L2TP/IPsec to connect to VPN provider

Would like to connect Turris to my VPN provider. They tell me to use L2TP/IPsec. Can’t find the obvious place to start via Luci. Is there no GUI-way to configure L2TP/IPsec? The values I’ve got from the provider are. Serveraddress, Username, Password and Key/shared key. It seems pretty simple to add these values somewhere and then go. But where do I start? Thanks :slight_smile:

Search for strongswan openwrt. But don’t expect click’n’go :confused:

And who is your VPN provider? Usually OVPN (and other types) is supported.
To be honest I don’t think L2TP over IPSec will be supported but maybe I’m wrong.

You are wrong :wink: My provider is Danish for people like me living abroad (vpn-byen.dk).
I’m told specifically to use L2TP/IPsec. You can see here which connections they offer.
If I want to use OpenVPN I need “OpenVPN Connect” I can’t find it in the router!

OVPN client config on Omnia should be much easier than other options.
I don’t speak Danish but this is one of options on the page (google translated):

VPN Type: OpenVPN
Server Address: 79.sv2.dk
Username : Receive an Email, After Order.
Password: You will receive an email after ordering.
.ovpn file can be downloaded at https://79.sv2.dk

The .ovpn file should contain all informations you need for client setup.

Anyway it’s up to you but I would prefer ovpn if possible.


I mean not supported by openwrt (not by provider)

Not possible because of the need of the “openvpn connect”. Their support has confirmed this!

“OpenVPN connect” is just application. It use .ovpn file you can download. It’s not mandatory to use this app.
And if you will download preconfigured app. then you can extract .ovpn settings from config directory.

I’ve got that file! I would love some instructions on how to get it to work. Is it back to strongswan?

1 Like

There’s no easy way like import and run. Luci has OVPN but I don’t have experience to config over it.

Better is to start here: [OpenWrt Wiki] docs:user-guide:services:openvpn.client
or here: Setting an OpenWrt Based Router as OpenVPN Client · StreisandEffect/streisand Wiki · GitHub (first link refers to second).

usual reminder:
don’t forget to create backup before any changes! (schnapps create name_of_restore_point)
If you have some existing OVPN config (like server by Foris) it’s possible (very probable) that you will break it

Thanks! I used to configure VPN connections where I worked before via a web interface 15-20 years ago. It was a Piece of cake then, insert some addresses, exchange certificates, and the tunnel was up. I find the Turris very user unfriendly when it comes to VPN.

Wooow. You are superfast - hard to belive you could do it so fast (I definetly can’t) :clap::+1::astonished:.
Btw. you catched the evolution of VPN, right? You said you did it before 15-20 yrs. It started in 1996 with PPTP and then… openVPN was introduced around 2004?

Now I see I misunderstood maybe: I thought you set it just now like piece of cake. Sorry :smile:

Yes you misunderstood :wink:

Maybe it wasn’t openVPN back then, but it was definitely VPN on Linux!


OpenVPN it is super easy and fast on Turris. You will be even faster than 15 minutes :slight_smile:
You just dont have to use Luci but Foris! First just tick in the option in the updater to install it, then you have a new entry in the sidebar on the left.

He needs router to be ovpn client not server

ah sry true. It seems that normally OpenWRT should have a separate plugin for this purpose, which is not available on Tuirrs. Probably because of conflict with Foris vpn plugin?!

1 Like

This instruction is excellent! I’ve gotten so far that I get an IP-address from the provider, but in the log there’s an error “Options error: specify only one of --tls-server, --tls-client, or --secret” none of these parameters are specified so I don’t understand why I get this. I’ve been in contact with the provider and they don’t provide support on setting up my router but they have been very helpful. They suggested that I should ask if there’s a possibility to copy the .opvn file I’ve received from them into the router somewhere? According to them openvpn should read this file and connect without a problem. Is there such a possibility on the Turris router? Thanks :slight_smile:

how could you install the luci’s vpn plugin in the first place? Because it seemed to be missing from Turris repos, as mentioned probably because of potential conflict with the foris vpn plugin.

Btw. you can just probably run manually:

openvpn /etc/openvpn/openvpn.ovpn


1 Like

I installed the vpn plugin a while ago so maybe at that time there was no conflict ?

I’ll try you suggestion. But it would be nice if I didn’t have to SSH into the router every time I wanted to connect via VPN.

It works perfectly now :slight_smile: but as I mentioned it’s a manual procedure for the moment. It would be nice to be able to import a .ovpn file directly in the GUI.

you can make a service out of this command, and handle it from the GUI as you like in

I have also realized that the config first steps are to add new repo channel, so that is why you could install the luci ovpn plugin, and it also means the default openwrt does not have it, not only the Turris repos.

Btw, now that your ovpn issue is solved, please mark my answer as a solution, so that others can make use of as well and they dont have to read through the whole thread.

Try to check:

I have configured my openvpn instance and the service fails to start. This error shows up in the system log:
Mon Nov 13 22:32:23 2017 daemon.err openvpn(pia_client)[13823]: Options error: specify only one of --tls-server, --tls-client, or --secret
Upon closer inspection, I notice the following line in /var/etc/openvn-pia_client.conf
secret shared-secret.key
This line appears to be written to the file despite the fact I never intentionally add it. Removing the line and attempting to start the openvpn service works but the line is written to the file every time I attempt to start the instance from the LUCI interface.

This works nicely :slight_smile: But I would like to be able to control it. The script starts and everything works but I only need VPN for one or two hours a day. With the script all my traffic is going through the tunnel, placing me in another country, which normally is a disadvantage.

Would it be an idea to place the startup command as a scheduled task(crontab) or perhaps a custom command?

@leflo22: Yeah the LUCI interface has potential for improvement :wink: