User Tools

Site Tools



For an overview over all existing Virtual private network (VPN)-related articles in the OpenWrt wiki, please visit vpn.overview


NOTE: The information on this page is obsolete. Beginning with Chaos Calmer, vpnc is configured via UCI. See the README in the vpnc package directory.
opkg update;opkg install vpnc

vi /etc/vpnc/default.conf

IPSec gateway
IPSec ID munky
IPSec secret correcthorsebatterystaple
Xauth username munky
Xauth passwordcorrecthorsebatterystaple

This provides the router with access to the vpn but nothing on your LAN will access the vpn resources. So we need post-connect rules.

vi /etc/vpnc/post-connect.d/masquerade

iptables -A forwarding_rule -o tun0 -j ACCEPT
iptables -A forwarding_rule -i tun0 -j ACCEPT
iptables -t nat -A postrouting_rule -o tun0 -j MASQUERADE

Now when you run the command 'vpnc' it should connect the vpn and your LAN will be able to connect as well now. Next we want to autoconnect when you boot the router.

mkdir /etc/config/vpnc
cd /etc/config/vpnc

vi /etc/config/vpnc/startup-script

#!/bin/sh /etc/rc.common
START = 75
STOP = 01 

start () {

stop () {

This script should be symlinked to /etc/init.d but for some reason the symlink cannot be enabled.

cp /etc/config/vpnc/startup-script /etc/init.d/vpnc
/etc/init.d/vpnc enable

The remaining problem is detecting when the vpn disconnects. Note in this script. You should change this to an ip address on the vpn.

vi /etc/config/vpnc/keep-alive

if ping -q -c 1 2>&1 > /dev/null;	then
echo itworks > /dev/null


/etc/init.d/vpnc stop
sleep 50
/etc/init.d/vpnc start


The final action needed is to created the scheduled task. The following runs this every 15 minutes.

crontab -e

*/15 * * * * /etc/config/vpnc/keep-alive

doc/howto/vpn.client.vpnc.txt · Last modified: 2015/02/13 10:55 by danielg4