OpenVPN® Client Setup on TP-Link TL-WR841N Router with OpenWrt 19.07 Firmware

for KeepSolid VPN Unlimited® users

This tutorial provides a detailed walkthrough on how to configure the OpenVPN® client on OpenWrt router. TP-Link TL-WR841N router with OpenWrt 19.07 firmware was taken as an example.

How to set up the VPN Unlimited® app for OpenWrt router? How to configure OpenVPN® client? Let’s check it out!

 

I. Set up the OpenVPN® client on your OpenWrt 19.07 router

II. Generate OpenVPN® client settings in your User Office

III. Configure OpenVPN® connection on OpenWrt 19.07 router

IV. Add OpenVPN® interface and configure DNS settings

 

I. Set up the OpenVPN® client on your OpenWrt 19.07 router

 

Open your OpenWrt web interface by printing the IP-address of the admin panel in the address line of your browser.

If you don’t know how to access your router control panel, check out our instruction on how to find your router IP

1. Go to the System > Software and click Update lists.

2. Wait until the operation is completed and press Dismiss.

3. Type openvpn-openssl in the Download and install package field and press OK.

4. Press Install, and wait until the package is downloaded. Then press Dismiss.

5. Type luci-app-openvpn in the Filter field and click Install.

Then type luci-i18n-openvpn-en in the Filter field and click Install.

6. Check the Overwrite files from other package(s) option and press Install.

7. Wait until both packages are installed and press Dismiss.

8. Make sure that all packages were successfully installed. To do this, select the Installed tab and type openvpn in the Filter field.

 

II. Generate OpenVPN® client settings in your User Office

 

You need to generate the manual configuration settings in your KeepSolid User Office. There you will get the .ovpn configuration file, VPN server domain name and other settings for your OpenVPN® connection setup. 

Follow a few simple steps described in the tutorial How to manually create VPN configurations and you’ll easily get all the required information.

III. Configure OpenVPN® connection on OpenWrt 19.07 router

 

There are two methods to configure OpenVPN® connection on your OpenWrt router. Choose any of them and then go to step IV of this instruction.

Method 1. Upload the .ovpn configuration file

Method 2. Configure OpenVPN® connection by yourself

 

Method 1. Upload the .ovpn configuration file

 

1. Go to the VPN tab > OpenVPN.

2. Find the OVPN configuration field, specify it’s custom name, for example KeepSolidVPN, and choose the .ovpn file that was automatically downloaded from your User Office. Then press Upload.

Method 2. Configure OpenVPN® connection by yourself

 

1. Open the configuration file that was automatically downloaded to your device with any text editor and create separate text files - ca.key, cert.key, key.key. Paste the appropriate data from the .ovpn file to the corresponding text file.

  • ca.key – paste strings between <ca> and </ca>, including -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----
  • cert.key – paste strings between <cert> and </cert>, including -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----
  • key.key – paste strings between <key> and </key>, including -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----

2. Navigate to the VPN tab > OpenVPN.

3. Type KeepSolidVPN in the Configuration name field, select Client configuration for an ethernet bridge VPN and click Add.

4. Press Edit > Switch to advanced configuration.

Note: If you don’t see the required parameters, select them in the dropdown menu at the bottom of the page, and click Add.

5. Navigate to the Networking tab and configure the following parameters:

  • port: 1194
  • float: unchecked
  • nobind: checked
  • dev: tun0
  • dev_type: tun
  • ifconfig: this field should be blank
  • comp-lzo: no
  • keepalive: 5 30
  • persist-tun: checked
  • persist-key: checked

Click Save.

6. Navigate to the VPN tab and enter the following settings:

  • client: checked
  • remote: paste the Domain name from your User Office and press +
  • remote-random: checked
  • proto: udp

Click Save.

7. Go to the Cryptography tab.

Click right to ca parameter > choose the previously created ca.key file > press Upload file.

Click right to cert parameter > choose the previously created cert.key file > press Upload file.

Click right to cert parameter > choose the previously created cert.key file > press Upload file.

8. Configure the following parameters:

  • auth: SHA512
  • cipher: AES-256-CBC
  • keysize: 256
  • tls_cipher: DHE-RSA-AES-256-SHA
  • ns-cert-type: server
  • remote-cert-tis: server

Click Save & Apply.

IV. Add OpenVPN® interface and configure DNS settings

 

1. Go to Network > Interfaces. Click the Add new interface… button.

2. Enter the following data and click Submit:

  • Name: VPN_U
  • Protocol: Unmanaged
  • Interface: Custom Interface: tun0

Click Create Interface.

3. Enable the Bring up on boot parameter.

4. Go to the Advanced Settings tab and disable Use built-in IPv6-management.

5. Click Save.

6. Navigate to WAN > Edit > Advanced Settings. Uncheck the Use DNS servers advertised by peer parameter and set 10.200.0.1 value for Use custom DNS server. Press + button.

7. Go to the Firewall Settings tab.

8. In the Create / Assign firewall-zone field enter VPNU_FW.

9. Click Save.

10. Press Save & Apply.

11. Go to Network > Firewall, select VPNU_FW and click Edit.

12. In the General Settings tab, configure the following settings:

  • Input: reject
  • Output: accept
  • Forward: reject
  • Masquerading: checked
  • MSS clamping: checked
  • Covered networks: checked VPN_U
  • Allow forward from source zones: check lan

Click Save.

13. Go to VPN > OpenVPN

14. Mark checkbox Enabled for KeepSolidVPN and press Save & Apply

15. Wait for a minute and click Start.

Great! You’ve successfully set up and configured the OpenVPN® client on your TP-Link TL-WR841N with OpenWrt 19.07 firmware. 

If you need to set up VPN on any other devices, check our Manuals page. If you have other questions or comments, feel free to contact our customer support via [email protected].

 

“OpenVPN” is a registered trademark of OpenVPN Inc.