How do I connect to PrivateTunnel using OpenWrt?

To connect to the PrivateTunnel service using your OpenWrt router, please follow the steps below:

  1. If you have not already upgraded to the latest of OpenWrt, please follow the instructions on the OpenWrt website.
  2. Login to the LuCI web interface, and then go to System -> Software.
  3. Install the openvpn-polarssl and the luci-app-openvpn packages on your system by putting the name of the package in the Download and install package: textbox and then click OK.
  4. After the packages have been installed, refresh the web page. The OpenVPN option should appear under Services. If the option does not appear, log out of the administration interface and then log back in.
  5. Download your PrivateTunnel profile by going to privatetunnel.com - Settings - Download User Profile and then open the profile file in a text editor. In Windows, the file must be opened in a text editor other than Notepad (e.g. Wordpad / Notepad++).
  6. In the LuCI interface, go to Services -> OpenVPN.
  7. In the blank text box that appears, enter PrivateTunnel as the name, and use the Client configuration for a routed multi-client VPN drop down option, and click Add.
  8. In the profile editor that appears, click the Switch to advanced configuration >> link.
  9. In the Service tab of the profile editor:
    1. Check the fast_io checkbox.
    2. Click the Save button.
  10. In the Networking tab of the profile editor:
    1. Under -- Additional Field --, add the sndbuf and rcvbuf fields.
    2. Change the sndbuf and rcvbuf values to both 0.
    3. Change the dev textbox to read tun0.
    4. Select adaptive under the comp_lzo option.
    5. Click the Save button.
  11. In the VPN tab of the profile editor:
    1. Check the pull checkbox.
    2. In the remote text box, enter the remote value from your profile file. They should be near the top of the file and after the word remote (e.g. us-ca-sj-001.privatetunnel.com 1194 udp).
    3. Click the + button next to the text box, and repeat the entry for the 443 tcp entry below (e.g. us-ca-sj-001.privatetunnel.com 443 tcp).
    4. Uncheck the remote_random option.
    5. Click the Save button.
  12. In the Cryptography tab of the profile editor:
    1. Under --Additional Field-- , add the ca field.
      1. In the profile you have downloaded, copy the contents between the <ca> and </ca> tag into a new file. Make sure you include all of the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines in the new file. There should be a total of four of such lines, and when copying the contents into a new file, omit the <ca> and </ca> tags in the beginning and the end, since these will be added automatically by OpenWrt.
      2. Upload the certificate into OpenWrt by selecting the new file you have created.
    2. Under --Additional Field-- , add the cert field.
      1. In the profile you have downloaded, copy the contents between the <cert> and </cert> tag into a new file. Make sure you include all of the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines in the new file. There should be a total of two of such lines, and when copying the contents into a new file, omit the <cert> and </cert> tags in the beginning and the end, since these will be added automatically by OpenWrt.
      2. Repeat the above procedure for the <extra-certs> </extra-certs> tag, and paste the contents into the same file you have created. The -----BEGIN CERTIFICATE----- line from the extra-certs section should be on its own line, right after the -----END CERTIFICATE----- line from the section above. There should be a total of four certificate lines in the file.
      3. Upload the certificate into OpenWrt by selecting the new file you have created.
    3. Under --Additional Field-- , add the key field.
      1. In the profile you have downloaded, copy the contents between the <key> and </key> tag into a new file. Make sure you include all of the -----BEGIN RSA PRIVATE KEY----- and -----END RSA PRIVATE KEY----- lines in the new file. There should be a total of two of such lines, and when copying the contents into a new file, omit the <key> and </key> tags in the beginning and the end, since these will be added automatically by OpenWrt.
      2. Upload the key into OpenWrt by selecting the new file you have created.
    4. Under --Additional Field-- , add the tls_auth field.
      1. In the profile you have downloaded, copy the contents between the <tls-auth> and </tls-auth> tag into a new file. Make sure you include all of the -----BEGIN OpenVPN Static key V1----- and -----END OpenVPN Static key V1----- lines in the new file. There should be a total of two of such lines, and when copying the contents into a new file, omit the <tls-auth> and </tls-auth> tags in the beginning and the end, since these will be added automatically by OpenWrt.
      2. Upload the TLS auth key file using SCP to your router in the /etc/openvpn/ folder with the file name tlsauth.key. If you already have a VPN profile that is using this file name, change the file name accordingly and then update the path value in the tls_auth text box that appears. If you are using Notepad++ to copy the contents of the file over a PuTTY or an SSH session, please make sure the new file is using the Windows EOL format, otherwise the copied lines will not be transferred properly. This option can be changed in Edit -> EOL Conversion -> Windows Format.
  13. Click Save & Apply to save the OpenVPN configuration on your router.
  14. On the top of the LuCI interface, go to Network -> Interfaces.
    1. Click Add new interfaces...
    2. Enter PrivateTunnel under the Name of the new interface text box.
    3. Select Unmanaged under the Protocol of the new interface text box.
    4. Click the radio button next to Custom Interface: and enter tun0 into the text box.
    5. Click Submit to save the custom interface.
  15. On the top of the LuCI interface, go to Network -> Firewall.
    1. Click the Add button.
    2. Use the following settings for the newly created zone:
      1. Name: PT
      2. Input: drop
      3. Output: accept
      4. Forward: drop
      5. Masquerading: Checked
      6. MSS Clamping: Unchecked
      7. Covered networks: PrivateTunnel (checked)
      8. Inter-Zone Forwarding -> Allow forward from source zones: lan (checked)
    3. Click Save & Apply to save the newly created zone.
  16. To start the VPN connection, go to Services -> OpenVPN, check the Enabled checkbox and then the start button under the PrivateTunnel profile.
  • 1
  • 19-May-2017
  • 7112 Views