This is just a quick and dirty guide, because there was nothing on this topic yet.

1. Install the openvpn package:

opkg update
opkg install openvpn

Put the client config(ovpn file and key/cert files) somewhere in /root. (In this guide we assume that it's a configuration with tap device, dev tap should be defined in the opvn config file, if the corresponding server is configured for tun, this isn't the right guide for you)

Run openvpn like this

openvpn --config myvpnconfig.ovpn

If your internet connection works and everything in your config is correct (which you usually get from your VPN provider), you should see something like:

Initialization Sequence Completed

Now you should be able to access the internet from your router and your IP address to the outside world will be the one of the VPN server, but what we really want is to transparently forward the openvpn connection to the router clients. To do that you need this command:

iptables -t nat -A POSTROUTING -o tap+ -j SNAT --to-source 10.xx.x.xx

10.xx.x.xx needs to be replaced with your address in the VPN. Run:

ifconfig tap0

and look for `inet address` to get the correct one.

Now the router clients should reach the internet again, but everything will be routed through the VPN.

As always, if you want to have this available on reboot, you can put a few lines into /etc/rc.local before exit 0, ie.:

iptables -t nat -A POSTROUTING -o tap+ -j SNAT --to-source 10.xx.x.xx
openvpn --config /root/myvpnconfig.ovpn &
exit 0