This tutorial will walk you through configuring a router using LEDE firmware version 19.07.2.
Note: to perform this setup you will need to have your operating system configured to allow an SSH connection for a file transfer from the computer to the router.
Before Starting : be sure you have downloaded the configuration file you would like to use for your connection. For this guide specifically, we have used the California file from the collection labeled Default, be sure to decompress the file so you can access the contents.
Also, decide what DNS servers fit your needs, there are four options:
- 10.0.0.241 — this can provide access to all three of the following
- 10.0.0.242 — DNS only
- 10.0.0.243 — forwards streaming domains to the parent proxy for potential access to some streaming services
- 10.0.0.244 — MACE
Step 1. System - Software: Add the necessary packages to the firmware for setting up and using an OpenVPN connection. In the top menu, click on System and in the dropdown that appears, click Software these items are highlighted in red in the image below.
1. You will need to update the package list available on the system first, to do this click on Update lists... and wait for the package retrieval to finish.
2. Once the package list is updated, click Dismiss.
3. Find the package openssh-sftp-server by typing the name in the Filter: field.
4. Click Install next to the package labeled openssh-sftp-server.
5. On the screen that is shown, click Install and wait for the package retrieval to finish. Once the package update is completed, click Dismiss.
6. Find the package luci-app-openvpn by typing the name in the Filter: field.
7. Click Install next to the package labeled luci-app-openvpn.
8. On the screen that is shown, click Install and wait for the package retrieval to finish. Once the package is installed, click Dismiss.
9. Find the package openvpn-openssl by typing the name in the Filter: field.
10. Click Install next to the package labeled openvpn-openssl.
11. On the screen that is shown, click Install and wait for the package retrieval to finish. Once the package is installed, click Dismiss.
12. Press F5, or manually refresh the page to reveal the updated interface that will allow VPN configuration.
Step 2. VPN - OpenVPN : upload an OpenVPN configuration file and make the necessary alterations for LEDE to utilize the configuration. To access the OpenVPN configuration interfaces, click VPN in the top menu of the router interface, then click OpenVPN in the dropdown, these items are highlighted in red in the image below.
1. Input a descriptive name for the VPN connection you are creating in the field OVPN configuration file upload text box.
2. Click Browse....
3. Navigate to the folder containing the OpenVPN files that you saved Before Starting and select the file for the server location you want to connect to.
4. Click Open to select the file.
5. Click Upload to transfer the file and create the VPN configuration.
6. Click the Check the box for Enabled next to your new connection.
7. Click Save & Apply for your router to initiate the configuration.
8. Click the Edit button for this new configuration, this will open the configuration for a few minor changes.
9. Add the following two lines, replacing the DNS servers with the ones that fit your needs, shown in the Before starting section.
dhcp-option DNS 10.0.0.241 dhcp-option DNS 10.0.0.243
10. Find the line with the text auth-user-pass. Add the following text on the same line with a space between /etc/openvpn/credentials.txt. That line should read:
auth-user-pass /etc/openvpn/<descriptive name>.auth
*note that descriptive name will be the name you chose for the configuration.
11. The line just below that is compress. Add the following text on the same line with a space between lzo. That line should read:
12. In the section below the OpenVPN configuration is an area to add your login credentials. On the first line of this text input, type your PIA username - that is always in the format of p1234567 and cannot be replaced with any other information.
13. On the second line of this input, type your PIA ‘p-login’ password, which is assigned to you upon account creation, but you have the ability to customize in the client control panel. (If you have an ‘x-login’ this is a different password, do not use it.)
14. Click Save.
Step 3. Network - Interfaces : create and connect the interface for the VPN to utilize for traffic, and set the system to use the PIA DNS servers. Using PIA DNS servers will prevent DNS logging and leaks. Click on the Network button on the top navigation bar and select Interfaces from the dropdown; both of those items are highlighted in red in the image below.
1. Click Add new interface... to create the VPN tunnel.
2. Input a Name for the new interface, PIA_VPN is what we used.
3. For Protocol select Unmanaged.
4. Click on the Interface dropdown and at the bottom, type the custom interface tun0 and press Enter.
5. Click Create Interface.
6. Click Save.
7. Click Save & Apply to utilize these changes.
Step 3. Network - Firewall : you will now need to apply firewall rules to allow the tunnel interface to be used. Access the firewall interface by clicking Network on the top menu and click Firewall from the dropdown that appears; these items are highlighted in red in the image below.
1. In the row listed as WAN => Reject, click on the Edit button.
2. In the Covered Networks dropdown, select the PIA_VPN interface you created.
3. Click Save.
4. Click Save & Apply.
You are now ready to start the VPN connection. Navigate back to the VPN dropdown and select OpenVPN, shown highlighted in red in the image below. Click Start next to the OpenVPN configuration you created. The connection will show yes in the Started column when the connection is successful.