Added ExpressVPN to openVPN config. Works but ignores 'enabled' forces me to always use VPN

openvpn

#1

Hi so, I followed the guide following guide in order to initially setup VyprVPN, which worked great…

https://doc.turris.cz/doc/en/howto/openvpn#configuring_through_uci

I could disable the VPN by using the luci admin page for openvpn…

http://192.168.1.1/cgi-bin/luci/admin/services/openvpn

Simply used to uncheck ‘enabled’ on the VyprVPN entry and my device would go back to a standard router passing traffic. However, I issues with VyprVPN and streaming service and a friend mentioned that ExpressVPN worked for Netflix and other services.

I decided to try ExpressVPN and follow the same guide, but it wasn’t quite working. I tried to use their simple setup option where you upload the .ovpn files into the more simple Foris interface…

http://192.168.1.1/foris/config/main/openvpn/

This did not work either, so I ended up looking at some of the settings that were in the .ovpn files provided by ExpressVPN and manually added these additional settings to my openvpn config, after following the more advanced guide. that is such items as the certificates and so on. These settings are as follows: -

config openvpn ‘ExpressVPN’
_ option client ‘1’_
_ option dev ‘tun’_
_ option proto ‘udp’_
_ option auth_user_pass ‘/etc/openvpn/express_vpn_keys/userpass.txt’_
_ option cert ‘/etc/openvpn/express_vpn_keys/client.crt’_
_ option ca ‘/etc/openvpn/express_vpn_keys/ca2.crt’_
_ option tls_auth ‘/etc/openvpn/express_vpn_keys/ta.key’_
_ option key ‘/etc/openvpn/express_vpn_keys/client.key’_
_ option resolv_retry ‘infinite’_
_ option mute_replay_warnings ‘1’_
_ option nobind ‘1’_
_ option persist_key ‘1’_
_ option persist_tun ‘1’_
_ option remote_cert_tls ‘server’_
_ option compress ‘lzo’_
_ option keepalive ‘10 120’_
_ option ifconfig_nowarn ‘1’_
_ option key_direction ‘1’_
_ option auth ‘SHA512’_
_ option fragment ‘1300’_
_ option log ‘/tmp/openvpn.log’_
_ option status ‘/tmp/openvpn-status.log’_
_ option verb ‘3’_
_ option port ‘1195’_
_ option cipher ‘AES-256-CBC’_
_ option redirect_gateway ‘def1’_
_ option fast_io ‘1’_
_ list remote ‘usa-washingtondc-2-ca-version-2.expressnetw.com’_

All great, it does work but unfortunately, I can no longer turn VPN off. If I uncheck the ‘Enabled’ option in the advanced openvpn config, and save, the vpon connection that was last active, VyprVPN or ExpressVPN, will become reactivated automatically within moments. That is the start button appears red and shows a port number. If I stop it, it simply restarts. This means I can no longer connect out for testing purposes (when I want to test streaming services). If I stop openvpn when SSH’d into the router, I lose all connectivity.

I’m a little puzzled. It would be cool if I could disable openvpn entries again and maintain normal traffic pass through to my crappy BT home hub. I’m afraid my actual internet is provided using lan interface br-lan which passes it onto the BT router.

Any suggestions guys?

Many thanks in advance!


#2

Did you save only or save & apply?


#3

Thanks for the reply. I’m afraid I’ve tried both. The service restarts, shows a port number and the stop button appears, yet shows as disabled when I reload the page even.


#4

Are you using Turris OS 3.11, which is currently in RC?


#5

Turris OS version 3.10.8 not sure what you mean by “in RC”


#6

Not sure whether it would make a difference but the luic-app-oenvpn in the TO repo is version git-18.145 vs git-18.320 in upstream OpenWRT. Maybe they fixed some bugs there.

I recall that the same issue been bugging me till I turned to VPN policy based routing possible?.


#7

3.11 is in RC = “release candidate”.