I’m trying to get my turris omnia to work as client for NordVPN service so all outgoing traffic is over VPN, but I must be missing something simple as as soon as I connect to the VPN I loose all internet connection.
So far I tested just with command:
openvpn cz1.nordvpn.com.udp1194.ovpn ( the file is config they provide for each of their servers )
It asked for user and password…and then logged in, no problem.
Finishes initialization and I loose internet completely… I can ctrl+c the program and net will be back.
I have not yet used openVPN on embended devices or any servers I had but its requested now, I would like to have it service that is always running, but in service setup its just enable and point me to config file ( where do I add user and pass? )
It looks like you’ve successfully opened a VPN connection, but you haven’t told your Omnia to forward all traffic originating from your LAN through the VPN.
# a new OpenVPN instance:
uci set openvpn.nordvpn=openvpn
uci set openvpn.nordvpn.enabled='1'
uci set openvpn.nordvpn.config='/etc/openvpn/nordvpn.ovpn' # drop your ovpn here
# a new network interface for tun:
uci set network.nordvpn=interface
uci set network.nordvpn.proto='none' #dhcp #none
uci set network.nordvpn.ifname='tun0'
# a new firewall zone (for VPN):
uci add firewall zone
uci set firewall.@zone[-1].name='vpn'
uci set firewall.@zone[-1].input='REJECT'
uci set firewall.@zone[-1].output='ACCEPT'
uci set firewall.@zone[-1].forward='REJECT'
uci set firewall.@zone[-1].masq='1'
uci set firewall.@zone[-1].mtu_fix='1'
uci add_list firewall.@zone[-1].network='nordvpn'
# enable forwarding from LAN to VPN:
uci add firewall forwarding
uci set firewall.@forwarding[-1].src='lan'
uci set firewall.@forwarding[-1].dest='vpn'
# Finally, you should commit UCI changes:
uci commit
Now if your VPN service requires password authentication, you can add the following to your ovpn file:
auth-user-pass /etc/openvpn/nordvpn-auth.txt
And put your username and password in that file on separate lines, like this: (and hope no one finds it there)
username
password
Re DNS: If you have your Omnia setup to resolve DNS requests itself (i.e. Foris -> DNS -> “use forwarding” is unchecked), then Omnia will resolve through the VPN when it is active, and you don’t need to worry about DNS leaks. (Make sure to test this, e.g. https://www.dnsleaktest.com/)
If I would set up a openVPN config for my NordVPN account and then bridge the NORDVPN interface but with dhcp with a specific wireless network which have been setup like an ordinary guest wifi.
That would give me a dedicated wireless network, separeated from my lan with a pure VPN connection, right?
Hi @tomnia, thank you very much for the great tutorial! I would like to route my guest-wifi through the vpn instead of lan. Do I only have to change ‘lan’ to something else? Is it eth0?