Jump to content
TorGuard

Search the Community

Showing results for tags 'openwrt'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • The Lounge
    • TorGuard News
    • Introductions
    • General Stuff
    • Member Tutorials
    • TorGuard Reviews
  • TorGuard Software Releases
    • Network Status
    • TorGuard Client Releases
    • Android Client Releases
    • iOS App Releases
    • Chrome Extension Releases
    • Firefox Extension Releases
  • TorGuard VPN Support
    • VPN Questions and General Support
    • VPN Windows Support
    • VPN Mac Support
    • VPN Linux Support
    • VPN Router Support
    • iOS VPN Support
    • Android VPN Support
  • TorGuard Proxy Support
    • Proxy Questions and General Support
    • Firefox Extension Support
    • Chrome Extension Support

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests

Found 10 results

  1. LEDE - OPENWRT TORGUARD VPN SETUP Regards Mike OK - I decided to put this up on the TorGuard Forum as I could not find a tutorial anywhere with specific step by step instructions for getting Torguard OPENVPN working with OpenWrt/ Lede. In advance, I want to thank the excellent support team at TorGuard ( especially Mike & Andy ) for assisting me with getting my Lede/Openwrt VPN router up and running. I use davidc502 firmware which is described as Moderately Customized LEDE Development Builds found here - https://davidc502sis.dynamic-dns.net/releases/ and here - https://davidc502sis.dynamic-dns.net/snapshots/ -- davidc502's forum found here - https://forum.lede-project.org/t/davidc502-wrt1200ac-wrt1900acx-wrt3200acm-wrt32x-builds/15839/80 - Dave's builds are for Linksys WRT1900AC v1 Linksys WRT1900AC v2 Linksys WRT1900ACS Linksys WRT3200ACM Linksys WRT1200AC models ONLY !!! One of the many benefits of using Dave's custom firmware is that it comes with many pre-installed and configured software packages - including OpenVpn and Dnscrypt - I use both in conjunction on my router. For full list of packages see Dave's configuration seed found here - https://davidc502sis.dynamic-dns.net/releases/config.seed - However, the guide tutorial here will work on any and every OpenWrt/ Lede firmware based router. I also tested this with Lede stable firmware ( current version 17.01.4 ) found here - https://lede-project.org/downloads - Anyway - here we go - this is Mike's detailed original answer to my inquiry concerning my request for assistance in setting up OpenVpn on OpenWrt /Lede. I have added a few edits in order to make this more comprehensible and easier to implement. This guide will work Guaranteed if you follow instructions step by step. Mike // Staff Thank you, can you check if the steps below works ok for you 1) Then in Luci Gui go to System > Software, do update first ( ssh command opkg update ) then search for openvpn and install openvpn-openssl and luci-app-openvpn. ( uci ssh command - opkg install openvpn-openssl luci-app-openvpn ) These are necessary - Luci is GUI frontend for Openwrt - it comes pre-installed with davidc502's firmware. Also installed on Lede stable. 2) Here you Generate OpenVpn config on https://torguard.net/tgconf.php?action=vpn-openvpnconfig choosing openwrt. 3) Login using ftp client like winscp to the router (openwrt) and the config file downloaded from the tool to be uploaded to box and renamed as /etc/config/openvpn To make this simpler - you can copy and paste the newly generated text file to a text file on your desktop and /or download config file to your desktop. Install nano ( preferred text editor ) - opkg install nano - if you need to install nano - ( if not already there / comes pre-installed in davidc502's builds ) to your router. SSH into router then type ( copy and paste ) -" nano /etc/config/openvpn " ( without parenthesis ) - erase all contents of file ( hold Ctrl + k ) and replace ( copy and paste ) with contents of config file you copied and downloaded earlier. Sample of my /etc/config/openvpn config file - adjust yours as you see fit but stick with config from https://torguard.net/tgconf.php?action=vpn-openvpnconfig as your basic guide - config openvpn 'TorGuard_AES256GCM_SHA256' option client '1' option dev 'tun' option proto 'udp' option resolv_retry 'infinite' option nobind '1' option persist_key '1' option persist_tun '1' option ca '/etc/openvpn/torguard/ca.crt' option remote_cert_tls 'server' option tls_auth '/etc/openvpn/torguard/ta.key 1' option cipher 'AES-256-GCM' option comp_lzo 'adaptive' # AS of March 2018 and OpenVpn 2.4.5 use option compress 'lzo' otherwise you can not connect option verb '4' option fast_io '1' option auth_user_pass '/etc/openvpn/torguard/userpass.txt' option remote_random '0' option auth 'SHA256' option reneg_sec '0' option port '1195' list remote 'ny.east.usa.torguardvpnaccess.com' option sndbuf '393216' option rcvbuf '393216' option enabled '1' option keepalive '10 120' option auth_nocache '1' option tls_client '1' option setenv 'CLIENT_CERT 0' option tls_version_min '1.2' option tls_cipher 'TLS-DHE-RSA-WITH-AES-256-GCM-SHA384' option ncp_ciphers 'AES-256-GCM:AES-128-GCM' option tun_mtu '1500' option tun_mtu_extra '32' option ncp_disable '1' option engine 'dynamic' option mute_replay_warnings '1' option disable_occ '1' option keysize '256' option mssfix '1450' option script_security '2' option reneg_bytes '1073741824' option mute '20' option pull '1' option log '/tmp/openvpn.log' Then hit Ctrl + o - you will be asked to write file - hit enter to save file - then Ctrl + x to close file and go back into shell 4) create folder /etc/openvpn/torguard and add under it the ca.crt, ta.key from https://torguard.net/downloads/ta.key and https://torguard.net/downloads/ca.crt and create new file userpass.txt where in it put on first line your vpn username and second you vpn password. Create /etc/openvpn/torguard folder ( in ssh session into router - type - " mkdir /etc/openvpn/torguard " ( without parenthesis ) - in order to proceed - opkg install wget ( if you need to install wget ) ssh into router use wget ( install wget if not already there / comes pre-installed in davidc502's builds ) to issue following commands in order to install necessary files to /etc/openvpn/torguard folder which you just created : type the following commands in shell A - " wget -P /etc/openvpn/torguard https://torguard.net/downloads/ta.key " ( without parenthesis ) - copy and paste - ( ta.key is downloaded to /etc/openvpn/torguard folder ) B - " wget -P /etc/openvpn/torguard https://torguard.net/downloads/ca.crt " ( without parenthesis ) - copy and paste - ( ca.crt is downloaded to /etc/openvpn/torguard folder ) C - type ( copy and paste ) " nano /etc/openvpn/torguard/userpass.txt " ( without parenthesis ) - in new text file type ( copy and paste ) in first line your TorGuard Vpn username and on second line your TorGuard Vpn password - Then hit ( Ctrl + o ) - you will be asked to write file - hit enter to save file - then ( Ctrl + x ) to close file and go back into shell - userpass.txt is now added under /etc/openvpn/torguard/ folder as well Now - these commands are required from my past experience - still in SSH type ( copy and paste ) chmod 0777 /etc/openvpn/torguard/ta.key chmod 0777 /etc/openvpn/torguard/ca.crt chmod 0400 /etc/openvpn/torguard/userpass.txt There are two alternative methods available in order to create the necessary openvpn network interface and complimentary firewall rules. The first one I will feature is through the command line shell - using uci commands. The second is simply done through the Luci Web GUI. Personally, I use the uci command line approach as I feel the firewall rules for the vpn connection are more secure in nature using this method. For the sake of this tutorial, consider command line - uci - Scenario A - and Luci Web Gui method - Scenario B. Both will create an interface and working firewall rules and in the end - and leave you with a working TorGuard OpenVpn configuration and subsequent connection. GUARANTEED ! Remember this is either A or B - not A AND B !!! - you can not use both. It is one or the other. Scenario A - TorGuard OpenVpn Network Interface Creation and Setup via command line - uci uci set network.myvpnc=interface uci set network.myvpnc.proto=none uci set network.myvpnc.ifname=tun0 uci commit network TorGuard OpenVpn Firewall Rules Setup via command line - uci uci add firewall zone uci set [email protected][-1]=zone uci set [email protected][-1].name=myvpnc_fw uci set [email protected][-1].network=myvpnc uci set [email protected][-1].input=REJECT uci set [email protected][-1].output=ACCEPT uci set [email protected][-1].forward=REJECT uci set [email protected][-1].masq=1 uci set [email protected][-1].mtu_fix=1 uci add firewall forwarding uci set [email protected][-1]=forwarding uci set [email protected][-1].src=lan uci set [email protected][-1].dest=myvpnc_fw uci commit firewall reboot Scenario B - TorGuard OpenVpn - Luci ( Web Gui ) Network Interface Creation and Setup and Firewall Rules Setup 1 ) Back on Luci ( Lede/OpenWrt Gui ). Go to Network > Interfaces and add new interface name the interface " MYVPN " - make sure the " Protocol of the new interface " at top of page is set to " Unmanaged " and at bottom of page select " Custom " and enter " tun0 " ( tun number zero ) in the field next to custom radio button. Click On Submit then Save and Save and Apply Settings 2 ) Go to Network > Firewall section, click add " new zone " and make it to " "accept " ( all three up top - accept all options ) input/output/forward/masquarde, ( check " masquerade " box under where you accepting all . Then choose - enter check mark in box next to interface VPN ( Covered networks ). Then in bottom box " Inter-Zone Forwarding " ( Allow forward to destination zones: ) = LAN and then ( Allow forward from source zones: ) = LAN This means click both radio buttons next to lan in last section on firewall " newzone " you just created. Lastly, Click On Save and Save and Apply Settings - 3 ) Go to Services > Openvpn and start the VPN service. All should be up and running after this. Support said they would post this in tutorials for Openwrt/Lede firmware. As I said, I just put this up to save folks time if they run TorGuard VPN. By the way, it is an excellent VPN service. Easier setup than PIA VPN - specifically on Lede/Openwrt. Again - thanks to TorGuard Support. Bonus Feature- For Adding DNS-Over-TLS support to OpenWRT (LEDE) with Unbound see here: https://torguard.net/forums/index.php?/topic/1374-adding-dns-over-tls-support-to-openwrt-lede-with-unbound/ or here: https://forum.lede-project.org/t/adding-dns-over-tls-support-to-openwrt-lede-with-unbound/13765
  2. Hi! I have following setup. The main idea: Connect to VPN trough special WiFi spot if i need to do something special. Next upgrade: Add Tor and Privoxy service and connect from Home LAN, trough special Privoxy port. | INTERNET | external IP | |------------+-------------------------| | ISP GPON ROUTER | | 192.168.0.1 | Comment: i CAN forward ports, | NAT, | change IP of internal network, | provider controlled | change a name of SSID | firewall | can't check any rules on |------------+------------------------| this firewall and can't trust fully | | wlan0-1 WiFi AP for VPN |------------+-----------------------+----------------------- | eth1 (wan) | 10.55.0.0/24 (VPN lan) | 192.169.0.45 | network, dhcp | | VPN options | OPENWRT router | TUN | firewall | subnet | OpenVPN client | | Privoxy | | Tor | 192.168.1.0/24 (HOME lan) | | network, dhcp, | br-lan+----------------------- | 192.168.1.1 | internet access through main router w/o VPN | | |--------------------------------------| OpenVPN is working with TorGuard and it's ok. BUT... Starting OpenVPN droping the all connection to internet, from HOME lan users, cos of OpenVPN changing the routing table. Then i'm using option - option pull-filter 'ignore redirect-gateway' - it's working. But i still can't create valid routing for working VPN and HOME lan at the SAME time. Routing table with OpenVPN started default 10.33.0.5 128.0.0.0 UG 0 0 0 tun0 default 192.168.0.1 0.0.0.0 UG 0 0 0 eth1 10.33.0.1 10.33.0.5 255.255.255.255 UGH 0 0 0 tun0 10.33.0.5 * 255.255.255.255 UH 0 0 0 tun0 10.55.0.0 * 255.255.255.0 U 0 0 0 wlan0-1 88.202.177.231 192.168.0.1 255.255.255.255 UGH 0 0 0 eth1 128.0.0.0 10.33.0.5 128.0.0.0 UG 0 0 0 tun0 192.168.0.0 * 255.255.255.0 U 0 0 0 eth1 192.168.1.0 * 255.255.255.0 U 0 0 0 br-lan How i can solve this?
  3. LEDE - OPENWRT TORGUARD VPN SETUP Regards Mike OK - I decided to put this up on the TorGuard Forum as I could not find a tutorial anywhere with specific step by step instructions for getting Torguard OPENVPN working with OpenWrt/ Lede. In advance, I want to thank the excellent support team at TorGuard ( especially Mike & Andy ) for assisting me with getting my Lede/Openwrt VPN router up and running. I use davidc502 firmware which is described as Moderately Customized LEDE Development Builds found here - https://davidc502sis.dynamic-dns.net/releases/ and here - https://davidc502sis.dynamic-dns.net/snapshots/ -- davidc502's forum found here - https://forum.openwrt.org/viewtopic.php?id=64949&p=164b - Dave's builds are for Linksys WRT1900AC v1 Linksys WRT1900AC v2 Linksys WRT1900ACS Linksys WRT3200ACM Linksys WRT1200AC models ONLY !!! One of the many benefits of using Dave's custom firmware is that it comes with many pre-installed and configured software packages - including OpenVpn and Dnscrypt - I use both in conjunction on my router. For full list of packages see Dave's configuration seed found here - https://davidc502sis.dynamic-dns.net/releases/config.seed - However, the guide tutorial here will work on any and every OpenWrt/ Lede firmware based router. I also tested this with Lede stable firmware ( current version 17.01.4 ) found here - https://lede-project.org/downloads - Anyway - here we go - this is Mike's detailed original answer to my inquiry concerning my request for assistance in setting up OpenVpn on OpenWrt /Lede. I have added a few edits in order to make this more comprehensible and easier to implement. This guide will work Guaranteed if you follow instructions step by step. Mike // Staff Thank you, can you check if the steps below works ok for you 1) Then in Luci Gui go to System > Software, do update first ( ssh command opkg update ) then search for openvpn and install openvpn-openssl and luci-app-openvpn. ( uci ssh command - opkg install openvpn-openssl luci-app-openvpn ) These are necessary - Luci is GUI frontend for Openwrt - it comes pre-installed with davidc502's firmware. Also installed on Lede stable. 2) Here you Generate OpenVpn config on https://torguard.net/tgconf.php?action=vpn-openvpnconfig choosing openwrt. 3) Login using ftp client like winscp to the router (openwrt) and the config file downloaded from the tool to be uploaded to box and renamed as /etc/config/openvpn To make this simpler - you can copy and paste the newly generated text file to a text file on your desktop and /or download config file to your desktop. Install nano ( preferred text editor ) - opkg install nano - if you need to install nano - ( if not already there / comes pre-installed in davidc502's builds ) to your router. SSH into router then type ( copy and paste ) -" nano /etc/config/openvpn " ( without parenthesis ) - erase all contents of file ( hold Ctrl + k ) and replace ( copy and paste ) with contents of config file you copied and downloaded earlier. Sample of my /etc/config/openvpn config file - adjust yours as you see fit but stick with config from https://torguard.net/tgconf.php?action=vpn-openvpnconfig as your basic guide - config openvpn 'TorGuard_AES256GCM_SHA256' option client '1' option dev 'tun' option proto 'udp' option resolv_retry 'infinite' option nobind '1' option persist_key '1' option persist_tun '1' option ca '/etc/openvpn/torguard/ca.crt' option remote_cert_tls 'server' option tls_auth '/etc/openvpn/torguard/ta.key 1' option cipher 'AES-256-GCM' option comp_lzo 'adaptive' # AS of March 2018 and OpenVpn 2.4.5 use option compress 'lzo' otherwise you can not connect option verb '4' option fast_io '1' option auth_user_pass '/etc/openvpn/torguard/userpass.txt' option remote_random '0' option auth 'SHA256' option reneg_sec '0' option port '1195' list remote 'ny.east.usa.torguardvpnaccess.com' option sndbuf '393216' option rcvbuf '393216' option enabled '1' option keepalive '10 120' option auth_nocache '1' option tls_client '1' option setenv 'CLIENT_CERT 0' option tls_version_min '1.2' option tls_cipher 'TLS-DHE-RSA-WITH-AES-256-GCM-SHA384' option ncp_ciphers 'AES-256-GCM:AES-128-GCM' option tun_mtu '1500' option tun_mtu_extra '32' option ncp_disable '1' option engine 'dynamic' option mute_replay_warnings '1' option disable_occ '1' option keysize '256' option mssfix '1450' option script_security '2' option reneg_bytes '1073741824' option mute '20' option pull '1' option log '/tmp/openvpn.log' Then hit Ctrl + o - you will be asked to write file - hit enter to save file - then Ctrl + x to close file and go back into shell 4) create folder /etc/openvpn/torguard and add under it the ca.crt, ta.key from https://torguard.net/downloads/ta.key and https://torguard.net/downloads/ca.crt and create new file userpass.txt where in it put on first line your vpn username and second you vpn password. Create /etc/openvpn/torguard folder ( in ssh session into router - type - " mkdir /etc/openvpn/torguard " ( without parenthesis ) - in order to proceed - opkg install wget ( if you need to install wget ) ssh into router use wget ( install wget if not already there / comes pre-installed in davidc502's builds ) to issue following commands in order to install necessary files to /etc/openvpn/torguard folder which you just created : type the following commands in shell A - " wget -P /etc/openvpn/torguard https://torguard.net/downloads/ta.key " ( without parenthesis ) - copy and paste - ( ta.key is downloaded to /etc/openvpn/torguard folder ) B - " wget -P /etc/openvpn/torguard https://torguard.net/downloads/ca.crt " ( without parenthesis ) - copy and paste - ( ca.crt is downloaded to /etc/openvpn/torguard folder ) C - type ( copy and paste ) " nano /etc/openvpn/torguard/userpass.txt " ( without parenthesis ) - in new text file type ( copy and paste ) in first line your TorGuard Vpn username and on second line your TorGuard Vpn password - Then hit ( Ctrl + o ) - you will be asked to write file - hit enter to save file - then ( Ctrl + x ) to close file and go back into shell - userpass.txt is now added under /etc/openvpn/torguard/ folder as well Now - these commands are required from my past experience - still in SSH type ( copy and paste ) chmod 0777 /etc/openvpn/torguard/ta.key chmod 0777 /etc/openvpn/torguard/ca.crt chmod 0400 /etc/openvpn/torguard/userpass.txt There are two alternative methods available in order to create the necessary openvpn network interface and complimentary firewall rules. The first one I will feature is through the command line shell - using uci commands. The second is simply done through the Luci Web GUI. Personally, I use the uci command line approach as I feel the firewall rules for the vpn connection are more secure in nature using this method. For the sake of this tutorial, consider command line - uci - Scenario A - and Luci Web Gui method - Scenario B. Both will create an interface and working firewall rules and in the end - and leave you with a working TorGuard OpenVpn configuration and subsequent connection. GUARANTEED ! Remember this is either A or B - not A AND B !!! - you can not use both. It is one or the other. Scenario A - TorGuard OpenVpn Network Interface Creation and Setup via command line - uci uci set network.myvpnc=interface uci set network.myvpnc.proto=none uci set network.myvpnc.ifname=tun0 uci commit network TorGuard OpenVpn Firewall Rules Setup via command line - uci uci add firewall zone uci set [email protected][-1]=zone uci set [email protected][-1].name=myvpnc_fw uci set [email protected][-1].network=myvpnc uci set [email protected][-1].input=REJECT uci set [email protected][-1].output=ACCEPT uci set [email protected][-1].forward=REJECT uci set [email protected][-1].masq=1 uci set [email protected][-1].mtu_fix=1 uci add firewall forwarding uci set [email protected][-1]=forwarding uci set [email protected][-1].src=lan uci set [email protected][-1].dest=myvpnc_fw uci commit firewall reboot Scenario B - TorGuard OpenVpn - Luci ( Web Gui ) Network Interface Creation and Setup and Firewall Rules Setup 1 ) Back on Luci ( Lede/OpenWrt Gui ). Go to Network > Interfaces and add new interface name the interface " MYVPN " - make sure the " Protocol of the new interface " at top of page is set to " Unmanaged " and at bottom of page select " Custom " and enter " tun0 " ( tun number zero ) in the field next to custom radio button. Click On Submit then Save and Save and Apply Settings 2 ) Go to Network > Firewall section, click add " new zone " and make it to " "accept " ( all three up top - accept all options ) input/output/forward/masquarde, ( check " masquerade " box under where you accepting all . Then choose - enter check mark in box next to interface VPN ( Covered networks ). Then in bottom box " Inter-Zone Forwarding " ( Allow forward to destination zones: ) = LAN and then ( Allow forward from source zones: ) = LAN This means click both radio buttons next to lan in last section on firewall " newzone " you just created. Lastly, Click On Save and Save and Apply Settings - 3 ) Go to Services > Openvpn and start the VPN service. All should be up and running after this. Support said they would post this in tutorials for Openwrt/Lede firmware. As I said, I just put this up to save folks time if they run TorGuard VPN. By the way, it is an excellent VPN service. Easier setup than PIA VPN - specifically on Lede/Openwrt. Again - thanks to TorGuard Support. Let us know if you have any further questions. Regards Mike LEDE - OPENWRT TORGUARD VPN SETUP
  4. I think there is no need to write a guide for this project, they documented it well. Python is available on openwrt and you can use this directly on your router. Can anybody try this on their ddwrt routers?
  5. Requirements: openconnect vpnc vpnc-scripts Install requirements: Ubuntu/Raspbian # Update repository sudo apt-get update # Install openconnect and vpnc scripts sudo apt-get install openconnect vpnc-scripts -y Openwrt/Lede (current available openconnect does not work, you need to compile your own) # Update repository opkg update # Install openconnect and vpnc scripts opkg install openconnect vpnc-scripts Connect to VPN: Method 1 (password stored in a file) (password is stored in plain text) # Method 1 - Password stored in file sudo openconnect -u YourUsername --authgroup=DEFAULT -b --passwd-on-stdin --cafile=/home/pi/torguard/ca.crt --servercert=YourServerCert --pfs Server:Port </home/pi/torguard/userpass.txt Method 2 (pass password in command) (password is in plain text) # Method 2 - Pass password echo YourPass | sudo openconnect -u YourUsername --authgroup=DEFAULT -b --passwd-on-stdin --cafile=/home/pi/torguard/ca.crt --servercert=YourServerCert --pfs Server:Port My results with Raspberry Pi 3 Model B on factory system is 20/20Mb/s during Kodi was running full HD stream. With openconnect, RaspberryPi can be used as streaming service with high vpn encryption provided by TorGuard. Autostart - Method 1 There are plenty of vpnc scripts which can be used. In case of Raspberry Pi 3 Model B, it has onboard WLAN which does not perform very well, I don't get 20Mb/s with it. Connecting USB Wireless N did not solve the issue as it seems that RPi does not provide enough power to get more out of WLAN. For that reason I used external USB HUB with own power supply providing with power wireless or any other device, so that Raspberry itself has enough power. I ran into second problem. Without additional installation or manuall commands typing in terminal, you can't use second wlan that easy. Many suggest methods like to install some additional software for managing wireless, where I do not need onboard wireless at all to boot with the OS. But disabling it turns out often for newbies that they don't remember how to turn it on. That is the reason why I do suggest a very simple method for newbies, especially those who never did deal with this topics before. Using Raspeberry's LAN port is not a problem. I do get 90Mb/s, which is actually almost 100% what 100Mb/Lan card can offer. LAN is always preferable if possible. I will keep this example for the factory delivery of RPi and reffer to Raspberry Pi 3 Model B in this guide. Requirements: CA certificate from TorGuard. You can get it here. Save your password for VPN service into file in plain text, I will use this path in this guide /home/pi/torguard/onlypass-plain.txt Server's fingerprint (SHA1). (If you don't know how to find it, connect manually without and it will print sha1 fingerprint) (you can also always ask TorGuard support for assistance) XTERM xterm is not installed by default, you can install it with this command: sudo apt-get update; sudo apt-get install xterm -y Create a script to start openconnect in new terminal window Path in this guide: /home/pi/Desktop/tg.sh Example of tg.sh: sudo openconnect --verbose --pid-file=/var/run/openconnect.pid -u demouser --authgroup=DEFAULT -b --reconnect-timeout=200 --passwd-on-stdin --cafile=/home/pi/torguard/ca.crt --servercert=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF --pfs 1.2.3.4:22 </home/pi/torguard/onlypass-plain.txt Create a script for autostarting VPN connection on boot. Path in this guide: /home/pi/Desktop/autostart-openconnect-at-sharedip.sh Because we need separate terminal window where we always can see what is going on, we need to start VPN after desktop has been loaded. There are several ways to achive it, but one simple is xterm: sleep 20 sudo xterm -e "bash /home/pi/Desktop/tg.sh;bash" Xterm starts a new window running a script where new terminal window is not closed after sh command has been run, because if it closes, you closed your VPN connection. Here I use 20 seconds to wait until everything loads or vpn will fail to connect. It works also with 10 seconds, but I would not recommend lower value. For more advanced setups, please use vpnc scripts. Edit LXDE session start script for current user Path to start script: /home/pi/.config/lxsession/LXDE-pi/autostart Add command to run a a script autoconnecting to VPN, add to : /home/pi/.config/lxsession/LXDE-pi/autostart Here I do disable onboard wlan0 because I use USB device and if you don't do that, then VPN will connect over wlan0. sudo ifconfig wlan0 down # Disable onboard Wifi @sudo /home/pi/Desktop/autostart-openconnect-at-sharedip.sh # Connect correctly over wlan1 (Here we have second time sudo, but it will not harm anything, it will only ensure, that if you forget sudo in your tg.sh, then autostart will still work) (You need to have root privileges to be able to access vpns folder) Reboot I hope it helps some newbies to get started with this amazing VPN service. On factory RPi and openconnect, I get 30Mb on download constantly which is great result and is enough for almost anything, including streaming in HD. Those who have/need faster connections, they will need to buy better device. But all in all, you can use RPi as Media Center together with IPTV behind TorGuards VPN and it is working very well, everything works very stable. This is much better replacement for any smart tv around and costs barely € 35. I think there is no cheaper device performing better for this price. If you know any, please show me the results, I would love to test them. Once again, TorGuard, thank you very much for such a great service!
  6. Requirements openwrt (or any openwrt based firmware like LEDE openwrt) tor libevent2-openssl libevent2 libminiupnpc libnatpmp tor-geoip (optional) tor-fw-helper (optional) Description In this guide I will install and create tor on my openwrt router. My Wireless is isolated. You can change these setting as you wish, take only care that nobody from outside can reach your LAN's. At the end of this post is a script doing everything for you. You need only to adapt the script for your settings. For this guide, my router's lan ip is 192.168.1.3 This setup works for those who do use only proxy/socks product, vpn products or mix of them. It is very high grade of anonimity if all this works in some VPN, like TorGuard's which does work perfectly! What will we have at the end of this setup tor socks5 server on router's lan IP:9050 (in this example 192.168.1.3:9050) (you can set your system, browser or anything else to use socks5 which goes always over tor) Simple usage by joining WLAN (no need to setup anything on any device) set specific LAN port to go always through Tor, (especially usefull for those who use C-Lines for Card Sharing) Isolated Wireless Network (which is secured and can't communicate with LAN devices) Traffic is sent through TorGuard's proxy/socks5 (all tor's traffic sent through socks ot https proxy, Torguard Proxy port: 6060, TorGuard socks5 ports: 1080/1085/1090) (in this guide, we set only .onion and .exit urls to go over tor, all other pages will go over TorGuard's socks/proxy used by tor) (We also restrict usage on port 80 and 443 for the case that you need to hide from your ISP/VPN provder, TorGuard does not block) (if you are not using VPN, then you do hide the traffic from your ISP in using socks and from your socks provider by using only ports 80/443) (even if this setup is higly secure, consider using as addition obfsproxy which I will not cover in this guide) (socks5/proxy acts also as a fallback if your VPN stops working) This setup works if you are connected to a VPN (like TorGuard and openvpn, my router is currently in TorGuard's VPN) Installation of required packages: opkg update opkg install libevent2-openssl libevent2 libminiupnpc libnatpmp tor tor-fw-helper tor-geoip Create Tor interface with static IP 172.x.x.x Create DHCP server for tor interface Create 5Ghz and 2,4Ghz isolated wireless interfaces Add firewall zone and configure firewall for tor Configure tor with TorGuard services Download geoip and geoipv6 Reboot your router Script installing tor requirements, creating interface, configuring firewall If you are connected with TorGuards VPN and everything runs over VPN, then your tor might be inactive if it starts before openvpn during the boot because openvpn changes routes and tor needs to be restarted. In this case you can edit openvpn's start scripts, or tor's startscripts or simply adding this command under System->Startup section "Local Startup" # Put your custom commands here that should be executed once # the system init finished. By default this file does nothing. sleep 10 /etc/init.d/tor reload /etc/init.d/tor restart exit 0 How to get geoip and geoipv6 files TorGuard works blazing fast with Tor Network (!!!TORGUARD TEAM IS AMAZING, THANKS FOR GREAT SERVICES!!!) Thats it, enjoy tor network.
  7. TorGuardWRT + OpenVPN + TorGuardApp + Extras more info following in coming days. Please leave your comments. Further discussion, descriptions, guides will follow only on corresponding github project page. I may or may not reply in this thread. As replacement of a discussion board where you would like to discuss with me about this project, it will be on slack channel. Please follow github for more info, github will be updated in next few days.
  8. Check DNS requests guide (webarchive) In previous guide, I described how to get rid of your ISP or any other service (even TorGuard itself) hijacking your DNS (webarchive) In this topic I will show how you simply can find out what exactly is going on with port 53 which is default DNS port. Requierments HowTo/Wiki/Links Please read about tcpdump usage and how to on github, I will show here one exampe where I do check DNS requests on tun0 which is my openvpn tunnel connected to TorGuard. You can filter the command from the codebox below, but for simplicity, here it is: # tcpdump -vvv -i YOURINTERFACE port PORTNUMBER # Please lookup here for explanation of other options # - https://github.com/the-tcpdump-group/tcpdump tcpdump -vvv -i tun0 port 53 Logfile of test dump (it is long, that is why I'll put it into spoiler, for better overview) This is example of port 53 (DNS requests) when starting a stream on netflix US : (it will run until you stop it, you can do it by pressing CTRL+C on your keyboard) Results Here we received 26 packets and now we have clear DNS requests overview. What did we find? Let's take one line out of this log, this as example: 05:40:20.548149 IP (tos 0x0, ttl 64, id 59800, offset 0, flags [none], proto UDP (17), length 529) b.resolvers.Level3.net.53 > 10.35.0.6.25006: [udp sum ok] 38042 q: A? ipv4_1-lagg0-c158.1.ord001.ix.nflxvideo.net. 1/8/10 ipv4_1-lagg0-c158.1.ord001.ix.nflxvideo.net. [1h] A 108.175.38.188 ns: ix.nflxvideo.net. [3h48m5s] NS pdns154.ultradns.com., ix.nflxvideo.net. [3h48m5s] NS pdns154.ultradns.net., ix.nflxvideo.net. [3h48m5s] NS ns2.p30.dynect.net., ix.nflxvideo.net. [3h48m5s] NS ns3.p30.dynect.net., ix.nflxvideo.net. [3h48m5s] NS pdns154.ultradns.biz., ix.nflxvideo.net. [3h48m5s] NS pdns154.ultradns.org., ix.nflxvideo.net. [3h48m5s] NS ns4.p30.dynect.net., ix.nflxvideo.net. [3h48m5s] NS ns1.p30.dynect.net. ar: pdns154.ultradns.com. [1d19h29m25s] A 156.154.64.154, pdns154.ultradns.com. [16h59m27s] AAAA 2001:502:f3ff::be, ns3.p30.dynect.net. [3h48m10s] A 208.78.71.30, pdns154.ultradns.org. [15h27m14s] AAAA 2001:502:4612::be, ns4.p30.dynect.net. [3h48m10s] A 204.13.251.30, ns2.p30.dynect.net. [3h48m10s] A 204.13.250.30, pdns154.ultradns.net. [1d3h48m5s] A 156.154.65.154, pdns154.ultradns.net. [2h55m55s] AAAA 2610:a1:1014::be, pdns154.ultradns.biz. [15h27m14s] AAAA 2610:a1:1015::be, ns1.p30.dynect.net. [3h48m10s] A 208.78.70.30 (501) Basicly, all lines do the same if you take closer look, when you press play button on your browser, netflix does contact these servers on port 53. Choosen line in more understandable format Please do not think that preventing netflix to make this check (dns request) will help you with their service, this is not enough. But if you need to redirect anything, then this is how to get required information or simply to log your network. If there are requests, I'll write you a gui for Luci in openwrt where you can make these tests or whatever could be the goal of the requested app. You are free to discuss about your (or my ) results, check your ISP's and if you are conform with anything, well, listening to people on internet is not good, trying it out and doing yourself is good. At the end, whatever you want to do, you can automate it, ie. redirecting all these requests to your StreamIP (lol , this would have worked until the last crackdown but not anymore). Other services still work with that and there are plenty of streaming services. However, its good to know what your network does, at least on important ports like D Hope my terrible english is good enough for writting guides, but sorry for typos or some strange expressions.
  9. I have posted already how to prevent hijacking of your DNS by your IP. There are some ISP's like Verizon, T-Mobile, ... which do send all traffic over port 53 (yes, they hijack your DNS), regardless of which DNS servers you use. Here is how to get rid of that and redirect it to some another address with help of iptables instead editing dnsmasq in WebIF (which is still my preferable solution for most tasks), in this example I'll redirect all dns requests to my custom dns server, to lan1 in this case, which is my local DNS Server Openwrt (I think ddwrt should work too, but I did not test it on ddwrt but basicly it should be the same, just check the names of devices) iptables -t nat -A PREROUTING -i br-lan -p udp --dport 53 -j DNAT --to 192.168.1.1 On openwrt and other releases, switch on masquerading, it is required. Now a question to TorGuard, do you/can you offer alternative ports for those who maybe can't use first method described, neither this second solution. To find out what is going on through your DNS port, read here.
  10. Hi, I bought an Archer C7 v2 router so I could use it as OpenVPN client. That way the best speeds I maanged to get were 8Mbps down / 16 up. After testing a lot of differnet configuration and searching in Google the experience of other users with the same router I came to the conclusion that most routers can't deliver more than 10Mbps when they work as openvpn clients. So does anyone know any openwrt router that can deliver at least 30Mbps download speed when it works as OpenVPN client? thank you
×