Skip to main content

LEDE 19.07.2 (OpenVPN Setup from Config File)

LEDE

This tutorial will walk you through configuring a router using LEDE firmware version 19.07.2.

Note: to perform this setup you will need to have your operating system configured to allow an SSH connection for a file transfer from the computer to the router.

Before Starting : Download the configuration file you would like to use for your connection. Collections of files for all available server locations, with variations in the settings can be found here: https://www.privateinternetaccess.com/helpdesk/kb/articles/where-can-i-find-your-ovpn-files For this guide specifically, we have used the collection labeled (STRONG), which uses the highest encryption settings. Once you have downloaded one of the files, be sure to decompress the file so you can access the contents.

Step 1. System - Software: Add the necessary packages to the firmware for setting up and using an OpenVPN connection. In the top menu, click on System and in the dropdown that appears, click Software these items are highlighted in red in the image below.

Step 1. System - Software: Add the necessary packages to the firmware for setting up and using an OpenVPN connection. In the top menu, click on System and in the dropdown that appears, click Software these items are highlighted in red in the image below.

1. You will need to update the package list available on the system first, to do this click on Update lists... and wait for the package retrieval to finish.

2. Once the package list is updated, click Dismiss.

3. Find the package openssh-sftp-server by typing the name in the Filter: field.

4. Click Install next to the package labeled openssh-sftp-server.

5. On the screen that is shown, click Install and wait for the package retrieval to finish. Once the package update is completed, click Dismiss.

6. Find the package luci-app-openvpn by typing the name in the Filter: field.

7. Click Install next to the package labeled luci-app-openvpn.

8. On the screen that is shown, click Install and wait for the package retrieval to finish. Once the package is installed, click Dismiss.

9. Find the package openvpn-openssl by typing the name in the Filter: field.

10. Click Install next to the package labeled openvpn-openssl.

11. On the screen that is shown, click Install and wait for the package retrieval to finish. Once the package is installed, click Dismiss.

12. Press F5, or manually refresh the page to reveal the updated interface that will allow VPN configuration.

Step 2. On your computer: create a folder and file containing your PIA login credentials, and upload the file to the router for use in the VPN connection.

1. Navigate to the ‘Documents/’ folder.

2. Right click in blank space in the folder and click ‘New > Folder’.

3. Name this new folder ‘PIA_Setup’.

4. Double-click the PIA_Setup folder to open it.

5. Right-click in the empty space of that folder and click on New > Text Document.

6. Name this file credentials.txt.

7. Open credentials.txt in notepad.

8. On the first line of this document, type your PIA username - that is always in the format of p1234567 and cannot be replaced with any other information.

9. On the second line of this document, type your PIA ‘p-login’ password, which is assigned to you upon account creation, but you have the ability to customize in the client control panel. (If you have an ‘x-login’ this is a different password, do not use it.)

10. Click the X to close the notepad window.

11. When prompted, click Save.

12. Highlight the following text, and press Ctrl and C at the same time, or right click, to copy the text:

scp Documents/PIA_Setup/* root@192.168.1.1:/etc/openvpn

13. Press the Windows Key and R at the same time, to open the run prompt.

14. Type cmd and press Enter to open the command prompt.

15. Press Ctrl and V at the same time, or right click, to paste the command in the command prompt window, and press Enter to run the command.

16. You may be prompted to proceed, you will need to type yes and press enter. (Note: the input for this confirmation will not show as it is typed; the input entered is still received and significant to the results.)

17. You will be prompted for the password of your router login - input that information and press Enter. (Note: the input for the password will not show as it is typed; the input entered is still received and significant to the results.)

18. The command prompt will provide confirmation the credentials.txt file was transferred, you can then close the command prompt window.

Step 3. VPN - OpenVPN : upload an OpenVPN configuration file and make the necessary alterations for LEDE to utilize the configuration. To access the OpenVPN configuration interfaces, click VPN in the top menu of the router interface, then click OpenVPN in the dropdown, these items are highlighted in red in the image below.

1. Input a descriptive name for the VPN connection you are creating in the field OVPN configuration file upload text box.

2. Click Browse....

3. Navigate to the folder containing the OpenVPN files that you saved Before Starting and select the file for the server location you want to connect to.

4. Click Open to select the file.

5. Click Upload to transfer the file and create the VPN configuration.

6. Click the Check the box for Enabled next to your new connection.

7. Click Save & Apply for your router to initiate the configuration.

8. Click the Edit button for this new configuration, this will open the configuration for a few minor changes.

9. Find the line with the text auth-user-pass.  Add the following text on the same line with a space between /etc/openvpn/credentials.txt. That line should read:

auth-user-pass /etc/openvpn/credentials.txt

10. The line just below that is compress. Add the following text on the same line with a space between lzo. That line should read:

compress lzo

11. Click Save.

Step 4. Network - Interfaces : create and connect the interface for the VPN to utilize for traffic, and set the system to use the PIA DNS servers. Using PIA DNS servers will prevent DNS logging and leaks. Click on the Network button on the top navigation bar and select Interfaces from the dropdown; both of those items are highlighted in red in the image below.

1. Next to the listing for WAN click Edit.

2. Click the Advanced Settings tab at the top of the window that opens.

3. Uncheck the box labeled Use DNS servers advertised by peer; input to Use custom DNS servers will appear.

4. Input 209.222.18.222 and click the + next to the input to add the DNS server.

5. Input 209.222.18.218 and click the + next to the input to add the DNS server.

6. Click Save.

7. Click Add new interface... to create the VPN tunnel.

8. Input a Name for the new interface, PIA_VPN is what we used.

9. For Protocol select Unamanged.

10. Click on the Interface dropdown and at the bottom, type the custom interface tun0 and press Enter.

11. Click Create Interface.

12. Click Save.

13. Click Save & Apply to utilize these changes.

Step 5. Network - Firewall : you will now need to apply firewall rules to allow the tunnel interface to be used. Access the firewall interface by clicking Network on the top menu and click Firewall from the dropdown that appears; these items are highlighted in red in the image below.

1. In the row listed as WAN => Reject, click on the Edit button.

2. In the Covered Networks dropdown, select the PIA_VPN interface you created.

3. Click Save.

4. Click Save & Apply.

You are now ready to start the VPN connection. Navigate back to the VPN dropdown and select OpenVPN, shown highlighted in red in the image below. Click Start next to the OpenVPN configuration you created. The connection will show yes in the Started column when the connection is successful.

Authors list

First published: 22/04/2020

Last updated: Apr 24, 2020 by Joseph Calhoon