3. Change the dev textbox to read tun0.
    4. Select adaptive under the comp_lzo option.
    5. Click the Save button.
  10. In the VPN tab of the profile editor:
    1. Check the pull checkbox.
    2. In the remote text box, enter the remote value from your profile file. They should be near the top of the file and after the word remote (e.g. eu-west.gw.openvpn.cloud 1194 udp).
    3. Click the + button next to the text box, and repeat the entry for the 443 tcp entry below (e.g. eu-west.gw.openvpn.cloud 443 tcp).
    4. Uncheck the remote_random option.
    5. Click the Save button.
  11. In the Cryptography tab of the profile editor:
    1. Under –Additional Field— , add the ca field.
      1. In the profile you have downloaded, copy the contents between the <ca> and </ca> tag into a new file. Make sure you include all of the —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—– lines in the new file. There should be a total of four of such lines, and when copying the contents into a new file, omit the <ca> and </ca> tags in the beginning and the end, since these will be added automatically by OpenWrt.
      2. Upload the certificate into OpenWrt by selecting the new file you have created.
    2. Under –Additional Field— , add the cert field.
      1. In the profile you have downloaded, copy the contents between the <cert> and </cert> tag into a new file. Make sure you include all of the —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—– lines in the new file. There should be a total of two of such lines, and when copying the contents into a new file, omit the <cert> and </cert> tags in the beginning and the end, since these will be added automatically by OpenWrt.
      2. Upload the certificate into OpenWrt by selecting the new file you have created.
    3. Under –Additional Field— , add the key field.
      1. In the profile you have downloaded, copy the contents between the <key> and </key> tag into a new file. Make sure you include all of the —–BEGIN RSA PRIVATE KEY—– and —–END RSA PRIVATE KEY—– lines in the new file. There should be a total of two of such lines, and when copying the contents into a new file, omit the <key> and </key> tags in the beginning and the end, since these will be added automatically by OpenWrt.
      2. Upload the key into OpenWrt by selecting the new file you have created.
    4. Under –Additional Field— , add the tls_auth field.
      1. In the profile you have downloaded, copy the contents between the <tls-auth> and </tls-auth> tag into a new file. Make sure you include all of the —–BEGIN OpenVPN Static key V1—– and —–END OpenVPN Static key V1—– lines in the new file. There should be a total of two of such lines, and when copying the contents into a new file, omit the <tls-auth> and </tls-auth> tags in the beginning and the end, since these will be added automatically by OpenWrt.
      2. Upload the TLS auth key file using SCP to your router in the /etc/openvpn/ folder with the file name tlsauth.key. If you already have a VPN profile that is using this file name, change the file name accordingly and then update the path value in the tls_auth text box that appears. If you are using Notepad++ to copy the contents of the file over a PuTTY or an SSH session, please make sure the new file is using the Windows EOL format, otherwise the copied lines will not be transferred properly. This option can be changed in Edit -> EOL Conversion -> Windows Format.
  12. Click Save & Apply to save the OpenVPN configuration on your router.
  13. On the top of the LuCI interface, go to Network -> Interfaces.
    1. Click Add new interfaces…
    2. Enter OpenVPNCloud under the Name of the new interface text box.
    3. Select Unmanaged under the Protocol of the new interface text box.
    4. Click the radio button next to Custom Interface: and enter tun0 into the text box.
    5. Click Submit to save the custom interface.
  14. On the top of the LuCI interface, go to Network -> Firewall.
    1. Click the Add button.
    2. Use the following settings for the newly created zone:
      1. Name: OC
      2. Input: drop
      3. Output: accept
      4. Forward: drop
      5. Masquerading: Checked
      6. MSS Clamping: Unchecked
      7. Covered networks: OpenVPNCloud (checked)
      8. Inter-Zone Forwarding -> Allow forward from source zones: lan (checked)
    3. Click Save & Apply to save the newly created zone.
  15. To start the VPN connection, go to Services -> OpenVPN, check the Enabled checkbox and then the start button under the OpenVPNCloud profile.