OpenVPN® Client Setup on TP-Link TL-WR841N Router with OpenWrt 19.07 Firmware
for KeepSolid VPN Unlimited® users
This tutorial provides a detailed walkthrough on how to configure the OpenVPN® client on OpenWrt router. To get more information about the OpenVPN® protocol, check out our detailed article What is OpenVPN® protocol. TP-Link TL-WR841N router with OpenWrt 19.07 firmware was taken as an example.
How to set up the VPN Unlimited app for OpenWrt router? How to configure OpenVPN® client? Let’s check it out!
I. Set up the OpenVPN® client on your OpenWrt 19.07 router
Open your OpenWrt web interface by printing the IP-address of the admin panel in the address line of your browser.
If you don’t know how to access your router control panel, check out our instruction on how to find your router IP.
1. Go to the System > Software and click Update lists.
2. Wait until the operation is completed and press Dismiss.
3. Type openvpn-openssl in the Download and install package field and press OK.
4. Press Install, and wait until the package is downloaded. Then press Dismiss.
5. Type luci-app-openvpn in the Filter field and click Install.
Then type luci-i18n-openvpn-en in the Filter field and click Install.
6. Check the Overwrite files from other package(s) option and press Install.
7. Wait until both packages are installed and press Dismiss.
8. Make sure that all packages were successfully installed. To do this, select the Installed tab and type openvpn in the Filter field.
9. To apply the changes, go to the Status tab and reboot your router.
II. Generate OpenVPN® client settings in your User Office
You need to generate the manual configuration settings in your KeepSolid User Office. There you will get the .ovpn configuration file, VPN server domain name and other settings for your OpenVPN® connection setup.
Follow a few simple steps described in the tutorial How to manually create VPN configurations and you’ll easily get all the required information.
III. Configure OpenVPN® connection on OpenWrt 19.07 router
There are two methods to configure OpenVPN® connection on your OpenWrt router. Choose any of them and then go to step IV of this instruction.
Method 1. Upload the .ovpn configuration file
1. Go to the VPN tab > OpenVPN.
2. Find the OVPN configuration field, specify it’s custom name, for example KeepSolidVPN, and choose the .ovpn file that was automatically downloaded from your User Office. Then press Upload.
Method 2. Configure OpenVPN® connection by yourself
1. Open the configuration file that was automatically downloaded to your device with any text editor and create separate text files - ca.key, cert.key, key.key. Paste the appropriate data from the .ovpn file to the corresponding text file.
- ca.key – paste strings between <ca> and </ca>, including -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----
- cert.key – paste strings between <cert> and </cert>, including -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----
- key.key – paste strings between <key> and </key>, including -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----
2. Navigate to the VPN tab > OpenVPN.
3. Type KeepSolidVPN in the Configuration name field, select Client configuration for an ethernet bridge VPN and click Add.
4. Press Edit > Switch to advanced configuration.
Note: If you don’t see the required parameters, select them in the dropdown menu at the bottom of the page, and click Add.
5. Navigate to the Networking tab and configure the following parameters:
- port: 1194
- float: unchecked
- nobind: checked
- dev: tun0
- dev_type: tun
- ifconfig: this field should be blank
- comp-lzo: no
- keepalive: 5 30
- persist-tun: checked
- persist-key: checked
6. Navigate to the VPN tab and enter the following settings:
- client: checked
- remote: paste the Domain name from your User Office and press +
- remote-random: checked
- proto: udp
7. Go to the Cryptography tab.
Click right to ca parameter > choose the previously created ca.key file > press Upload file.
Click right to cert parameter > choose the previously created cert.key file > press Upload file.
Click right to key parameter > choose the previously created key.key file > press Upload file.
8. Configure the following parameters:
- auth: SHA512
- cipher: AES-256-CBC
- keysize: 256
- tls_cipher: DHE-RSA-AES-256-SHA
- ns-cert-type: server
- remote-cert-tis: server
Click Save & Apply.
IV. Add OpenVPN® interface and configure DNS settings
1. Go to Network > Interfaces. Click the Add new interface… button.
2. Enter the following data and click Submit:
- Name: VPN_U
- Protocol: Unmanaged
- Interface: Custom Interface: tun0
Click Create Interface.
3. Enable the Bring up on boot parameter.
4. Go to the Advanced Settings tab and disable Use built-in IPv6-management.
5. Click Save.
6. Navigate to WAN > Edit > Advanced Settings. Uncheck the Use DNS servers advertised by peer parameter and set 10.200.0.1 value for Use custom DNS server. Press + button.
7. Go to the Firewall Settings tab.
8. In the Create / Assign firewall-zone field enter VPNU_FW.
9. Click Save.
10. Press Save & Apply.
11. Go to Network > Firewall, select VPNU_FW and click Edit.
12. In the General Settings tab, configure the following settings:
- Input: reject
- Output: accept
- Forward: reject
- Masquerading: checked
- MSS clamping: checked
- Covered networks: checked VPN_U
- Allow forward from source zones: check lan
13. Go to VPN > OpenVPN.
14. Mark checkbox Enabled for KeepSolidVPN and press Save & Apply.
15. Wait for a minute and click Start.
Great! You’ve successfully set up and configured the OpenVPN® client on your TP-Link TL-WR841N with OpenWrt 19.07 firmware.
“OpenVPN” is a registered trademark of OpenVPN Inc.
Get VPN Unlimited right now!
Select you perfect subscription plan (like VPN Lifetime plan) and get a 30-day money-back guarantee.