OpenWRT firmware-based routers use telnet protocol to connect you to the internet. If you’re using such a router, you’ve to set it up to accept the SSH connection in order to configure NordVPN on it. Moreover, the OpenWRT firmware image doesn’t include the OpenVPN package by default. So, you need to install it manually before you can run the OpenVPN client for NordVPN on your OpenWRT router. Here we’ve provided a step-by-step guide to help you perform the process from scratch and use NordVPN on OpenWRT. Have a look.
1. First, visit this IP, 192.168.1.1, to open your router's management page.
2. Next, change the root password with the 'passwd' command to set your router to accept SSH connection.
3. Now, run the below commands in a terminal window to install the OpenVPN package.
opkg update opkg install openvpn-openssl opkg install ip-full
4. Once the installation is complete, set OpenVPN to launch automatically whenever your router starts by using the following command.
5. Next, visit the NordVPN website.
6. Click the Grab the Deal button and choose a subscription on the next screen.
7. Enter your complete details now and complete your purchase.
8. Wait for a confirmation on your subscription next.
9. When you get that, click here to access the configuration file of your preferred VPN server; then, click on Show available protocols under the server IP and hit Download config for TCP or UDP to save the .ovpn file locally.
10. Next, copy the .ovpn file using WinSCP or PSCP on Windows and scp command on Linux.
11. Now, paste it to the /etc/openvpn folder on your router's filesystem.
12. After that, you've to add the word 'secret' to the auth-user-pass string to ensure you don't have to enter your NordVPN service credentials each time OpenVPN starts.
13. The string should look like this, auth-user-pass secret.
14. You have to create a file 'secret' in the same /etc/openvpn folder; this file will contain two entries, i.e., username and password, in separate lines.
15. You can find this username and password on your online NordVPN account dashboard; check the Service credentials under the Advanced configuration tab.
16. Next, configure OpenVPN by changing .ovpn extension to .conf.
17. Alternatively, you can put the file name specifically in /etc/config/openvpn and use the uci command-
uci set openvpn.nordvpn=openvpn uci set openvpn.nordvpn.enabled='1' uci set openvpn.nordvpn.config='/etc/openvpn/al1.nordvpn.com.tcp.ovpn' uci commit openvpn
18. The file /etc/config/openvpn will contain the following strings.
- config openvpn 'nordvpn'
- option enabled '1'
- option config '/etc/openvpn/al1.nordvpn.com.tcp.ovpn'
19. Create a new firewall zone next and add the below forwarding rule from LAN to VPN.
uci add firewall zone uci set firewall.@zone[-1].name='vpnfirewall' uci set firewall.@zone[-1].input='REJECT' uci set firewall.@zone[-1].output='ACCEPT' uci set firewall.@zone[-1].forward='REJECT' uci set firewall.@zone[-1].masq='1' uci set firewall.@zone[-1].mtu_fix='1' uci add_list firewall.@zone[-1].network='nordvpntun' uci add firewall forwarding uci set firewall.@forwarding[-1].src='lan' uci set firewall.@forwarding[-1].dest='vpnfirewall' uci commit firewall
20. The file etc/config/firewall will now contain the below strings:
- option name 'vpnfirewall'
- option input 'REJECT'
- option output 'ACCEPT'
- option forward 'REJECT'
- option masq '1'
- option mtu_fix '1'
- list network 'nordvpntun'
- option src 'lan'
- option dest 'vpnfirewall'
21. You've to configure the DNS servers next with the following command; use NordVPN DNS for the WAN interface of your router.
uci set network.wan.peerdns='0' uci del network.wan.dns uci add_list network.wan.dns='188.8.131.52' uci add_list network.wan.dns='184.108.40.206' uci commit
22. Now, the file /etc/config/network will contain wan with the below-mentioned strings.
- config interface 'wan'
- option ifname 'eth0.2'
- option force_link '1'
- option proto 'dhcp'
- option peerdns '0'
- list dns '220.127.116.11'
- list dns '18.104.22.168'
23. You can also add GoogleDNS with the following command:
uci set network.wan.peerdns='0' uci del network.wan.dns uci add_list network.wan.dns='22.214.171.124' uci add_list network.wan.dns='126.96.36.199' uci commit
24. Now, you have to create the file 99-prevent-leak within the folder /etc/hotplug.d/iface/ with the following script:
#!/bin/sh if [ "$ACTION" = ifup ] && (ip a s tun0 up) && (iptables -C forwarding_rule -j REJECT); then iptables -D forwarding_rule -j REJECT fi if [ "$ACTION" = ifdown ] && (! ip a s tun0 up) && (! iptables -C forwarding_rule -j REJECT); then iptables -I forwarding_rule -j REJECT fi
25. Once done, your VPN connection will be established, and your status will be Protected, which you can check from the top of your router's management page.
That's all! Now you know how to configure and use NordVPN on OpenWRT. If you've further queries, drop us a comment through the below button. Thanks for reading!