openwrt config openvpn client

1、安装openvpn client
opkg update （每次openwrt重启都要执行opkg update）
opkg install openvpn-openssl openvpn-easy-rsa luci-app-openvpn

2、配置firewall
uci show firewall | grep defaults

firewall.@zone[1].input='REJECT'

uci set firewall.@defaults[0].forward='ACCEPT'
uci set firewall.@zone[1].input='ACCEPT'
uci set firewall.@zone[1].forward='ACCEPT'

uci commit firewall
/etc/init.d/firewall restart

cat /proc/sys/net/ipv4/ip_forward

3、vi /etc/config/openvpn
config openvpn 'custom_config'
option enabled 1
option config '/etc/openvpn/my-vpn.conf'

4、/etc/openvpn/my-vpn.conf
client
proto tcp
remote 111.1.1.0 1194
dev tun
comp-lzo
#ca ca.crt
#cert client.crt
#key client.key
#tls-auth ta.key 1
#ns-cert-type server
#cipher BF-CBC
auth-nocache
cipher AES-256-CBC
route-delay 2
route-method exe
#redirect-gateway def1
#dhcp-option DNS 218.30.118.6
#dhcp-option DNS 106.37.170.170
verb 3
route-nopull
route 10.10.8.0 255.255.252.0 vpn_gateway
route 0.0.0.0 0.0.0.0 net_gateway
log-append /var/log/openvpn.log
status /var/log/openvpn.status

key-direction 1

5、启动
/etc/init.d/openvpn start

6、开启firewall，advanced ,tun0 allow access
7、检查
ping vpnip
ping 公网ip

8、openvpn import后如何剔除
打开C:\Users\%USERNAME%\OpenVPN\config，删除相应目录即可。

相关日志