This is just a quick and dirty guide, because there was nothing on this topic yet.
- Install the openvpn package:
opkg update opkg install openvpn
Put the client config(ovpn file and key/cert files) somewhere in /root. (In this guide we assume that it's
a configuration with tap device,
dev tap should be defined in the opvn config file, if the corresponding
server is configured for tun, this isn't the right guide for you)
Run openvpn like this
openvpn --config myvpnconfig.ovpn
If your internet connection works and everything in your config is correct (which you usually get from your VPN provider), you should see something like:
Initialization Sequence Completed
Now you should be able to access the internet from your router and your IP address to the outside world will be the one of the VPN server, but what we really want is to transparently forward the openvpn connection to the router clients. To do that you need this command:
iptables -t nat -A POSTROUTING -o tap+ -j SNAT --to-source 10.xx.x.xx10.xx.x.xx needs to be replaced with your address in the VPN. Run:
ifconfig tap0and look for `inet address` to get the correct one.
Now the router clients should reach the internet again, but everything will be routed through the VPN.
As always, if you want to have this available on reboot, you can put a few lines into /etc/rc.local before exit 0, ie.:
iptables -t nat -A POSTROUTING -o tap+ -j SNAT --to-source 10.xx.x.xx openvpn --config /root/myvpnconfig.ovpn & exit 0
doc/howto/vpn.client.openvpn.tap.txt · Last modified: 2012/10/29 16:03 by zend