Changes

'''Prerequisites''':

'''Prerequisites''':

 

* A single RUTxxx router (excluding [[RUT850]]) with an active internet connection that will act as the OpenVPN client

*A single RUTxxx router (excluding [[RUT850]]) with an active internet connection that will act as the OpenVPN client

* At least one end device (PC, Laptop) to configure the routers and test the set up

*At least one end device (PC, Laptop) to configure the routers and test the set up

 

----

----

'''Configuration scheme''':

'''Configuration scheme''':

===OpenVPN client===

===OpenVPN client===

----

----

 

* First, you must create an OpenVPN client instance on your router. You can do this either via command line or from the router's WebUI, '''Services → VPN → OpenVPN''' section. We will not go into further detail on this because the client's configuration will depend on the OpenVPN server that you are connecting to. You can find detailed instructions on how to create and configure an OpenVPN client instance in our '''[[OpenVPN configuration examples]]''' article, which also contains information on how to configure an OpenVPN server on a RUTxxx router, if that is what you are using for this configuration.

*First, you must create an OpenVPN client instance on your router. You can do this either via command line or from the router's WebUI, '''Services → VPN → OpenVPN''' section. We will not go into further detail on this because the client's configuration will depend on the OpenVPN server that you are connecting to. You can find detailed instructions on how to create and configure an OpenVPN client instance in our '''[[OpenVPN configuration examples]]''' article, which also contains information on how to configure an OpenVPN server on a RUTxxx router, if that is what you are using for this configuration.

 

----

----

 

* Once you have configured your OpenVPN client, you should probably test whether the OpenVPN connection is operational as this will make troubleshooting easier later on. The easiest way to do so is to login to the router's WebUI and check OpenVPN status in '''Status → Network → OpenVPN''':

*Once you have configured your OpenVPN client, you should probably test whether the OpenVPN connection is operational as this will make troubleshooting easier later on. The easiest way to do so is to login to the router's WebUI and check OpenVPN status in '''Status → Network → OpenVPN''':

[[File:How to check openvpn status.png]]

[[File:How to check openvpn status.png]]

----

----

  echo "<span style="color:red>5 rt</span>" >> <span style="color:red>/etc/iproute2/rt_tables</span>

 

  echo "<span style="color:red">5 rt</span>" >> <span style="color:red">/etc/iproute2/rt_tables</span>

This adds a new routing table called ''rt''. ''/etc/iproute2/rt_tables'' is a file used by the ''iproute2'' utilities which translate user friendly names given on the command line into integer values used by the kernel. So the number ''5'' is just the way for the ''iproute2'' to identify the table.

This adds a new routing table called ''rt''. ''/etc/iproute2/rt_tables'' is a file used by the ''iproute2'' utilities which translate user friendly names given on the command line into integer values used by the kernel. So the number ''5'' is just the way for the ''iproute2'' to identify the table.

----

----

 

* Next, we'll need to add some entries to the network configuration file ''/etc/config/network''. You can edit the file with the ''vi'' command. Type '''vi /etc/config/network''' and press the "I" button on your keyboard to begin editing. Add the following lines:

*Next, we'll need to add some entries to the network configuration file ''/etc/config/network''. You can edit the file with the ''vi'' command. Type '''vi /etc/config/network''' and press the "I" button on your keyboard to begin editing. Add the following lines:

  config interface 'vpnas'

  config interface 'vpnas'

         option proto 'none'

         option proto 'none'

         option ifname '<span style="color:red">tun_c_MyClient</span>'

         option ifname '<span style="color:red>tun_c_MyClient</span>'

   

   

  config route

  config route

         option netmask '0.0.0.0'

         option netmask '0.0.0.0'

         option table 'rt'

         option table 'rt'

         option gateway '<span style="color:red">10.0.0.5</span>'

         option gateway '<span style="color:red>10.0.0.5</span>'

   

   

  config rule

  config rule

         option in 'lan'

         option in 'lan'

         option src '<span style="color:red">192.168.1.128/25</span>'

         option src '<span style="color:red>192.168.1.128/25</span>'

         option lookup 'rt'

         option lookup 'rt'

         option priority '10'

         option priority '10'

</ul>

</ul>

----

----

  echo -e '#!/bin/ash'"\n"'ip route add default via 10.0.0.5 table rt' > /etc/openvpn/up.sh

 

  echo -e '#!/bin/bash'"\n"'ip route add default via 10.0.0.5 table rt' > /etc/openvpn/up.sh

----

----

 

* Next, we'll need to grant executable permissions to newly created script:

*Next, we'll need to grant executable permissions to newly created script:

  chmod +x /etc/openvpn/up.sh  

  chmod +x /etc/openvpn/up.sh  

----

----

 

* Finally, we'll need to edit router's OpenVPN script ''/etc/init.d/openvpn'', so that it would execute previously created ''/etc/openvpn/up.sh'' script each time OpenVPN tunnel is established. Type '''vi /etc/init.d/openvpn''' and press the "I" button on your keyboard to begin editing. Scroll down until you will find '''start_instance()''' function. Add the following lines, <span style="color:red">highlighted in red</span>, at the end of '''start_instance()''' function:

*Finally, we'll need to edit router's OpenVPN script ''/etc/init.d/openvpn'', so that it would execute previously created ''/etc/openvpn/up.sh'' script each time OpenVPN tunnel is established. Type '''vi /etc/init.d/openvpn''' and press the "I" button on your keyboard to begin editing. Scroll down until you will find '''start_instance()''' function. Add the following lines, <span style="color:red">highlighted in red</span>, at the end of '''start_instance()''' function:

  start_instance() {

  start_instance() {

When you're finished, press the "Esc" button and type ''':wq''' to save the changes and exit the editor (''Control + Z'' to exit without saving).

When you're finished, press the "Esc" button and type ''':wq''' to save the changes and exit the editor (''Control + Z'' to exit without saving).

----

----

 

* When your done with the configuration, don't forget to restart the relevant services. You can do this by restarting the entire router ('''reboot''' command) or just restart the '''network''' and '''openvpn''' services:

*When your done with the configuration, don't forget to restart the relevant services. You can do this by restarting the entire router ('''reboot''' command) or just restart the '''network''' and '''openvpn''' services:

  /etc/init.d/network restart

  /etc/init.d/network restart

If you've followed the steps presented above, your configuration should be finished. But as with any other configuration, it is always wise to test the setup in order to make sure that it works properly. In order to test this particular configuration, a few steps have to be taken:

If you've followed the steps presented above, your configuration should be finished. But as with any other configuration, it is always wise to test the setup in order to make sure that it works properly. In order to test this particular configuration, a few steps have to be taken:

*Check the newly created routing table with the '''ip route show table rt''' command (where ''rt'' is table's name). If everything is in order, the response should contain this line (values highlighted in red should be from your own configuration):

* Check the newly created routing table with the '''ip route show table rt''' command (where ''rt'' is table's name). If everything is in order, the response should contain this line (values highlighted in red should be from your own configuration):  

  default via <span style="color:red">10.0.0.5</span> dev <span style="color:red">tun_c_MyClient</span> proto static  

  default via <span style="color:red">10.0.0.5</span> dev <span style="color:red">tun_c_MyClient</span> proto static  

----

----

 

* Check whether the correct IP rule has been added. You can do this with the '''ip rule'''. The response should look something like this (the rule from our configuration is highlighted in red):

*Check whether the correct IP rule has been added. You can do this with the '''ip rule'''. The response should look something like this (the rule from our configuration is highlighted in red):

  0: from all lookup local

  0: from all lookup local

  32767: from all lookup default

  32767: from all lookup default

----

----

 

* Check whether devices with IPs from different ranges reach the Internet through the default gateway. If you only have one device at your disposal at the time, you can configure a static IP address (guide for Linux users '''[[Setting up a Static IP address on a Ubuntu 16.04 PC|here]]'''; for Windows '''[[Setting up a Static IP address on a Windows 10 PC|here]]''') for that device in one range and later in the other. According to our configuration, if a device's IP falls in the range of 192.168.1.1 - 192.168.1.127, its Public IP should be that of the router's; if the IP falls in the range of 192.168.1.128 - 192.168.1.254, its Public IP should be that of the OpenVPN server. You can check the Public IP address in '''[http://www.whatsmyip.org/ this website].

*Check whether devices with IPs from different ranges reach the Internet through the default gateway. If you only have one device at your disposal at the time, you can configure a static IP address (guide for Linux users '''[[Setting up a Static IP address on a Ubuntu 16.04 PC|here]]'''; for Windows '''[[Setting up a Static IP address on a Windows 10 PC|here]]''') for that device in one range and later in the other. According to our configuration, if a device's IP falls in the range of 192.168.1.1 - 192.168.1.127, its Public IP should be that of the router's; if the IP falls in the range of 192.168.1.128 - 192.168.1.254, its Public IP should be that of the OpenVPN server. You can check the Public IP address in '''[http://www.whatsmyip.org/ this website].'''

 

----

----

If all of the above is in order, congratulations, your configuration works!

If all of the above is in order, congratulations, your configuration works!

==See also==

==See also==

*Other OpenVPN related articles from our wiki:

* Other OpenVPN related articles from our wiki:

**[[How to generate TLS certificates (Windows)?]] - a guide on generating TLS certificates for Windows users

** [[How to generate TLS certificates (Windows)?]] - a guide on generating TLS certificates for Windows users

**[[VPN#OpenVPN|OpenVPN Manual section]] - OpenVPN section of the router's manual

** [[VPN#OpenVPN|OpenVPN Manual section]] - OpenVPN section of the router's manual

**[[OpenVPN configuration examples]] - basic OpenVPN configuration scenarios with detailed examples

** [[OpenVPN configuration examples]] - basic OpenVPN configuration scenarios with detailed examples

**[[OpenVPN client on Windows]] - an example describing how to configure an OpenVPN client on a Windows computer

** [[OpenVPN client on Windows]] - an example describing how to configure an OpenVPN client on a Windows computer

**[[OpenVPN server on Windows]] - an example describing how to configure an OpenVPN server on a Windows computer

** [[OpenVPN server on Windows]] - an example describing how to configure an OpenVPN server on a Windows computer

==External links==

==External links==

*http://www.whatsmyip.org/ - for checking your Public IP address

* http://www.whatsmyip.org/ - for checking your Public IP address