A script that automatically performs all the necessary actions.. If you want to do the same thing manually, read on.
Prerequisites:
- stitched OpenWrt 18.06
- installed LuCi web interface
- the router has Internet access
1) Update the list of packages (System в†’ Software в†’ Update lists), install OpenVPN:
However, openvpn-openssl will work. If you use something more earlier than OpenWrt 18.06, then it is vital to install openvpn-openssl instead of openvpn-mbedtls.
2) Download
configuration file, put .ovpn in / etc / openvpn
I will not describe in detail the process of moving files to the file system of the router, you can use
WinSCP,
SFTP plugin for Total Commander(the plugin can work on SCP), either directly from the console using wget and unzip, there are many ways.
Edit this file by writing somewhere in the middle of his line:
3) Replace the contents of / etc / config / openvpn with:
package openvpn
config openvpn antizapret
option enabled 1
option config /etc/openvpn/antizapret-tcp.ovpn
(again, the way to edit the config is left to the reader: one is convenient through vi, the other through the same WinSCP). antizapret-tcp.ovpn is the file that you copied in the last step. If its name has changed, then, accordingly, correct it here in the config file.
4) Enable and run VPN (System в†’ Startup). Check that everything started correctly. In Status в†’ System Log will be approximately the following:
daemon.notice openvpn (antizapret) [3180]: OpenVPN 2.4.5
...
daemon.notice openvpn (antizapret) [3180]: Initialization Sequence Completed в†ђ Everything Started
If instead you are watching a magazine
daemon.err openvpn (antizapret) [3180]: openvpn ROUTE:
you need to open antizapret-tcp.ovpn with a text editor and add the line
5) Create a new interface (Network в†’ Interfaces в†’ Add new interface):
Name of the new interface: antizapret
Protocol of the new interface: unmanaged
Cover the following interface: Ethernet Adapter: "tun0"
Advanced settings в†’ Bring up on boot
Firewall Settings в†’ Create: в†’ antizapret
Save and apply
6) Configure antizapret firewall zone (Network в†’ Firewall в†’ antizapret в†’ Edit):
Input: reject
Enable Masquerading and MSS clamping
Allow forward from source zones: lan
Save and apply
7) Fix / etc / config / dhcp:
value
change from 1 to 0
8) Specify the DNS-server, which will be used if a VPN-server connection is terminated:
in the settings of both WAN and WAN6 (Network в†’ Interfaces) to disable Use DNS servers advertised by peer interfaces on the Advanced settings tab,
the WAN interface settings in the Use custom DNS servers to enter the address 1.1.1.1
Save and apply
On the message В«WARNING: this configuration may cache passwords in memoryВ» in the magazine to pay attention is not necessary, it is irrelevant, because we do not have the password. If annoying, you can add them to line configuration file
Similarly, with В«Unrecognized option or missing or extra parameter (s) in [PUSH-OPTIONS]: 4: block-outside-dnsВ» - this option is given to the server in case if the client should Windows. If annoying, you can add them to line configuration file
ignore-unknown-option block-outside-dns
Pros:
- only the traffic to the blocked domains goes through the VPN, the rest of the traffic goes "directly" (no loss of speed, your IP does not change)
- a consequence of the previous one: the traffic is small and the maintenance of a free service does not beat the owner’s pocket