How to set up ExpressVPN on OpenWRT Router

How to set up ExpressVPN on OpenWRT Router

Compared to native router firmware, alternative firmware can give users more flexibility and control. Additionally, it can make room for more features to help users route network traffic effectively. There are several alternative router firmware worldwide, and one such firmware is OpenWRT. It is a Linux-based open-source firmware used for embedded operating systems to route network traffic. 

One of the best ways to protect your network and router from unwanted intrusions is to use a VPN. This article focuses on how you can set up and utilize one of the best VPN services on OpenWRT. Let’s dive in!

Get 49% off now

Setting Up ExpressVPN on OpenWRT Router

You can only set up ExpressVPN on any router with OpenWRT firmware manually. It is challenging to configure ExpressVPN manually on OpenWRT without any technical knowledge. However, this guide will take you through every step of the configuration process. So, you need to be careful and pay rapt attention to the steps we will show you below. You need to install LuCI (Graphical User Interface for OpenWRT) and have SSH access to your OpenWRT router. 

1. Firstly, you need to open an account with ExpressVPN. Ignore this step if you already have an account with the VPN service provider. Head over to ExpressVPN’s homepage and click the “Get ExpressVPN” bar. Select a subscription plan, enter your email address, and choose your payment method on the resulting page. When you’re done creating your account, navigate to the manual configuration settings via this path: Set Up Other Devices > Manual Configuration.

2. Under the “Manual Configuration” part, click on the “OpenVPN” tab. Note your service username and password because you’ll need them later on. Now, leave the browser window open and move on to the next step. 

3. Connect to your router using the SSH protocol. You can use the terminal application or Putty (using Windows OS). Note that you’ll need the IP address (default is usually 192.168.1.1) and password (default usually “admin”) of your router. You can check ExpressVPN’s website if you’re having issues finding your IP address. Enter the command below to connect to your router on a terminal application.

ssh root@192.168.1.1

4. Enter the commands below to install the necessary packages needed for the rest of the configuration process. 

opkg update

opkg install -force-overwrite openvpn-openssl luci-app-openvpn

5. Now that you’ve installed the LuCI web interface, you can log in to your router’s admin panel using your password and username. You should see an OpenVPN menu by following this path: VPN > OpenVPN.

6. Next, enter the following commands on your router using ssh. 

# Configure firewall

uci rename firewall.@zone[0]=”lan”

uci rename firewall.@zone[1]=”wan”

uci del_list firewall.wan.device=”tun+”

uci add_list firewall.wan.device=”tun+”

uci commit firewall

/etc/init.d/firewall restart

7. Afterward, create two folders at any location on your computer. 

  • config
  • openvpn

8. Next, create a file with the name “user.auth” in the “openvpn” folder. Put your ExpressVPN service username and password (check step 3) on the first and second lines, respectively. Save it and close the file. 

9. Download the OpenVPN configuration files and save them to the “config” folder. In addition, download the zip file that has certificates and keys. Once downloaded, extract and store the files in the “openvpn” folder. 

10. Check if the router has a /etc/openvpn folder (you can run the ls -l /etc command to check). If the folder is not on the router, you can use the mkdir /etc/openvpn to create it. 

11. Then use the command below to copy the openvpn file on your computer to the folder in step 10 above. 

scp openvpn/* root@OpenWrt:/etc/openvpn/

12. Also, change the names of the OpenVPN configuration files (.ovpn) to be at less than or equal to 20 characters (use only alphanumeric, hyphens, and underscores) and remove the “.ovpn” extension. This step helps in changing the OpenVPN configuration files to UCI configuration files. 

13. Next, you need to use a text editor to edit certificates and keys out of the “.conf” files for every server location you intend to use. Afterward, the content of the files should look like the one below. 

dev tun

fast-io

persist-key

persist-tun

nobind

remote example-server.expressnetw.com 1195

remote-random

pull

comp-lzo no

tls-client

verify-x509-name Server name-prefix

ns-cert-type server

key-direction 1

route-method exe

route-delay 2

tun-mtu 1500

fragment 1300

mssfix 1200

verb 3

cipher AES-256-CBC

keysize 256

auth SHA512

sndbuf 524288

rcvbuf 524288

auth-user-pass

All the files are identical except for the URL in the 6th line above, which is different for each file. 

14. The UCI config files should look like the config below, except for the filename and URL.

config openvpn ‘filename’ # Country

     option enabled ‘1’

     option client ‘1’

    option proto ‘udp’

     option dev ‘tun’

     option fast_io ‘1’

     option persist_key ‘1’

     option persist_tun ‘1’

     option nobind ‘1’

     list remote ‘example-server.expressnetw.com’

     option port ‘1195’

     option remote_random ‘1’

     option pull ‘1’

     option comp_lzo ‘no’

     option tls_client ‘1’

     option verify_x509_name ‘Server name-prefix’

     option ns_cert_type ‘server’

     option route_method ‘exe’

     option route_delay ‘2’

     option tun_mtu ‘1500’

     option fragment ‘1300’

     option mssfix ‘1200’

     option verb ‘3’

     option cipher ‘AES-256-CBC’

     option keysize ‘256’

     option auth ‘SHA512’

     option sndbuf ‘524288’

     option rcvbuf ‘524288’

     option ca ‘/etc/openvpn/ca2.crt’

     option cert ‘/etc/openvpn/client.crt’

     option key ‘/etc/openvpn/client.key’

     option tls_auth ‘/etc/openvpn/ta.key’

     option key_direction ‘1’

     option auth_user_pass ‘/etc/openvpn/user.auth’

15. Then, you need to create a folder in the /overlay folder of the router for storing the OpenVPN configuration files (UCI files) of the server(s) you intend to use.  In this guide we use /overlay/.ovpn.

mkdir /overlay/.ovpn

16. Next, copy the UCI files to the router using the command below. 

scp overlay/* root@OpenWrt:/overlay/.ovpn

You can replace the asterisk above with the filename of the configuration file. 

17. Enter the commands below to select the VPN connection you intend to use. 

cp /overlay/.ovpn/filename /etc/config/openvpn

/etc/init.d/openvpn restart

You’ll have to do this each time you want to connect to a different server. Always remember to replace “filename” with the name of your config file. 

18. Finally, go to the OpenVPN section on LuCI using this path: LuCI > VPN > OpenVPN. Then, enable the OpenVPN instance of the server you want to use. Afterward, select “Save & Apply.”

Get 49% off now

Why You Should Use ExpressVPN on Your OpenWRT Router

There are many VPN service providers, but ExpressVPN stands out as the best. Below, we will look at some reasons why ExpressVPN is the best VPN service you can use on your OpenWRT router. 

1. Extensive Server Network

ExpressVPN’s server network is one of the largest in the VPN industry. It is present in over 90 countries and has over 3000 servers that cater to its users’ needs. An extensive server network is important if you want to explore the world virtually. 

2. High-Speed Servers

ExpressVPN does not only have global coverage; it is one of the fastest VPN service providers. With its high-speed servers, you will enjoy accessing the content of other countries from the comfort of your home. Additionally, its Lightway protocol combines speed and security to give you a pleasurable experience. 

3. Robust Security and Privacy

ExpressVPN uses TrustedSec technology to ensure its servers operate on volatile memory only. In addition, it has an array of security protocols it uses, such as OpenVPN, IKEv2, WireGuard, L2TP/IPSec, etc. Furthermore, its encryption algorithm is unbreakable, and it has other security features such as Tor over VPN, a kill switch, perfect forward secrecy, and split tunneling. In terms of privacy, ExpressVPN’s headquarters in the British Virgin Islands ensures that it can keep a zero-log policy without government interference. 

4. Cross-platform compatibility

You can use ExpressVPN on almost any device. As a result, it has applications for the major operating systems, such as Windows, Linux, iOS, macOS, and Android. Additionally, it has manual configuration instructions for other devices such as routers, consoles, SmartTVs, etc. 

Conclusion

Using ExpressVPN on your OpenWRT router keeps you safe from malicious entities looking to exploit vulnerabilities. In addition, it also allows you to protect every device in your home, notwithstanding the simultaneous connection limit. You will have no issues setting up ExpressVPN on OpenWRT if you follow this guide accordingly.