Jump to content
TorGuard
  • 0
Sign in to follow this  
19807409

OpenVPN TorGuardApp (soon publicly available for testing)

Rate this question

Question

19807409

TorGuardWRT + OpenVPN + TorGuardApp + Extras

 

more info following in coming days.

 

Please leave your comments.

 

 

Further discussion, descriptions, guides will follow only on corresponding github project page. I may or may not reply in this thread.

 

As replacement of a discussion board where you would like to discuss with me about this project, it will be on slack channel. Please follow github for more info, github will be updated in next few days.

 

  • Like 2

Share this post


Link to post
Share on other sites

17 answers to this question

Recommended Posts

  • 0
19807409

How to install OpenVPN for TorGuard usage on OpenWRT (first install)

 

  • Create Torguard config folder where to store keys
    # Create directory torguard in folder /etc/openvpn
    mkdir -p /etc/openvpn/torguard
    
  • Install certificate and TLS authentification key
    (ca.crt and ta.key into created dir /etc/openvpn/torguard)


    How To get my TorGuard TA.KEY and CA.CRT files

     
    2.1 Go to https://torguard.net and Login (click on Spoiler to see screeshot of this process)


    RpdWpp4.png
    o0HQUCT.png

     
    2.2 Go to your certificates/keys under  View My Certificates
    For big resolution: (click on Spoiler to see screeshot of this process)


    P4fTLve.png


    For small resolution/mobile: (click on Spoiler to see screeshot of this process)


    Vg8iXRI.png

     
    2.3 Save certificates to your torguard folder
    (In example scripts I used /etc/openvpn/torguard, please change if your settings differ from example)
     
    I will describe here only three ways, you can cat over ssh too, thats my preffered way but this guide is for newbies.
     
    Way 1
    Copy from Browser and paste (click on Spoiler to see screeshot of this process)


    y3POoq4.png

    cat <<EOF >/etc/openvpn/torguard/ca.crt
    -----BEGIN CERTIFICATE-----
    SOME RANDOM LINES
    COPY INCLUDING LINES WITH
    BEGINN AND END CERTIFICATE
    -----END CERTIFICATE-----
    EOF
    
    
    cat <<EOF >/etc/openvpn/torguard/ta.key
    -----BEGIN OpenVPN Static key V1-----
    SOME RANDOM LINES
    COPY INCLUDING LINES WITH
    BEGINN AND END OpenVPN Static key V1
    -----END OpenVPN Static key V1-----
    EOF
    
    



    Way 2
    Download and save CA certificate and TLS authentification key somewhere on your box/pc, in this example in folder /etc/openvpn/torguard (click on Spoiler to see screeshot of this process)


    Tf1I9mf.png


     
    Way 3 (click on Spoiler to see screeshot of this process)
    (if you have installed TorGuard VPN client on your PC)


    Look in user folder for these 2 files, for windows users they are located in this folder:

    %appdata%\..\Local\VPNetworkLLC\TorGuard\configs
    Ih7ivbJ.png


  • Create TorGuard VPN authentification file and setting permissions
    (create file /etc/openvpn/torguard/userpass.txt)
    (setting permissions to 444, you can change it even to 400 for more security)


    # Create TorGuard authentification file
    # First line: your TorGuard VPN username
    # Second line: your TorGuard VPN password
    cat <<EOF >/etc/openvpn/torguard/userpass.txt
    YourUserpass
    YourPassword
    EOF
    
    # Change permission of TorGuard VPN TLS authentification key
    chmod 444 /etc/openvpn/torguard/ta.key
    
    # Change permission of TorGuard VPN CA certificate
    chmod 444 /etc/openvpn/torguard/ca.crt
    
    # Change permission of TorGuard VPN authentification credentials
    chmod 444 /etc/openvpn/torguard/userpass.txt
    

  • Install OpenVPN with openssl


    # Update repository
    opkg update
    
    # Install openvpn and easy-rsa (optional)
    opkg install openvpn-openssl openvpn-easy-rsa
    
    

  • Create network interface tun0 and firewall rules for this interface
    (we create tun0 interface vpn1, firewall zone vpn1 and allow it's communication with lan)
    (Please change these settings if you use different. lan is always default local network which is used in this example)


    # Please check your settings. I use here default settings:
    # LAN IP: 192.168.1.1
    # Tunnel VPN1: tun0
    # Port: preset for 1912 which is AES-128-CBC SHA256
    # Proto: in this example, I open and redirect only udp port, if you want both, change 'udp' to 'tcp udp'
    
    # 1. Create VPN Interface (tun0)
    uci set network.vpn1=interface
    uci set network.vpn1.ifname=tun0
    uci set network.vpn1.proto=none
    uci set network.vpn1.auto=1
    
    # 2. Create separate firewall zone for new VPN network
    uci set firewall.vpn1=zone
    uci set firewall.vpn1.name=vpn1
    uci set firewall.vpn1.network=vpn1
    uci set firewall.vpn1.input=REJECT # ACCEPT if not using as WAN replacement
    uci set firewall.vpn1.forward=REJECT
    uci set firewall.vpn1.output=ACCEPT
    uci set firewall.vpn1.masq=1
    uci set firewall.vpn1.mtu_fix=1
    
    # 3. Firewall, allow communication from/to lan/vpn
    # Allow clients behind the VPN server to connect to computers within your LAN
    uci set firewall.vpn1_forwarding_lan_in=forwarding
    uci set firewall.vpn1_forwarding_lan_in.src=vpn1
    uci set firewall.vpn1_forwarding_lan_in.dest=lan
    
    # Allow to initiate connections to clients (or the internet) behind the VPN server
    uci set firewall.vpn1_forwarding_lan_out=forwarding
    uci set firewall.vpn1_forwarding_lan_out.src=lan
    uci set firewall.vpn1_forwarding_lan_out.dest=vpn1
    
    # Firewall rule - Forward TorGuard OpenVPN 1912 any interface to WAN
    uci set firewall.vpn1_forward_any_to_wan_1912=rule
    uci set firewall.vpn1_forward_any_to_wan_1912.target='ACCEPT'
    uci set firewall.vpn1_forward_any_to_wan_1912.dest='wan'
    uci set firewall.vpn1_forward_any_to_wan_1912.name='Forward TorGuard OpenVPN 1912 from any interface to WAN'
    uci set firewall.vpn1_forward_any_to_wan_1912.src='*'
    uci set firewall.vpn1_forward_any_to_wan_1912.src_port='1912'
    uci set firewall.vpn1_forward_any_to_wan_1912.dest_port='1912'
    
    # Firewall rule - Forward TorGuard OpenVPN 1912 from WAN to LAN ROUTER IP
    uci set firewall.vpn1_forward_wan_to_lan_routerip_1912=rule
    uci set firewall.vpn1_forward_wan_to_lan_routerip_1912.target='ACCEPT'
    uci set firewall.vpn1_forward_wan_to_lan_routerip_1912.src='wan'
    uci set firewall.vpn1_forward_wan_to_lan_routerip_1912.dest='lan'
    uci set firewall.vpn1_forward_wan_to_lan_routerip_1912.name='Forward TorGuard OpenVPN 1912 from WAN to LAN ROUTER IP'
    uci set firewall.vpn1_forward_wan_to_lan_routerip_1912.src_port='1912'
    uci set firewall.vpn1_forward_wan_to_lan_routerip_1912.dest_port='1912'
    uci set firewall.vpn1_forward_wan_to_lan_routerip_1912.dest_ip='192.168.1.1'
    	
    # Firewall Traffic - Open Ports on Router
    uci set firewall.vpn1_open_port_1912_on_wan=rule
    uci set firewall.vpn1_open_port_1912_on_wan.target='ACCEPT'
    uci set firewall.vpn1_open_port_1912_on_wan.src='wan'
    uci set firewall.vpn1_open_port_1912_on_wan.proto='udp'
    uci set firewall.vpn1_open_port_1912_on_wan.dest_port='1912'
    uci set firewall.vpn1_open_port_1912_on_wan.name='Open TorGuard OpenVPN 1912 on WAN'
    
    # Firewall Traffic - Redirect Redirect Torguard OpenVPN 1912 from WAN to LAN IP
    uci set firewall.vpn1_redirect_wan_to_lan_routerip_1912=redirect
    uci set firewall.vpn1_redirect_wan_to_lan_routerip_1912.target='DNAT'
    uci set firewall.vpn1_redirect_wan_to_lan_routerip_1912.src='wan'
    uci set firewall.vpn1_redirect_wan_to_lan_routerip_1912.dest='lan'
    uci set firewall.vpn1_redirect_wan_to_lan_routerip_1912.proto='tcp udp'
    uci set firewall.vpn1_redirect_wan_to_lan_routerip_1912.src_port='1912'
    uci set firewall.vpn1_redirect_wan_to_lan_routerip_1912.dest_ip='192.168.1.1'
    uci set firewall.vpn1_redirect_wan_to_lan_routerip_1912.dest_port='1912'
    uci set firewall.vpn1_redirect_wan_to_lan_routerip_1912.name='Redirect Torguard OpenVPN 1912 from WAN to LAN IP'
    
    # Firewall Traffic - Redirect Torguard OpenVPN 1912 from VPN1 to LAN IP
    uci set firewall.vpn1_redirect_vpn1_to_lan_routerip_1912=redirect
    uci set firewall.vpn1_redirect_vpn1_to_lan_routerip_1912.enabled='1'
    uci set firewall.vpn1_redirect_vpn1_to_lan_routerip_1912.target='DNAT'
    uci set firewall.vpn1_redirect_vpn1_to_lan_routerip_1912.src='vpn1'
    uci set firewall.vpn1_redirect_vpn1_to_lan_routerip_1912.dest='lan'
    uci set firewall.vpn1_redirect_vpn1_to_lan_routerip_1912.proto='tcp udp'
    uci set firewall.vpn1_redirect_vpn1_to_lan_routerip_1912.src_port='1912'
    uci set firewall.vpn1_redirect_vpn1_to_lan_routerip_1912.dest_ip='192.168.1.1'
    uci set firewall.vpn1_redirect_vpn1_to_lan_routerip_1912.dest_port='1912'
    uci set firewall.vpn1_redirect_vpn1_to_lan_routerip_1912.name='Redirect Torguard OpenVPN 1912 from VPN1 to LAN IP'
    	
    # Comit changes and reload network and firewall (here you could loose terminal connection)
    uci commit network
    /etc/init.d/network reload
    uci commit firewall
    /etc/init.d/firewall reload
    

  • Create custom openvpn config in openwrt format
    (I will set enable to 1 and this VPN will connect directly on reboot, please enable only 1 VPN per interface)
    (Set to closest servers to you, I've set Netherlands, France and UK as example)


    uci set openvpn.CustomTorGuardConfig=openvpn
    uci set openvpn.CustomTorGuardConfig.enabled='1'
    uci set openvpn.CustomTorGuardConfig.client='1'
    uci set openvpn.CustomTorGuardConfig.dev='tun'
    uci set openvpn.CustomTorGuardConfig.proto='udp'
    uci set openvpn.CustomTorGuardConfig.resolv_retry='infinite'
    uci set openvpn.CustomTorGuardConfig.nobind='1'
    uci set openvpn.CustomTorGuardConfig.ca='/etc/openvpn/torguard/ca.crt'
    uci set openvpn.CustomTorGuardConfig.ns_cert_type='server'
    uci set openvpn.CustomTorGuardConfig.tls_auth='/etc/openvpn/torguard/ta.key 1'
    uci set openvpn.CustomTorGuardConfig.cipher='AES-256-CBC'
    uci set openvpn.CustomTorGuardConfig.comp_lzo='yes'
    uci set openvpn.CustomTorGuardConfig.verb='3'
    uci set openvpn.CustomTorGuardConfig.fast_io='1'
    uci set openvpn.CustomTorGuardConfig.auth_user_pass='/etc/openvpn/torguard/userpass.txt'
    uci set openvpn.CustomTorGuardConfig.remote_random='0'
    uci set openvpn.CustomTorGuardConfig.auth='SHA256'
    uci set openvpn.CustomTorGuardConfig.reneg_sec='0'
    uci set openvpn.CustomTorGuardConfig.sndbuf='393216'
    uci set openvpn.CustomTorGuardConfig.rcvbuf='393216'
    uci set openvpn.CustomTorGuardConfig.tun_mtu='1400'
    uci set openvpn.CustomTorGuardConfig.txqueuelen='10000'
    uci set openvpn.CustomTorGuardConfig.mlock='1'
    uci set openvpn.CustomTorGuardConfig.suppress_timestamps='1'
    uci set openvpn.CustomTorGuardConfig.persist_key='1'
    uci set openvpn.CustomTorGuardConfig.persist_tun='1'
    uci set openvpn.CustomTorGuardConfig.log='/var/log/openvpn.log'
    uci set openvpn.CustomTorGuardConfig.rport='1912'
    uci add_list openvpn.CustomTorGuardConfig.remote='nl.torguardvpnaccess.com'
    uci add_list openvpn.CustomTorGuardConfig.remote='fr.torguardvpnaccess.com'
    uci add_list openvpn.CustomTorGuardConfig.remote='uk.torguardvpnaccess.com'
    uci commit openvpn
    /etc/init.d/openvpn reload
    

  • Restart your router
    # Forced reboot
    reboot -f
    

 


 
Script to install OpenVPN continent based configs on OpenWRT


Encryption: AES-256-CBC SHA512, port 389

 

serverlisteu="aus bg bul czech den fin fr frank.gr gr gre hg ice ire iom it lv lux md nl no pl por ro sp swe swiss ukr lon.uk uk"
serverlistasia="hk in ind isr jp my mo.ru ru saudi singp sk thai turk vn"
serverlistnamerica="ca vanc.ca.west cr mx pa atl.east.usa chi.central.usa dal.central.usa la.west.usa lv.west.usa fl.east.usa nj.east.usa ny.east.usa sa.west.usa"
serverlistsamerica="br chil"
serverlistafrica="egy za tun"
serverlistaustralia="au melb.au nz"

create_ovpnowrtcfgudp () {
# $1 - Name
# $2 - Continent
# $3 - cipher
# $4 - auth
# $5 - Port
# $6 - Country list

# If you want to clear existing /etc/config/openvpn, uncomment next line
#echo > /etc/config/openvpn # clear the openvpn uci config

name="$1"
continent="$2"
cipher="$3"
auth="$4"
port="$5"
countries="$6"

ciphertxt=$(echo $cipher|sed 's/-//g')

uciname=$name"_"$continent"_"$ciphertxt"_"$auth"_"$port
uci set openvpn.$uciname=openvpn
uci set openvpn.$uciname.enabled='0'
uci set openvpn.$uciname.client='1'
uci set openvpn.$uciname.dev='tun'
uci set openvpn.$uciname.proto='udp'
uci set openvpn.$uciname.resolv_retry='infinite'
uci set openvpn.$uciname.nobind='1'
uci set openvpn.$uciname.ca='/etc/openvpn/torguard/ca.crt'
uci set openvpn.$uciname.ns_cert_type='server'
uci set openvpn.$uciname.tls_auth='/etc/openvpn/torguard/ta.key 1'
uci set openvpn.$uciname.cipher=$cipher #'AES-256-CBC'
uci set openvpn.$uciname.comp_lzo='yes'
uci set openvpn.$uciname.verb='3'
uci set openvpn.$uciname.fast_io='1'
uci set openvpn.$uciname.auth_user_pass='/etc/openvpn/torguard/userpass.txt'
uci set openvpn.$uciname.remote_random='0'
uci set openvpn.$uciname.auth=$auth #'SHA512'
uci set openvpn.$uciname.reneg_sec='0'
uci set openvpn.$uciname.sndbuf='393216'
uci set openvpn.$uciname.rcvbuf='393216'
uci set openvpn.$uciname.tun_mtu='1400'
uci set openvpn.$uciname.txqueuelen='10000'
uci set openvpn.$uciname.mlock='1'
uci set openvpn.$uciname.suppress_timestamps='1'
uci set openvpn.$uciname.persist_key='1'
uci set openvpn.$uciname.persist_tun='1'
uci set openvpn.$uciname.log='/var/log/openvpn.log'
uci set openvpn.$uciname.rport=$port #'389'
for p in $countries; do
	uci add_list openvpn.$uciname.remote=$p'.torguardvpnaccess.com'
done
uci commit openvpn
}

create_ovpnowrtcfgudp "TorGuard" "EU" "AES-256-CBC" "SHA512" "389" "$serverlisteu"
create_ovpnowrtcfgudp "TorGuard" "ASIA" "AES-256-CBC" "SHA512" "389" "$serverlistasia"
create_ovpnowrtcfgudp "TorGuard" "NAMERICA" "AES-256-CBC" "SHA512" "389" "$serverlistnamerica"
create_ovpnowrtcfgudp "TorGuard" "SAMERICA" "AES-256-CBC" "SHA512" "389" "$serverlistsamerica"
create_ovpnowrtcfgudp "TorGuard" "AFRICA" "AES-256-CBC" "SHA512" "389" "$serverlistafrica"
create_ovpnowrtcfgudp "TorGuard" "AUSTRALIA" "AES-256-CBC" "SHA512" "389" "$serverlistaustralia" 

 


Encryption: AES-256-CBC SHA256, port 1195

 

serverlisteu="aus bg bul czech den fin fr frank.gr gr gre hg ice ire iom it lv lux md nl no pl por ro sp swe swiss ukr lon.uk uk"
serverlistasia="hk in ind isr jp my mo.ru ru saudi singp sk thai turk vn"
serverlistnamerica="ca vanc.ca.west cr mx pa atl.east.usa chi.central.usa dal.central.usa la.west.usa lv.west.usa fl.east.usa nj.east.usa ny.east.usa sa.west.usa"
serverlistsamerica="br chil"
serverlistafrica="egy za tun"
serverlistaustralia="au melb.au nz"

create_ovpnowrtcfgudp () {
# $1 - Name
# $2 - Continent
# $3 - cipher
# $4 - auth
# $5 - Port
# $6 - Country list

# If you want to clear existing /etc/config/openvpn, uncomment next line
#echo > /etc/config/openvpn # clear the openvpn uci config

name="$1"
continent="$2"
cipher="$3"
auth="$4"
port="$5"
countries="$6"

ciphertxt=$(echo $cipher|sed 's/-//g')

uciname=$name"_"$continent"_"$ciphertxt"_"$auth"_"$port
uci set openvpn.$uciname=openvpn
uci set openvpn.$uciname.enabled='0'
uci set openvpn.$uciname.client='1'
uci set openvpn.$uciname.dev='tun'
uci set openvpn.$uciname.proto='udp'
uci set openvpn.$uciname.resolv_retry='infinite'
uci set openvpn.$uciname.nobind='1'
uci set openvpn.$uciname.ca='/etc/openvpn/torguard/ca.crt'
uci set openvpn.$uciname.ns_cert_type='server'
uci set openvpn.$uciname.tls_auth='/etc/openvpn/torguard/ta.key 1'
uci set openvpn.$uciname.cipher=$cipher #'AES-256-CBC'
uci set openvpn.$uciname.comp_lzo='yes'
uci set openvpn.$uciname.verb='3'
uci set openvpn.$uciname.fast_io='1'
uci set openvpn.$uciname.auth_user_pass='/etc/openvpn/torguard/userpass.txt'
uci set openvpn.$uciname.remote_random='0'
uci set openvpn.$uciname.auth=$auth #'SHA512'
uci set openvpn.$uciname.reneg_sec='0'
uci set openvpn.$uciname.sndbuf='393216'
uci set openvpn.$uciname.rcvbuf='393216'
uci set openvpn.$uciname.tun_mtu='1400'
uci set openvpn.$uciname.txqueuelen='10000'
uci set openvpn.$uciname.mlock='1'
uci set openvpn.$uciname.suppress_timestamps='1'
uci set openvpn.$uciname.persist_key='1'
uci set openvpn.$uciname.persist_tun='1'
uci set openvpn.$uciname.log='/var/log/openvpn.log'
uci set openvpn.$uciname.rport=$port #'1195'
for p in $countries; do
	uci add_list openvpn.$uciname.remote=$p'.torguardvpnaccess.com'
done
uci commit openvpn
}

create_ovpnowrtcfgudp "TorGuard" "EU" "AES-256-CBC" "SHA256" "1195" "$serverlisteu"
create_ovpnowrtcfgudp "TorGuard" "ASIA" "AES-256-CBC" "SHA256" "1195" "$serverlistasia"
create_ovpnowrtcfgudp "TorGuard" "NAMERICA" "AES-256-CBC" "SHA256" "1195" "$serverlistnamerica"
create_ovpnowrtcfgudp "TorGuard" "SAMERICA" "AES-256-CBC" "SHA256" "1195" "$serverlistsamerica"
create_ovpnowrtcfgudp "TorGuard" "AFRICA" "AES-256-CBC" "SHA256" "1195" "$serverlistafrica"
create_ovpnowrtcfgudp "TorGuard" "AUSTRALIA" "AES-256-CBC" "SHA256" "1195" "$serverlistaustralia" 

 


Encryption: AES-256-CBC SHA1, port 995, no TLS

 

serverlisteu="aus bg bul czech den fin fr frank.gr gr gre hg ice ire iom it lv lux md nl no pl por ro sp swe swiss ukr lon.uk uk"
serverlistasia="hk in ind isr jp my mo.ru ru saudi singp sk thai turk vn"
serverlistnamerica="ca vanc.ca.west cr mx pa atl.east.usa chi.central.usa dal.central.usa la.west.usa lv.west.usa fl.east.usa nj.east.usa ny.east.usa sa.west.usa"
serverlistsamerica="br chil"
serverlistafrica="egy za tun"
serverlistaustralia="au melb.au nz"

create_ovpnowrtcfgudp () {
# $1 - Name
# $2 - Continent
# $3 - cipher
# $4 - auth
# $5 - Port
# $6 - Country list

# If you want to clear existing /etc/config/openvpn, uncomment next line
#echo > /etc/config/openvpn # clear the openvpn uci config

name="$1"
continent="$2"
cipher="$3"
auth="$4"
port="$5"
countries="$6"

ciphertxt=$(echo $cipher|sed 's/-//g')

uciname=$name"_"$continent"_"$ciphertxt"_"$auth"_"$port
uci set openvpn.$uciname=openvpn
uci set openvpn.$uciname.enabled='0'
uci set openvpn.$uciname.client='1'
uci set openvpn.$uciname.dev='tun'
uci set openvpn.$uciname.proto='udp'
uci set openvpn.$uciname.resolv_retry='infinite'
uci set openvpn.$uciname.nobind='1'
uci set openvpn.$uciname.ca='/etc/openvpn/torguard/ca.crt'
uci set openvpn.$uciname.ns_cert_type='server'
#uci set openvpn.$uciname.tls_auth='/etc/openvpn/torguard/ta.key 1'
uci set openvpn.$uciname.cipher=$cipher #'AES-256-CBC'
uci set openvpn.$uciname.comp_lzo='yes'
uci set openvpn.$uciname.verb='3'
uci set openvpn.$uciname.fast_io='1'
uci set openvpn.$uciname.auth_user_pass='/etc/openvpn/torguard/userpass.txt'
uci set openvpn.$uciname.remote_random='0'
uci set openvpn.$uciname.auth=$auth #'SHA1'
uci set openvpn.$uciname.reneg_sec='0'
uci set openvpn.$uciname.sndbuf='393216'
uci set openvpn.$uciname.rcvbuf='393216'
uci set openvpn.$uciname.tun_mtu='1400'
uci set openvpn.$uciname.txqueuelen='10000'
uci set openvpn.$uciname.mlock='1'
uci set openvpn.$uciname.suppress_timestamps='1'
uci set openvpn.$uciname.persist_key='1'
uci set openvpn.$uciname.persist_tun='1'
uci set openvpn.$uciname.log='/var/log/openvpn.log'
uci set openvpn.$uciname.rport=$port #'1215'
for p in $countries; do
	uci add_list openvpn.$uciname.remote=$p'.torguardvpnaccess.com'
done
uci commit openvpn
}

create_ovpnowrtcfgudp "TorGuard" "EU" "AES-256-CBC" "SHA1" "995" "$serverlisteu"
create_ovpnowrtcfgudp "TorGuard" "ASIA" "AES-256-CBC" "SHA1" "995" "$serverlistasia"
create_ovpnowrtcfgudp "TorGuard" "NAMERICA" "AES-256-CBC" "SHA1" "995" "$serverlistnamerica"
create_ovpnowrtcfgudp "TorGuard" "SAMERICA" "AES-256-CBC" "SHA1" "995" "$serverlistsamerica"
create_ovpnowrtcfgudp "TorGuard" "AFRICA" "AES-256-CBC" "SHA1" "995" "$serverlistafrica"
create_ovpnowrtcfgudp "TorGuard" "AUSTRALIA" "AES-256-CBC" "SHA1" "995" "$serverlistaustralia" 

 


Encryption: AES-128-CBC SHA512, port 1215

 

serverlisteu="aus bg bul czech den fin fr frank.gr gr gre hg ice ire iom it lv lux md nl no pl por ro sp swe swiss ukr lon.uk uk"
serverlistasia="hk in ind isr jp my mo.ru ru saudi singp sk thai turk vn"
serverlistnamerica="ca vanc.ca.west cr mx pa atl.east.usa chi.central.usa dal.central.usa la.west.usa lv.west.usa fl.east.usa nj.east.usa ny.east.usa sa.west.usa"
serverlistsamerica="br chil"
serverlistafrica="egy za tun"
serverlistaustralia="au melb.au nz"

create_ovpnowrtcfgudp () {
# $1 - Name
# $2 - Continent
# $3 - cipher
# $4 - auth
# $5 - Port
# $6 - Country list

# If you want to clear existing /etc/config/openvpn, uncomment next line
#echo > /etc/config/openvpn # clear the openvpn uci config

name="$1"
continent="$2"
cipher="$3"
auth="$4"
port="$5"
countries="$6"

ciphertxt=$(echo $cipher|sed 's/-//g')

uciname=$name"_"$continent"_"$ciphertxt"_"$auth"_"$port
uci set openvpn.$uciname=openvpn
uci set openvpn.$uciname.enabled='0'
uci set openvpn.$uciname.client='1'
uci set openvpn.$uciname.dev='tun'
uci set openvpn.$uciname.proto='udp'
uci set openvpn.$uciname.resolv_retry='infinite'
uci set openvpn.$uciname.nobind='1'
uci set openvpn.$uciname.ca='/etc/openvpn/torguard/ca.crt'
uci set openvpn.$uciname.ns_cert_type='server'
uci set openvpn.$uciname.tls_auth='/etc/openvpn/torguard/ta.key 1'
uci set openvpn.$uciname.cipher=$cipher #'AES-256-CBC'
uci set openvpn.$uciname.comp_lzo='yes'
uci set openvpn.$uciname.verb='3'
uci set openvpn.$uciname.fast_io='1'
uci set openvpn.$uciname.auth_user_pass='/etc/openvpn/torguard/userpass.txt'
uci set openvpn.$uciname.remote_random='0'
uci set openvpn.$uciname.auth=$auth #'SHA512'
uci set openvpn.$uciname.reneg_sec='0'
uci set openvpn.$uciname.sndbuf='393216'
uci set openvpn.$uciname.rcvbuf='393216'
uci set openvpn.$uciname.tun_mtu='1400'
uci set openvpn.$uciname.txqueuelen='10000'
uci set openvpn.$uciname.mlock='1'
uci set openvpn.$uciname.suppress_timestamps='1'
uci set openvpn.$uciname.persist_key='1'
uci set openvpn.$uciname.persist_tun='1'
uci set openvpn.$uciname.log='/var/log/openvpn.log'
uci set openvpn.$uciname.rport=$port #'1215'
for p in $countries; do
	uci add_list openvpn.$uciname.remote=$p'.torguardvpnaccess.com'
done
uci commit openvpn
}

create_ovpnowrtcfgudp "TorGuard" "EU" "AES-128-CBC" "SHA512" "1215" "$serverlisteu"
create_ovpnowrtcfgudp "TorGuard" "ASIA" "AES-128-CBC" "SHA512" "1215" "$serverlistasia"
create_ovpnowrtcfgudp "TorGuard" "NAMERICA" "AES-128-CBC" "SHA512" "1215" "$serverlistnamerica"
create_ovpnowrtcfgudp "TorGuard" "SAMERICA" "AES-128-CBC" "SHA512" "1215" "$serverlistsamerica"
create_ovpnowrtcfgudp "TorGuard" "AFRICA" "AES-128-CBC" "SHA512" "1215" "$serverlistafrica"
create_ovpnowrtcfgudp "TorGuard" "AUSTRALIA" "AES-128-CBC" "SHA512" "1215" "$serverlistaustralia" 

 


Encryption: AES-128-CBC SHA256, port 1912

 

serverlisteu="aus bg bul czech den fin fr frank.gr gr gre hg ice ire iom it lv lux md nl no pl por ro sp swe swiss ukr lon.uk uk"
serverlistasia="hk in ind isr jp my mo.ru ru saudi singp sk thai turk vn"
serverlistnamerica="ca vanc.ca.west cr mx pa atl.east.usa chi.central.usa dal.central.usa la.west.usa lv.west.usa fl.east.usa nj.east.usa ny.east.usa sa.west.usa"
serverlistsamerica="br chil"
serverlistafrica="egy za tun"
serverlistaustralia="au melb.au nz"

create_ovpnowrtcfgudp () {
# $1 - Name
# $2 - Continent
# $3 - cipher
# $4 - auth
# $5 - Port
# $6 - Country list

# If you want to clear existing /etc/config/openvpn, uncomment next line
#echo > /etc/config/openvpn # clear the openvpn uci config

name="$1"
continent="$2"
cipher="$3"
auth="$4"
port="$5"
countries="$6"

ciphertxt=$(echo $cipher|sed 's/-//g')

uciname=$name"_"$continent"_"$ciphertxt"_"$auth"_"$port
uci set openvpn.$uciname=openvpn
uci set openvpn.$uciname.enabled='0'
uci set openvpn.$uciname.client='1'
uci set openvpn.$uciname.dev='tun'
uci set openvpn.$uciname.proto='udp'
uci set openvpn.$uciname.resolv_retry='infinite'
uci set openvpn.$uciname.nobind='1'
uci set openvpn.$uciname.ca='/etc/openvpn/torguard/ca.crt'
uci set openvpn.$uciname.ns_cert_type='server'
uci set openvpn.$uciname.tls_auth='/etc/openvpn/torguard/ta.key 1'
uci set openvpn.$uciname.cipher=$cipher #'AES-256-CBC'
uci set openvpn.$uciname.comp_lzo='yes'
uci set openvpn.$uciname.verb='3'
uci set openvpn.$uciname.fast_io='1'
uci set openvpn.$uciname.auth_user_pass='/etc/openvpn/torguard/userpass.txt'
uci set openvpn.$uciname.remote_random='0'
uci set openvpn.$uciname.auth=$auth #'SHA512'
uci set openvpn.$uciname.reneg_sec='0'
uci set openvpn.$uciname.sndbuf='393216'
uci set openvpn.$uciname.rcvbuf='393216'
uci set openvpn.$uciname.tun_mtu='1400'
uci set openvpn.$uciname.txqueuelen='10000'
uci set openvpn.$uciname.mlock='1'
uci set openvpn.$uciname.suppress_timestamps='1'
uci set openvpn.$uciname.persist_key='1'
uci set openvpn.$uciname.persist_tun='1'
uci set openvpn.$uciname.log='/var/log/openvpn.log'
uci set openvpn.$uciname.rport=$port #'1215'
for p in $countries; do
	uci add_list openvpn.$uciname.remote=$p'.torguardvpnaccess.com'
done
uci commit openvpn
}

create_ovpnowrtcfgudp "TorGuard" "EU" "AES-128-CBC" "SHA256" "1912" "$serverlisteu"
create_ovpnowrtcfgudp "TorGuard" "ASIA" "AES-128-CBC" "SHA256" "1912" "$serverlistasia"
create_ovpnowrtcfgudp "TorGuard" "NAMERICA" "AES-128-CBC" "SHA256" "1912" "$serverlistnamerica"
create_ovpnowrtcfgudp "TorGuard" "SAMERICA" "AES-128-CBC" "SHA256" "1912" "$serverlistsamerica"
create_ovpnowrtcfgudp "TorGuard" "AFRICA" "AES-128-CBC" "SHA256" "1912" "$serverlistafrica"
create_ovpnowrtcfgudp "TorGuard" "AUSTRALIA" "AES-128-CBC" "SHA256" "1912" "$serverlistaustralia" 

 


Encryption: AES-128-CBC SHA1, port 80, no TLS

 

serverlisteu="aus bg bul czech den fin fr frank.gr gr gre hg ice ire iom it lv lux md nl no pl por ro sp swe swiss ukr lon.uk uk"
serverlistasia="hk in ind isr jp my mo.ru ru saudi singp sk thai turk vn"
serverlistnamerica="ca vanc.ca.west cr mx pa atl.east.usa chi.central.usa dal.central.usa la.west.usa lv.west.usa fl.east.usa nj.east.usa ny.east.usa sa.west.usa"
serverlistsamerica="br chil"
serverlistafrica="egy za tun"
serverlistaustralia="au melb.au nz"

create_ovpnowrtcfgudp () {
# $1 - Name
# $2 - Continent
# $3 - cipher
# $4 - auth
# $5 - Port
# $6 - Country list

# If you want to clear existing /etc/config/openvpn, uncomment next line
#echo > /etc/config/openvpn # clear the openvpn uci config

name="$1"
continent="$2"
cipher="$3"
auth="$4"
port="$5"
countries="$6"

ciphertxt=$(echo $cipher|sed 's/-//g')

uciname=$name"_"$continent"_"$ciphertxt"_"$auth"_"$port
uci set openvpn.$uciname=openvpn
uci set openvpn.$uciname.enabled='0'
uci set openvpn.$uciname.client='1'
uci set openvpn.$uciname.dev='tun'
uci set openvpn.$uciname.proto='udp'
uci set openvpn.$uciname.resolv_retry='infinite'
uci set openvpn.$uciname.nobind='1'
uci set openvpn.$uciname.ca='/etc/openvpn/torguard/ca.crt'
uci set openvpn.$uciname.ns_cert_type='server'
#uci set openvpn.$uciname.tls_auth='/etc/openvpn/torguard/ta.key 1'
uci set openvpn.$uciname.cipher=$cipher #'AES-256-CBC'
uci set openvpn.$uciname.comp_lzo='yes'
uci set openvpn.$uciname.verb='3'
uci set openvpn.$uciname.fast_io='1'
uci set openvpn.$uciname.auth_user_pass='/etc/openvpn/torguard/userpass.txt'
uci set openvpn.$uciname.remote_random='0'
uci set openvpn.$uciname.auth=$auth #'SHA512'
uci set openvpn.$uciname.reneg_sec='0'
uci set openvpn.$uciname.sndbuf='393216'
uci set openvpn.$uciname.rcvbuf='393216'
uci set openvpn.$uciname.tun_mtu='1400'
uci set openvpn.$uciname.txqueuelen='10000'
uci set openvpn.$uciname.mlock='1'
uci set openvpn.$uciname.suppress_timestamps='1'
uci set openvpn.$uciname.persist_key='1'
uci set openvpn.$uciname.persist_tun='1'
uci set openvpn.$uciname.log='/var/log/openvpn.log'
uci set openvpn.$uciname.rport=$port #'1215'
for p in $countries; do
	uci add_list openvpn.$uciname.remote=$p'.torguardvpnaccess.com'
done
uci commit openvpn
}

create_ovpnowrtcfgudp "TorGuard" "EU" "AES-128-CBC" "SHA1" "80" "$serverlisteu"
create_ovpnowrtcfgudp "TorGuard" "ASIA" "AES-128-CBC" "SHA1" "80" "$serverlistasia"
create_ovpnowrtcfgudp "TorGuard" "NAMERICA" "AES-128-CBC" "SHA1" "80" "$serverlistnamerica"
create_ovpnowrtcfgudp "TorGuard" "SAMERICA" "AES-128-CBC" "SHA1" "80" "$serverlistsamerica"
create_ovpnowrtcfgudp "TorGuard" "AFRICA" "AES-128-CBC" "SHA1" "80" "$serverlistafrica"
create_ovpnowrtcfgudp "TorGuard" "AUSTRALIA" "AES-128-CBC" "SHA1" "80" "$serverlistaustralia" 

 


Encryption: BF-CBC SHA1, port 443, no TLS

 

serverlisteu="aus bg bul czech den fin fr frank.gr gr gre hg ice ire iom it lv lux md nl no pl por ro sp swe swiss ukr lon.uk uk"
serverlistasia="hk in ind isr jp my mo.ru ru saudi singp sk thai turk vn"
serverlistnamerica="ca vanc.ca.west cr mx pa atl.east.usa chi.central.usa dal.central.usa la.west.usa lv.west.usa fl.east.usa nj.east.usa ny.east.usa sa.west.usa"
serverlistsamerica="br chil"
serverlistafrica="egy za tun"
serverlistaustralia="au melb.au nz"

create_ovpnowrtcfgudp () {
# $1 - Name
# $2 - Continent
# $3 - cipher
# $4 - auth
# $5 - Port
# $6 - Country list

# If you want to clear existing /etc/config/openvpn, uncomment next line
#echo > /etc/config/openvpn # clear the openvpn uci config

name="$1"
continent="$2"
cipher="$3"
auth="$4"
port="$5"
countries="$6"

ciphertxt=$(echo $cipher|sed 's/-//g')

uciname=$name"_"$continent"_"$ciphertxt"_"$auth"_"$port
uci set openvpn.$uciname=openvpn
uci set openvpn.$uciname.enabled='0'
uci set openvpn.$uciname.client='1'
uci set openvpn.$uciname.dev='tun'
uci set openvpn.$uciname.proto='udp'
uci set openvpn.$uciname.resolv_retry='infinite'
uci set openvpn.$uciname.nobind='1'
uci set openvpn.$uciname.ca='/etc/openvpn/torguard/ca.crt'
uci set openvpn.$uciname.ns_cert_type='server'
#uci set openvpn.$uciname.tls_auth='/etc/openvpn/torguard/ta.key 1'
uci set openvpn.$uciname.cipher=$cipher #'AES-256-CBC'
uci set openvpn.$uciname.comp_lzo='yes'
uci set openvpn.$uciname.verb='3'
uci set openvpn.$uciname.fast_io='1'
uci set openvpn.$uciname.auth_user_pass='/etc/openvpn/torguard/userpass.txt'
uci set openvpn.$uciname.remote_random='0'
uci set openvpn.$uciname.auth=$auth #'SHA512'
uci set openvpn.$uciname.reneg_sec='0'
uci set openvpn.$uciname.sndbuf='393216'
uci set openvpn.$uciname.rcvbuf='393216'
uci set openvpn.$uciname.tun_mtu='1400'
uci set openvpn.$uciname.txqueuelen='10000'
uci set openvpn.$uciname.mlock='1'
uci set openvpn.$uciname.suppress_timestamps='1'
uci set openvpn.$uciname.persist_key='1'
uci set openvpn.$uciname.persist_tun='1'
uci set openvpn.$uciname.log='/var/log/openvpn.log'
uci set openvpn.$uciname.rport=$port #'1215'
for p in $countries; do
	uci add_list openvpn.$uciname.remote=$p'.torguardvpnaccess.com'
done
uci commit openvpn
}

create_ovpnowrtcfgudp "TorGuard" "EU" "BF-CBC" "SHA1" "443" "$serverlisteu"
create_ovpnowrtcfgudp "TorGuard" "ASIA" "BF-CBC" "SHA1" "443" "$serverlistasia"
create_ovpnowrtcfgudp "TorGuard" "NAMERICA" "BF-CBC" "SHA1" "443" "$serverlistnamerica"
create_ovpnowrtcfgudp "TorGuard" "SAMERICA" "BF-CBC" "SHA1" "443" "$serverlistsamerica"
create_ovpnowrtcfgudp "TorGuard" "AFRICA" "BF-CBC" "SHA1" "443" "$serverlistafrica"
create_ovpnowrtcfgudp "TorGuard" "AUSTRALIA" "BF-CBC" "SHA1" "443" "$serverlistaustralia" 

 


Encryption: none, port 1194

 

serverlisteu="aus bg bul czech den fin fr frank.gr gr gre hg ice ire iom it lv lux md nl no pl por ro sp swe swiss ukr lon.uk uk"
serverlistasia="hk in ind isr jp my mo.ru ru saudi singp sk thai turk vn"
serverlistnamerica="ca vanc.ca.west cr mx pa atl.east.usa chi.central.usa dal.central.usa la.west.usa lv.west.usa fl.east.usa nj.east.usa ny.east.usa sa.west.usa"
serverlistsamerica="br chil"
serverlistafrica="egy za tun"
serverlistaustralia="au melb.au nz"

create_ovpnowrtcfgudp () {
# $1 - Name
# $2 - Continent
# $3 - cipher
# $4 - auth
# $5 - Port
# $6 - Country list

# If you want to clear existing /etc/config/openvpn, uncomment next line
#echo > /etc/config/openvpn # clear the openvpn uci config

name="$1"
continent="$2"
cipher="$3"
auth="$4"
port="$5"
countries="$6"

ciphertxt=$(echo $cipher|sed 's/-//g')

uciname=$name"_"$continent"_"$ciphertxt"_"$auth"_"$port
uci set openvpn.$uciname=openvpn
uci set openvpn.$uciname.enabled='0'
uci set openvpn.$uciname.client='1'
uci set openvpn.$uciname.dev='tun'
uci set openvpn.$uciname.proto='udp'
uci set openvpn.$uciname.resolv_retry='infinite'
uci set openvpn.$uciname.nobind='1'
uci set openvpn.$uciname.ca='/etc/openvpn/torguard/ca.crt'
uci set openvpn.$uciname.ns_cert_type='server'
#uci set openvpn.$uciname.tls_auth='/etc/openvpn/torguard/ta.key 1'
uci set openvpn.$uciname.cipher=$cipher #'AES-256-CBC'
uci set openvpn.$uciname.comp_lzo='yes'
uci set openvpn.$uciname.verb='3'
uci set openvpn.$uciname.fast_io='1'
uci set openvpn.$uciname.auth_user_pass='/etc/openvpn/torguard/userpass.txt'
uci set openvpn.$uciname.remote_random='0'
#uci set openvpn.$uciname.auth=$auth #'SHA512'
uci set openvpn.$uciname.reneg_sec='0'
uci set openvpn.$uciname.sndbuf='393216'
uci set openvpn.$uciname.rcvbuf='393216'
uci set openvpn.$uciname.tun_mtu='1400'
uci set openvpn.$uciname.txqueuelen='10000'
uci set openvpn.$uciname.mlock='1'
uci set openvpn.$uciname.suppress_timestamps='1'
uci set openvpn.$uciname.persist_key='1'
uci set openvpn.$uciname.persist_tun='1'
uci set openvpn.$uciname.log='/var/log/openvpn.log'
uci set openvpn.$uciname.rport=$port #'1215'
for p in $countries; do
	uci add_list openvpn.$uciname.remote=$p'.torguardvpnaccess.com'
done
uci commit openvpn
}

create_ovpnowrtcfgudp "TorGuard" "EU" "none" "none" "80" "$serverlisteu"
create_ovpnowrtcfgudp "TorGuard" "ASIA" "none" "none" "80" "$serverlistasia"
create_ovpnowrtcfgudp "TorGuard" "NAMERICA" "none" "none" "80" "$serverlistnamerica"
create_ovpnowrtcfgudp "TorGuard" "SAMERICA" "none" "none" "80" "$serverlistsamerica"
create_ovpnowrtcfgudp "TorGuard" "AFRICA" "none" "none" "80" "$serverlistafrica"
create_ovpnowrtcfgudp "TorGuard" "AUSTRALIA" "none" "none" "80" "$serverlistaustralia" 

 





########        CONFIGS / INFOS / LINKS        ########


OpenVPN Configs - OpenWRT Format
4G/LTE Optimized Configs


TorGuard_EU_AES128CBC_SHA256_TLS_Compression

 

config openvpn 'TorGuard_EU_AES128CBC_SHA256_TLS_Compression'
    option client '1'
    option dev 'tun'
    option proto 'udp'
    option resolv_retry 'infinite'
    option nobind '1'
    option ca '/etc/torguard/ca.crt'
    option ns_cert_type 'server'
    option tls_auth '/etc/torguard/ta.key 1'
    option cipher 'AES-128-CBC'
    option comp_lzo 'yes'
    option verb '3'
    option fast_io '1'
    option auth_user_pass '/etc/torguard/userpass.txt'
    option remote_random '0'
    option auth 'SHA256'
    option reneg_sec '0'
    option sndbuf '393216'
    option rcvbuf '393216'
    option tun_mtu '1400'
    option mssfix '1360'
    option txqueuelen '10000'
    option mlock '1'
    option suppress_timestamps '1'
    option persist_key '1'    
    option persist_tun '1'
    option log '/var/log/openvpn.log'    
    option rport '1912'
    list remote 'aus.torguardvpnaccess.com'
    list remote 'bg.torguardvpnaccess.com'
    list remote 'bul.torguardvpnaccess.com'
    list remote 'czech.torguardvpnaccess.com'
    list remote 'den.torguardvpnaccess.com'
    list remote 'fin.torguardvpnaccess.com'
    list remote 'fr.torguardvpnaccess.com'
    list remote 'frank.gr.torguardvpnaccess.com'
    list remote 'gr.torguardvpnaccess.com'
    list remote 'gre.torguardvpnaccess.com'
    list remote 'hg.torguardvpnaccess.com'
    list remote 'ice.torguardvpnaccess.com'
    list remote 'ire.torguardvpnaccess.com'
    list remote 'iom.torguardvpnaccess.com'
    list remote 'it.torguardvpnaccess.com'
    list remote 'lv.torguardvpnaccess.com'
    list remote 'lux.torguardvpnaccess.com'
    list remote 'md.torguardvpnaccess.com'
    list remote 'nl.torguardvpnaccess.com'
    list remote 'no.torguardvpnaccess.com'
    list remote 'pl.torguardvpnaccess.com'
    list remote 'por.torguardvpnaccess.com'
    list remote 'ro.torguardvpnaccess.com'
    list remote 'sp.torguardvpnaccess.com'
    list remote 'swe.torguardvpnaccess.com'
    list remote 'swiss.torguardvpnaccess.com'
    list remote 'ukr.torguardvpnaccess.com'
    list remote 'lon.uk.torguardvpnaccess.com'
    list remote 'uk.torguardvpnaccess.com'

 


 
TorGuard_All_Countries_AES128CBC_SHA256_TLS_Compression


 

config openvpn 'TorGuard_All_Countries_AES128CBC_SHA256_TLS_Compression'
    option client '1'
    option dev 'tun'
    option proto 'udp'
    option resolv_retry 'infinite'
    option nobind '1'
    option ca '/etc/torguard/ca.crt'
    option ns_cert_type 'server'
    option tls_auth '/etc/torguard/ta.key 1'
    option cipher 'AES-128-CBC'
    option comp_lzo 'yes'
    option verb '3'
    option fast_io '1'
    option auth_user_pass '/etc/torguard/userpass.txt'
    option remote_random '0'
    option auth 'SHA256'
    option reneg_sec '0'
    option sndbuf '393216'
    option rcvbuf '393216'
    option tun_mtu '1400'
    option mssfix '1360'
    option txqueuelen '10000'
    option mlock '1'
    option suppress_timestamps '1'
    option persist_key '1'    
    option persist_tun '1'
    option log '/var/log/openvpn.log'    
    option rport '1912'
    list remote 'aus.torguardvpnaccess.com 1912'
    list remote 'bg.torguardvpnaccess.com 1912'
    list remote 'bul.torguardvpnaccess.com 1912'
    list remote 'czech.torguardvpnaccess.com 1912'
    list remote 'den.torguardvpnaccess.com 1912'
    list remote 'fin.torguardvpnaccess.com 1912'
    list remote 'fr.torguardvpnaccess.com 1912'
    list remote 'frank.gr.torguardvpnaccess.com 1912'
    list remote 'gr.torguardvpnaccess.com 1912'
    list remote 'gre.torguardvpnaccess.com 1912'
    list remote 'hg.torguardvpnaccess.com 1912'
    list remote 'ice.torguardvpnaccess.com 1912'
    list remote 'ire.torguardvpnaccess.com 1912'
    list remote 'iom.torguardvpnaccess.com 1912'
    list remote 'it.torguardvpnaccess.com 1912'
    list remote 'lv.torguardvpnaccess.com 1912'
    list remote 'lux.torguardvpnaccess.com 1912'
    list remote 'md.torguardvpnaccess.com 1912'
    list remote 'nl.torguardvpnaccess.com 1912'
    list remote 'no.torguardvpnaccess.com 1912'
    list remote 'pl.torguardvpnaccess.com 1912'
    list remote 'por.torguardvpnaccess.com 1912'
    list remote 'ro.torguardvpnaccess.com 1912'
    list remote 'sp.torguardvpnaccess.com 1912'
    list remote 'swe.torguardvpnaccess.com 1912'
    list remote 'swiss.torguardvpnaccess.com 1912'
#    list remote 'ukr.torguardvpnaccess.com 1912'
    list remote 'lon.uk.torguardvpnaccess.com 1912'
    list remote 'uk.torguardvpnaccess.com 1912'
    list remote 'hk.torguardvpnaccess.com 1912'
    list remote 'in.torguardvpnaccess.com 1912'
    list remote 'ind.torguardvpnaccess.com 1912'
    list remote 'isr.torguardvpnaccess.com 1912'
    list remote 'jp.torguardvpnaccess.com 1912'
    list remote 'my.torguardvpnaccess.com 1912'
    list remote 'mos.ru.torguardvpnaccess.com 1912'
    list remote 'ru.torguardvpnaccess.com 1912'
    list remote 'saudi.torguardvpnaccess.com 1912'
    list remote 'singp.torguardvpnaccess.com 1912'
    list remote 'sk.torguardvpnaccess.com 1912'
    list remote 'thai.torguardvpnaccess.com 1912'
    list remote 'turk.torguardvpnaccess.com 1912'
    list remote 'vn.torguardvpnaccess.com 1912'
    list remote 'ca.torguardvpnaccess.com 1912'
    list remote 'vanc.ca.west.torguardvpnaccess.com 1912'
    list remote 'cr.torguardvpnaccess.com 1912'
    list remote 'mx.torguardvpnaccess.com 1912'
    list remote 'pa.torguardvpnaccess.com 1912'
    list remote 'atl.east.usa.torguardvpnaccess.com 1912'
    list remote 'chi.central.usa.torguardvpnaccess.com 1912'
    list remote 'dal.central.usa.torguardvpnaccess.com 1912'
    list remote 'la.west.usa.torguardvpnaccess.com 1912'
    list remote 'lv.west.usa.torguardvpnaccess.com 1912'
    list remote 'sa.west.usa.torguardvpnaccess.com 1912'
    list remote 'fl.east.usa.torguardvpnaccess.com 1912'
    list remote 'nj.east.usa.torguardvpnaccess.com 1912'
    list remote 'ny.east.usa.torguardvpnaccess.com 1912'
    list remote 'br.torguardvpnaccess.com 1912'
    list remote 'chil.torguardvpnaccess.com 1912'
    list remote 'egy.torguardvpnaccess.com 1912'
    list remote 'za.torguardvpnaccess.com 1912'
    list remote 'tun.torguardvpnaccess.com 1912'
    list remote 'au.torguardvpnaccess.com 1912'
    list remote 'melb.au.torguardvpnaccess.com 1912'
    list remote 'nz.torguardvpnaccess.com 1912'

 


 
TorGuard_ASIA_AES128CBC_SHA256_TLS_Compression


 

config openvpn 'TorGuard_ASIA_AES128CBC_SHA256_TLS_Compression'
    option client '1'
    option dev 'tun'
    option proto 'udp'
    option resolv_retry 'infinite'
    option nobind '1'
    option ca '/etc/torguard/ca.crt'
    option ns_cert_type 'server'
    option tls_auth '/etc/torguard/ta.key 1'
    option cipher 'AES-128-CBC'
    option comp_lzo 'yes'
    option verb '3'
    option fast_io '1'
    option auth_user_pass '/etc/torguard/userpass.txt'
    option remote_random '0'
    option auth 'SHA256'
    option reneg_sec '0'
    option sndbuf '393216'
    option rcvbuf '393216'
    option tun_mtu '1400'
    option mssfix '1360'
    option txqueuelen '10000'
    option mlock '1'
    option suppress_timestamps '1'
    option persist_key '1'    
    option persist_tun '1'
    option log '/var/log/openvpn.log'    
    option rport '1912'
    list remote 'hk.torguardvpnaccess.com 1912'
    list remote 'in.torguardvpnaccess.com 1912'
    list remote 'ind.torguardvpnaccess.com 1912'
    list remote 'isr.torguardvpnaccess.com 1912'
    list remote 'jp.torguardvpnaccess.com 1912'
    list remote 'my.torguardvpnaccess.com 1912'
    list remote 'mos.ru.torguardvpnaccess.com 1912'
    list remote 'ru.torguardvpnaccess.com 1912'
    list remote 'saudi.torguardvpnaccess.com 1912'
    list remote 'singp.torguardvpnaccess.com 1912'
    list remote 'sk.torguardvpnaccess.com 1912'
    list remote 'thai.torguardvpnaccess.com 1912'
    list remote 'turk.torguardvpnaccess.com 1912'
    list remote 'vn.torguardvpnaccess.com 1912'

 


 
TorGuard_NAMERICA_AES128CBC_SHA256_TLS_Compression


 

config openvpn 'TorGuard_NAMERICA_AES128CBC_SHA256_TLS_Compression'
    option client '1'
    option dev 'tun'
    option proto 'udp'
    option resolv_retry 'infinite'
    option nobind '1'
    option ca '/etc/torguard/ca.crt'
    option ns_cert_type 'server'
    option tls_auth '/etc/torguard/ta.key 1'
    option cipher 'AES-128-CBC'
    option comp_lzo 'yes'
    option verb '3'
    option fast_io '1'
    option auth_user_pass '/etc/torguard/userpass.txt'
    option remote_random '0'
    option auth 'SHA256'
    option reneg_sec '0'
    option sndbuf '393216'
    option rcvbuf '393216'
    option tun_mtu '1400'
    option mssfix '1360'
    option txqueuelen '10000'
    option mlock '1'
    option suppress_timestamps '1'
    option persist_key '1'    
    option persist_tun '1'
    option log '/var/log/openvpn.log'    
    option rport '1912'
    list remote 'ca.torguardvpnaccess.com 1912'
    list remote 'vanc.ca.west.torguardvpnaccess.com 1912'
    list remote 'cr.torguardvpnaccess.com 1912'
    list remote 'mx.torguardvpnaccess.com 1912'
    list remote 'pa.torguardvpnaccess.com 1912'
    list remote 'atl.east.usa.torguardvpnaccess.com 1912'
    list remote 'chi.central.usa.torguardvpnaccess.com 1912'
    list remote 'dal.central.usa.torguardvpnaccess.com 1912'
    list remote 'la.west.usa.torguardvpnaccess.com 1912'
    list remote 'lv.west.usa.torguardvpnaccess.com 1912'
    list remote 'sa.west.usa.torguardvpnaccess.com 1912'
    list remote 'fl.east.usa.torguardvpnaccess.com 1912'
    list remote 'nj.east.usa.torguardvpnaccess.com 1912'
    list remote 'ny.east.usa.torguardvpnaccess.com 1912'

 


 
TorGuard_NAMERICA_NORTH_AES128CBC_SHA256_TLS_Compression


 

config openvpn 'TorGuard_NAMERICA_NORTH_AES128CBC_SHA256_TLS_Compression'
    option client '1'
    option dev 'tun'
    option proto 'udp'
    option resolv_retry 'infinite'
    option nobind '1'
    option ca '/etc/torguard/ca.crt'
    option ns_cert_type 'server'
    option tls_auth '/etc/torguard/ta.key 1'
    option cipher 'AES-128-CBC'
    option comp_lzo 'yes'
    option verb '3'
    option fast_io '1'
    option auth_user_pass '/etc/torguard/userpass.txt'
    option remote_random '0'
    option auth 'SHA256'
    option reneg_sec '0'
    option sndbuf '393216'
    option rcvbuf '393216'
    option tun_mtu '1400'
    option mssfix '1360'
    option txqueuelen '10000'
    option mlock '1'
    option suppress_timestamps '1'
    option persist_key '1'    
    option persist_tun '1'
    option log '/var/log/openvpn.log'    
    option rport '1912'
    list remote 'ca.torguardvpnaccess.com 1912'
    list remote 'vanc.ca.west.torguardvpnaccess.com 1912'
    list remote 'cr.torguardvpnaccess.com 1912' 

 


 
TorGuard_NAMERICA_SOUTH_AES128CBC_SHA256_TLS_Compression


 

config openvpn 'TorGuard_NAMERICA_SOUTH_AES128CBC_SHA256_TLS_Compression'
    option client '1'
    option dev 'tun'
    option proto 'udp'
    option resolv_retry 'infinite'
    option nobind '1'
    option ca '/etc/torguard/ca.crt'
    option ns_cert_type 'server'
    option tls_auth '/etc/torguard/ta.key 1'
    option cipher 'AES-128-CBC'
    option comp_lzo 'yes'
    option verb '3'
    option fast_io '1'
    option auth_user_pass '/etc/torguard/userpass.txt'
    option remote_random '0'
    option auth 'SHA256'
    option reneg_sec '0'
    option sndbuf '393216'
    option rcvbuf '393216'
    option tun_mtu '1400'
    option mssfix '1360'
    option txqueuelen '10000'
    option mlock '1'
    option suppress_timestamps '1'
    option persist_key '1'    
    option persist_tun '1'
    option log '/var/log/openvpn.log'    
    option rport '1912'
    list remote 'mx.torguardvpnaccess.com 1912'
    list remote 'pa.torguardvpnaccess.com 1912'

 


 
TorGuard_NAMERICA_CENTRAL_AES128CBC_SHA256_TLS_Compression


 

config openvpn 'TorGuard_NAMERICA_CENTRAL_AES128CBC_SHA256_TLS_Compression'
    option client '1'
    option dev 'tun'
    option proto 'udp'
    option resolv_retry 'infinite'
    option nobind '1'
    option ca '/etc/torguard/ca.crt'
    option ns_cert_type 'server'
    option tls_auth '/etc/torguard/ta.key 1'
    option cipher 'AES-128-CBC'
    option comp_lzo 'yes'
    option verb '3'
    option fast_io '1'
    option auth_user_pass '/etc/torguard/userpass.txt'
    option remote_random '0'
    option auth 'SHA256'
    option reneg_sec '0'
    option sndbuf '393216'
    option rcvbuf '393216'
    option tun_mtu '1400'
    option mssfix '1360'
    option txqueuelen '10000'
    option mlock '1'
    option suppress_timestamps '1'
    option persist_key '1'    
    option persist_tun '1'
    option log '/var/log/openvpn.log'    
    option rport '1912'
    list remote 'chi.central.usa.torguardvpnaccess.com 1912'
    list remote 'dal.central.usa.torguardvpnaccess.com 1912'

 


 
TorGuard_NAMERICA_EAST_AES128CBC_SHA256_TLS_Compression


 

config openvpn 'TorGuard_NAMERICA_CENTRAL_AES128CBC_SHA256_TLS_Compression'
    option client '1'
    option dev 'tun'
    option proto 'udp'
    option resolv_retry 'infinite'
    option nobind '1'
    option ca '/etc/torguard/ca.crt'
    option ns_cert_type 'server'
    option tls_auth '/etc/torguard/ta.key 1'
    option cipher 'AES-128-CBC'
    option comp_lzo 'yes'
    option verb '3'
    option fast_io '1'
    option auth_user_pass '/etc/torguard/userpass.txt'
    option remote_random '0'
    option auth 'SHA256'
    option reneg_sec '0'
    option sndbuf '393216'
    option rcvbuf '393216'
    option tun_mtu '1400'
    option mssfix '1360'
    option txqueuelen '10000'
    option mlock '1'
    option suppress_timestamps '1'
    option persist_key '1'    
    option persist_tun '1'
    option log '/var/log/openvpn.log'    
    option rport '1912'
    list remote 'atl.east.usa.torguardvpnaccess.com 1912'
    list remote 'fl.east.usa.torguardvpnaccess.com 1912'
    list remote 'nj.east.usa.torguardvpnaccess.com 1912'
    list remote 'ny.east.usa.torguardvpnaccess.com 1912' 

 


 
TorGuard_NAMERICA_WEST_AES128CBC_SHA256_TLS_Compression


 

config openvpn 'TorGuard_NAMERICA_WEST_AES128CBC_SHA256_TLS_Compression'
    option client '1'
    option dev 'tun'
    option proto 'udp'
    option resolv_retry 'infinite'
    option nobind '1'
    option ca '/etc/torguard/ca.crt'
    option ns_cert_type 'server'
    option tls_auth '/etc/torguard/ta.key 1'
    option cipher 'AES-128-CBC'
    option comp_lzo 'yes'
    option verb '3'
    option fast_io '1'
    option auth_user_pass '/etc/torguard/userpass.txt'
    option remote_random '0'
    option auth 'SHA256'
    option reneg_sec '0'
    option sndbuf '393216'
    option rcvbuf '393216'
    option tun_mtu '1400'
    option mssfix '1360'
    option txqueuelen '10000'
    option mlock '1'
    option suppress_timestamps '1'
    option persist_key '1'
    option persist_tun '1'
    option log '/var/log/openvpn.log'
    option rport '1912'
    list remote 'la.west.usa.torguardvpnaccess.com'
    list remote 'lv.west.usa.torguardvpnaccess.com'
    list remote 'sa.west.usa.torguardvpnaccess.com' 

 


 
TorGuard_SAMERICA_AES128CBC_SHA256_TLS_Compression


 

config openvpn 'TorGuard_SAMERICA_AES128CBC_SHA256_TLS_Compression'
    option client '1'
    option dev 'tun'
    option proto 'udp'
    option resolv_retry 'infinite'
    option nobind '1'
    option ca '/etc/torguard/ca.crt'
    option ns_cert_type 'server'
    option tls_auth '/etc/torguard/ta.key 1'
    option cipher 'AES-128-CBC'
    option comp_lzo 'yes'
    option verb '3'
    option fast_io '1'
    option auth_user_pass '/etc/torguard/userpass.txt'
    option remote_random '0'
    option auth 'SHA256'
    option reneg_sec '0'
    option sndbuf '393216'
    option rcvbuf '393216'
    option tun_mtu '1400'
    option mssfix '1360'
    option txqueuelen '10000'
    option mlock '1'
    option suppress_timestamps '1'
    option persist_key '1'
    option persist_tun '1'
    option log '/var/log/openvpn.log'
    option rport '1912'
    list remote 'br.torguardvpnaccess.com'
    list remote 'chil.torguardvpnaccess.com' 

 


 
TorGuard_AFRICA_AES128CBC_SHA256_TLS_Compression


 

config openvpn 'TorGuard_AFRICA_AES128CBC_SHA256_TLS_Compression'
    option client '1'
    option dev 'tun'
    option proto 'udp'
    option resolv_retry 'infinite'
    option nobind '1'
    option ca '/etc/torguard/ca.crt'
    option ns_cert_type 'server'
    option tls_auth '/etc/torguard/ta.key 1'
    option cipher 'AES-128-CBC'
    option comp_lzo 'yes'
    option verb '3'
    option fast_io '1'
    option auth_user_pass '/etc/torguard/userpass.txt'
    option remote_random '0'
    option auth 'SHA256'
    option reneg_sec '0'
    option sndbuf '393216'
    option rcvbuf '393216'
    option tun_mtu '1400'
    option mssfix '1360'
    option txqueuelen '10000'
    option mlock '1'
    option suppress_timestamps '1'
    option persist_key '1'
    option persist_tun '1'
    option log '/var/log/openvpn.log'
    option rport '1912'
    list remote 'egy.torguardvpnaccess.com'
    list remote 'za.torguardvpnaccess.com'
    list remote 'tun.torguardvpnaccess.com' 

 


 
TorGuard_AUSTRALIA_AES128CBC_SHA256_TLS_Compression


 

config openvpn 'TorGuard_AUSTRALIA_AES128CBC_SHA256_TLS_Compression'
    option client '1'
    option dev 'tun'
    option proto 'udp'
    option resolv_retry 'infinite'
    option nobind '1'
    option ca '/etc/torguard/ca.crt'
    option ns_cert_type 'server'
    option tls_auth '/etc/torguard/ta.key 1'
    option cipher 'AES-128-CBC'
    option comp_lzo 'yes'
    option verb '3'
    option fast_io '1'
    option auth_user_pass '/etc/torguard/userpass.txt'
    option remote_random '0'
    option auth 'SHA256'
    option reneg_sec '0'
    option sndbuf '393216'
    option rcvbuf '393216'
    option tun_mtu '1400'
    option mssfix '1360'
    option txqueuelen '10000'
    option mlock '1'
    option suppress_timestamps '1'
    option persist_key '1'
    option persist_tun '1'
    option log '/var/log/openvpn.log'
    option rport '1912'
    list remote 'au.torguardvpnaccess.com'
    list remote 'melb.au.torguardvpnaccess.com'
    list remote 'nz.torguardvpnaccess.com' 

 




OpenWRT's OpenVPN Version Info


Be aware that that whether a cipher suite in this list can actually work depends on the specific setup of both peers. See the man page entries of --tls-cipher and --show-tls for more details.

SSL Info show available options:

 

# Show all cipher algorithms to use with the --cipher option.
openvpn --show-ciphers

# Show all message digest algorithms to use with the --auth option.
openvpn --show-digests

#Show all TLS ciphers supported by the crypto library. OpenVPN uses TLS to secure the control channel, over which the keys that are used to protect the actual VPN traffic are exchanged. The TLS ciphers will be sorted from highest preference (most secure) to lowest.
# Be aware that whether a cipher suite in this list can actually work depends on the specific setup of both peers (e.g. both peers must support the cipher, and an ECDSA cipher suite will not work if you are using an RSA certificate, etc.).
openvpn --show-tls

# (Standalone) Show currently available hardware-based crypto acceleration engines supported by the OpenSSL library.
openvpn --show-engines

 

 


Version: 2.3.11 (current trunk version)


Full info:

 

OpenVPN 2.3.11 mips-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6]
library versions: OpenSSL 1.0.2j  26 Sep 2016, LZO 2.09

Supported Ciphers:

 

DES-CFB 64 bit default key (fixed) (TLS client/server mode)
DES-CBC 64 bit default key (fixed)
RC2-CBC 128 bit default key (variable)
RC2-CFB 128 bit default key (variable) (TLS client/server mode)
RC2-OFB 128 bit default key (variable) (TLS client/server mode)
DES-EDE-CBC 128 bit default key (fixed)
DES-EDE3-CBC 192 bit default key (fixed)
DES-OFB 64 bit default key (fixed) (TLS client/server mode)
DES-EDE-CFB 128 bit default key (fixed) (TLS client/server mode)
DES-EDE3-CFB 192 bit default key (fixed) (TLS client/server mode)
DES-EDE-OFB 128 bit default key (fixed) (TLS client/server mode)
DES-EDE3-OFB 192 bit default key (fixed) (TLS client/server mode)
DESX-CBC 192 bit default key (fixed)
BF-CBC 128 bit default key (variable)
BF-CFB 128 bit default key (variable) (TLS client/server mode)
BF-OFB 128 bit default key (variable) (TLS client/server mode)
RC2-40-CBC 40 bit default key (variable)
CAST5-CBC 128 bit default key (variable)
CAST5-CFB 128 bit default key (variable) (TLS client/server mode)
CAST5-OFB 128 bit default key (variable) (TLS client/server mode)
RC2-64-CBC 64 bit default key (variable)
AES-128-CBC 128 bit default key (fixed)
AES-128-OFB 128 bit default key (fixed) (TLS client/server mode)
AES-128-CFB 128 bit default key (fixed) (TLS client/server mode)
AES-192-CBC 192 bit default key (fixed)
AES-192-OFB 192 bit default key (fixed) (TLS client/server mode)
AES-192-CFB 192 bit default key (fixed) (TLS client/server mode)
AES-256-CBC 256 bit default key (fixed)
AES-256-OFB 256 bit default key (fixed) (TLS client/server mode)
AES-256-CFB 256 bit default key (fixed) (TLS client/server mode)
AES-128-CFB1 128 bit default key (fixed) (TLS client/server mode)
AES-192-CFB1 192 bit default key (fixed) (TLS client/server mode)
AES-256-CFB1 256 bit default key (fixed) (TLS client/server mode)
AES-128-CFB8 128 bit default key (fixed) (TLS client/server mode)
AES-192-CFB8 192 bit default key (fixed) (TLS client/server mode)
AES-256-CFB8 256 bit default key (fixed) (TLS client/server mode)
DES-CFB1 64 bit default key (fixed) (TLS client/server mode)
DES-CFB8 64 bit default key (fixed) (TLS client/server mode)
DES-EDE3-CFB1 192 bit default key (fixed) (TLS client/server mode)
DES-EDE3-CFB8 192 bit default key (fixed) (TLS client/server mode)
SEED-CBC 128 bit default key (fixed)
SEED-OFB 128 bit default key (fixed) (TLS client/server mode)
SEED-CFB 128 bit default key (fixed) (TLS client/server mode)

 


Supported TLS ciphers:


 

TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384
TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA
DH-DSS-AES256-GCM-SHA384 (No IANA name known to OpenVPN, use OpenSSL name.)
TLS-DHE-DSS-WITH-AES-256-GCM-SHA384
DH-RSA-AES256-GCM-SHA384 (No IANA name known to OpenVPN, use OpenSSL name.)
TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
TLS-DHE-DSS-WITH-AES-256-CBC-SHA256
DH-RSA-AES256-SHA256 (No IANA name known to OpenVPN, use OpenSSL name.)
DH-DSS-AES256-SHA256 (No IANA name known to OpenVPN, use OpenSSL name.)
TLS-DHE-RSA-WITH-AES-256-CBC-SHA
TLS-DHE-DSS-WITH-AES-256-CBC-SHA
DH-RSA-AES256-SHA (No IANA name known to OpenVPN, use OpenSSL name.)
DH-DSS-AES256-SHA (No IANA name known to OpenVPN, use OpenSSL name.)
TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384
TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384
TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384
TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384
TLS-ECDH-RSA-WITH-AES-256-CBC-SHA
TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA
TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256
TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256
TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA
DH-DSS-AES128-GCM-SHA256 (No IANA name known to OpenVPN, use OpenSSL name.)
TLS-DHE-DSS-WITH-AES-128-GCM-SHA256
DH-RSA-AES128-GCM-SHA256 (No IANA name known to OpenVPN, use OpenSSL name.)
TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
TLS-DHE-DSS-WITH-AES-128-CBC-SHA256
DH-RSA-AES128-SHA256 (No IANA name known to OpenVPN, use OpenSSL name.)
DH-DSS-AES128-SHA256 (No IANA name known to OpenVPN, use OpenSSL name.)
TLS-DHE-RSA-WITH-AES-128-CBC-SHA
TLS-DHE-DSS-WITH-AES-128-CBC-SHA
DH-RSA-AES128-SHA (No IANA name known to OpenVPN, use OpenSSL name.)
DH-DSS-AES128-SHA (No IANA name known to OpenVPN, use OpenSSL name.)
TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256
TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256
TLS-ECDH-RSA-WITH-AES-128-CBC-SHA256
TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256
TLS-ECDH-RSA-WITH-AES-128-CBC-SHA
TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA

 


 
Supported Digest:

 

MD5 128 bit digest size
RSA-MD5 128 bit digest size
SHA1 160 bit digest size
RSA-SHA1 160 bit digest size
DSA-SHA1-old 160 bit digest size
DSA-SHA1 160 bit digest size
RSA-SHA1-2 160 bit digest size
DSA 160 bit digest size
RIPEMD160 160 bit digest size
RSA-RIPEMD160 160 bit digest size
MD4 128 bit digest size
RSA-MD4 128 bit digest size
ecdsa-with-SHA1 160 bit digest size
RSA-SHA256 256 bit digest size
RSA-SHA384 384 bit digest size
RSA-SHA512 512 bit digest size
RSA-SHA224 224 bit digest size
SHA256 256 bit digest size
SHA384 384 bit digest size
SHA512 512 bit digest size
SHA224 224 bit digest size
whirlpool 512 bit digest size

 


 
Supported Engines:

 

OpenSSL Crypto Engines
Dynamic engine loading support [dynamic]

 

 


 
Router Extras (Multi WAN, Multi LAN, Multi VPN use cases, ...)


How to configure/create/add VLAN/s


Most People have troubles in configuring their routes and some may easily get lost. This can cause a lot of damage, if your network is not simple and transparent, then you can missconfigure it in many ways.

I was thinking a lot about "How should this app work, how should it preconfigure as there are many ways to accomplish it?". I came to conclusion that dealing with VLAN's is the easiest way, especially because it can be done over GUI (Luci).

I will not go now into details, but here are most important points to know about your webinterface and it's settings.

âš ï¸ï¸Port/s CAN NOT be untagged more than 1 time

âš ï¸ï¸Any port CAN BE tagged more than 1 time
 
What are CPU ports and how to set them?

  • CPU(eth0) - use it for WAN Ports
    (each new VLAN for separate WAN needs to be tagged)
    (please reffer to your Hardware as HW can be different)
    (for Archer C7 used for this guide, you Need to set WAN port additionally to tagged on each VLAN which acts as separate WAN port, !!!this is not the case on all devices!!!)
  • CPU(eth1) - use it for LAN Ports
    (each new VLAN for separate LAN needs to be tagged)

Example: 2 Router Setup + 1 AP, Routers (Huawei B315s-22, TP-Link Archer C7, AP: TP-Link 1043-nd

 

  • HUAWEI B315s-22 LTE Router (provides Internet connection, acts as router, DMZ to Archer C7)
    HUAWEI Model: B315s-22, HW Version: WL1B310FM01
    IP: 192.168.0.1
  • TP-Link Archer C7 v2.0 (Local Network, acts as router)
    WAN:  as (vlan2): 192.168.0.11 WAN1, LAN IP: 192.168.1.1
    LAN1: as (vlan1) port, TP-Link 1043-nd is connected to this port, LAN IP: 192.168.1.1
    LAN2: as (vlan3) 192.168.0.12 WAN2, LAN IP: 192.168.2.1
    LAN3: as (vlan4) 192.168.0.13 WAN3, LAN IP: 192.168.3.1
    LAN4: disabled (just example how to disable port at all)
    Hardware Info: on wiki.openwrt.org
  • TP-Link 1043-nd v2.1 (Access Point)
    Hardware Info: on wiki.openwrt.org

Archer C7 has GB WAN Port and can handle easily 5 WAN Connections. 

us0lr6q.png
 
This is a screenshot of how to do it in your webinterface. Now you only need to setup different VPN connections to use separate WAN's and create wireless interfaces which are bridged to LANX and provide separate wireless network for a separate LAN. Basicly you only need to setup  correct loopbackdevice and that's it. Then you can easily setup which clients or subnets or even websites (like netflix) should go to which client.



More info on how to Setup multvpn/multilan/multiwlan on one device will come in following days.


 

 

Tor Installation

Edited by 19807409

Share this post


Link to post
Share on other sites
  • 0
Support

Thanks for posting - the script seem to work quite well i hear.

 

Regards

Share this post


Link to post
Share on other sites
  • 0
45855621

Hi! Thank you for your work, but a have a little problem with the settings. I have also latest Lede installed, copied all your openvpn settings from github screenshots 100%, uploaded certificates etc etc, but can't get things working, get only this in openvpn log file:

 

Options error: specify only one of --tls-server, --tls-client, or --secret
Use --help for more information.
 

Double checked all. Maybe you know what the issue and how to fix? Or TorGuard support, maybe you?Thanks!

Share this post


Link to post
Share on other sites
  • 0
Support

Hi! Thank you for your work, but a have a little problem with the settings. I have also latest Lede installed, copied all your openvpn settings from github screenshots 100%, uploaded certificates etc etc, but can't get things working, get only this in openvpn log file:

Double checked all. Maybe you know what the issue and how to fix? Or TorGuard support, maybe you?Thanks!

 

Hello,

 

Can you send us the config your using please ?

 

Thanks

Share this post


Link to post
Share on other sites
  • 0
19807409

Hi! Thank you for your work, but a have a little problem with the settings. I have also latest Lede installed, copied all your openvpn settings from github screenshots 100%, uploaded certificates etc etc, but can't get things working, get only this in openvpn log file:

Double checked all. Maybe you know what the issue and how to fix? Or TorGuard support, maybe you?Thanks!

 

Hello,

 

as first wow, I did not expect at beginn that many will understand at all what this project is about but now I see that it is important enough as some cant wait and already read screenshots. For that I need to excuse myself that I did not work faster and you lost some time. 

 

Ok, to reply to your question, if you did set everything correctly, then you might made still some mistakes :), here is what comes first to my mind:

You did not use SHA256/SH256 but instead no auth or SHA1. If so, then you need to remove the line with ta.key, noEncryption, BFCBC, AES-128-CBC_SHA1, AES-256-CBC_SHA1 are all without TLS, meaning you need to take ta.key out. If you don't use auth at all, ie. no encrpytion or BF-CBC, then you also need to take auth line out.

 

Remember, I am not working for TorGuard, naming was maybe not the best as it could misslead to think that it is official config from TorGuard, so :) this is a must for this thread, not meant as answer to you, will update OP when releasing first public version for testing.

 

THESE SETTINGS ARE CONTRIBUTED BY USER, PLEASE USE THEM ON OWN DANGER AND NEITHER ME NOR TORGUARD IS RESPONSIBLE IF YOU BREAK SOMETHING.

 

Back to openvpn and configs:

 
I guess you want config for openwrt's openvpn version to be able to edit it through WebIif:

If you use WebIf and want be able to configure it through OpenVPN config (or TorGuards App which will be soon available.

 

To do before you apply this config:

set your paths to files correctly ta.key, ca.key and userpass.txt

set other settings like compression (yes, no, adaptive), random 0 (random server 0-no 1-yes)

 

Content of userpass.txt:

yourUsername
yourPasswor

How to use configs provided by TorGuard:

1. Replace ta.key and ca.key paths in config

 

How to convert configs provided by TorGuard to openvpn format:

1. Replace ta.key and ca.key paths in config (same as previously described )

2. Add "option " to all setting as prefix

3. Values need to be placed in this format 'someValue'

4. For complzo set one of these values (yes/no/adaptive

 

Thats it. Please write about your experience. Add this config to your /etc/config/openvpn. It is just a demonstration of creating configs with my TorGuards App continet based, hope one of them will fit, this one was created now for general purpose and if you dont have hyper fast or hyper slow internet, I think this config will fit just fine to you, dont tune any setting if you dont know what you do :)

 

All TorGuard Servers, AES-128-CBC with SHA256 over UDP port 1912 on "tun" device

(remember, if you use more than one at the same time, then it's tun0, tun1, ... or tun0.1, tun0.2 if someone plays with vlans .... )

 

4G/LTE Optimized Configs

 

 

TorGuard_EU_AES128CBC_SHA256_TLS_Compression

config openvpn 'TorGuard_EU_AES128CBC_SHA256_TLS_Compression'
	option client '1'
	option dev 'tun'
	option proto 'udp'
	option resolv_retry 'infinite'
	option nobind '1'
	option ca '/etc/torguard/ca.crt'
	option ns_cert_type 'server'
	option tls_auth '/etc/torguard/ta.key 1'
	option cipher 'AES-128-CBC'
	option comp_lzo 'yes'
	option verb '3'
	option fast_io '1'
	option auth_user_pass '/etc/torguard/userpass.txt'
	option remote_random '0'
	option auth 'SHA256'
	option reneg_sec '0'
	option sndbuf '393216'
	option rcvbuf '393216'
	option tun_mtu '1400'
	option mssfix '1360'
	option txqueuelen '10000'
	option mlock '1'
	option suppress_timestamps '1'
	option persist_key '1'	
	option  persist_tun '1'
	option  log '/var/log/openvpn.log'	
	option  rport '1912'
	list remote 'aus.torguardvpnaccess.com'
	list remote 'bg.torguardvpnaccess.com'
	list remote 'bul.torguardvpnaccess.com'
	list remote 'czech.torguardvpnaccess.com'
	list remote 'den.torguardvpnaccess.com'
	list remote 'fin.torguardvpnaccess.com'
	list remote 'fr.torguardvpnaccess.com'
	list remote 'frank.gr.torguardvpnaccess.com'
	list remote 'gr.torguardvpnaccess.com'
	list remote 'gre.torguardvpnaccess.com'
	list remote 'hg.torguardvpnaccess.com'
	list remote 'ice.torguardvpnaccess.com'
	list remote 'ire.torguardvpnaccess.com'
	list remote 'iom.torguardvpnaccess.com'
	list remote 'it.torguardvpnaccess.com'
	list remote 'lv.torguardvpnaccess.com'
	list remote 'lux.torguardvpnaccess.com'
	list remote 'md.torguardvpnaccess.com'
	list remote 'nl.torguardvpnaccess.com'
	list remote 'no.torguardvpnaccess.com'
	list remote 'pl.torguardvpnaccess.com'
	list remote 'por.torguardvpnaccess.com'
	list remote 'ro.torguardvpnaccess.com'
	list remote 'sp.torguardvpnaccess.com'
	list remote 'swe.torguardvpnaccess.com'
	list remote 'swiss.torguardvpnaccess.com'
	list remote 'ukr.torguardvpnaccess.com'
	list remote 'lon.uk.torguardvpnaccess.com'
	list remote 'uk.torguardvpnaccess.com'
 

 

TorGuard_All_Countries_AES128CBC_SHA256_TLS_Compression

config openvpn 'TorGuard_All_Countries_AES128CBC_SHA256_TLS_Compression'
	option client '1'
	option dev 'tun'
	option proto 'udp'
	option resolv_retry 'infinite'
	option nobind '1'
	option ca '/etc/torguard/ca.crt'
	option ns_cert_type 'server'
	option tls_auth '/etc/torguard/ta.key 1'
	option cipher 'AES-128-CBC'
	option comp_lzo 'yes'
	option verb '3'
	option fast_io '1'
	option auth_user_pass '/etc/torguard/userpass.txt'
	option remote_random '0'
	option auth 'SHA256'
	option reneg_sec '0'
	option sndbuf '393216'
	option rcvbuf '393216'
	option tun_mtu '1400'
	option mssfix '1360'
	option txqueuelen '10000'
	option mlock '1'
	option suppress_timestamps '1'
	option persist_key '1'	
	option  persist_tun '1'
	option  log '/var/log/openvpn.log'	
	option  rport '1912'
	list remote 'aus.torguardvpnaccess.com 1912'
	list remote 'bg.torguardvpnaccess.com 1912'
	list remote 'bul.torguardvpnaccess.com 1912'
	list remote 'czech.torguardvpnaccess.com 1912'
	list remote 'den.torguardvpnaccess.com 1912'
	list remote 'fin.torguardvpnaccess.com 1912'
	list remote 'fr.torguardvpnaccess.com 1912'
	list remote 'frank.gr.torguardvpnaccess.com 1912'
	list remote 'gr.torguardvpnaccess.com 1912'
	list remote 'gre.torguardvpnaccess.com 1912'
	list remote 'hg.torguardvpnaccess.com 1912'
	list remote 'ice.torguardvpnaccess.com 1912'
	list remote 'ire.torguardvpnaccess.com 1912'
	list remote 'iom.torguardvpnaccess.com 1912'
	list remote 'it.torguardvpnaccess.com 1912'
	list remote 'lv.torguardvpnaccess.com 1912'
	list remote 'lux.torguardvpnaccess.com 1912'
	list remote 'md.torguardvpnaccess.com 1912'
	list remote 'nl.torguardvpnaccess.com 1912'
	list remote 'no.torguardvpnaccess.com 1912'
	list remote 'pl.torguardvpnaccess.com 1912'
	list remote 'por.torguardvpnaccess.com 1912'
	list remote 'ro.torguardvpnaccess.com 1912'
	list remote 'sp.torguardvpnaccess.com 1912'
	list remote 'swe.torguardvpnaccess.com 1912'
	list remote 'swiss.torguardvpnaccess.com 1912'
#	list remote 'ukr.torguardvpnaccess.com 1912'
	list remote 'lon.uk.torguardvpnaccess.com 1912'
	list remote 'uk.torguardvpnaccess.com 1912'
	list remote 'hk.torguardvpnaccess.com 1912'
	list remote 'in.torguardvpnaccess.com 1912'
	list remote 'ind.torguardvpnaccess.com 1912'
	list remote 'isr.torguardvpnaccess.com 1912'
	list remote 'jp.torguardvpnaccess.com 1912'
	list remote 'my.torguardvpnaccess.com 1912'
	list remote 'mos.ru.torguardvpnaccess.com 1912'
	list remote 'ru.torguardvpnaccess.com 1912'
	list remote 'saudi.torguardvpnaccess.com 1912'
	list remote 'singp.torguardvpnaccess.com 1912'
	list remote 'sk.torguardvpnaccess.com 1912'
	list remote 'thai.torguardvpnaccess.com 1912'
	list remote 'turk.torguardvpnaccess.com 1912'
	list remote 'vn.torguardvpnaccess.com 1912'
	list remote 'ca.torguardvpnaccess.com 1912'
	list remote 'vanc.ca.west.torguardvpnaccess.com 1912'
	list remote 'cr.torguardvpnaccess.com 1912'
	list remote 'mx.torguardvpnaccess.com 1912'
	list remote 'pa.torguardvpnaccess.com 1912'
	list remote 'atl.east.usa.torguardvpnaccess.com 1912'
	list remote 'chi.central.usa.torguardvpnaccess.com 1912'
	list remote 'dal.central.usa.torguardvpnaccess.com 1912'
	list remote 'la.west.usa.torguardvpnaccess.com 1912'
	list remote 'lv.west.usa.torguardvpnaccess.com 1912'
	list remote 'sa.west.usa.torguardvpnaccess.com 1912'
	list remote 'fl.east.usa.torguardvpnaccess.com 1912'
	list remote 'nj.east.usa.torguardvpnaccess.com 1912'
	list remote 'ny.east.usa.torguardvpnaccess.com 1912'
	list remote 'br.torguardvpnaccess.com 1912'
	list remote 'chil.torguardvpnaccess.com 1912'
	list remote 'egy.torguardvpnaccess.com 1912'
	list remote 'za.torguardvpnaccess.com 1912'
	list remote 'tun.torguardvpnaccess.com 1912'
	list remote 'au.torguardvpnaccess.com 1912'
	list remote 'melb.au.torguardvpnaccess.com 1912'
	list remote 'nz.torguardvpnaccess.com 1912'
 

 

TorGuard_ASIA_AES128CBC_SHA256_TLS_Compression

config openvpn 'TorGuard_ASIA_AES128CBC_SHA256_TLS_Compression'
	option client '1'
	option dev 'tun'
	option proto 'udp'
	option resolv_retry 'infinite'
	option nobind '1'
	option ca '/etc/torguard/ca.crt'
	option ns_cert_type 'server'
	option tls_auth '/etc/torguard/ta.key 1'
	option cipher 'AES-128-CBC'
	option comp_lzo 'yes'
	option verb '3'
	option fast_io '1'
	option auth_user_pass '/etc/torguard/userpass.txt'
	option remote_random '0'
	option auth 'SHA256'
	option reneg_sec '0'
	option sndbuf '393216'
	option rcvbuf '393216'
	option tun_mtu '1400'
	option mssfix '1360'
	option txqueuelen '10000'
	option mlock '1'
	option suppress_timestamps '1'
	option persist_key '1'	
	option  persist_tun '1'
	option  log '/var/log/openvpn.log'	
	option  rport '1912'
	list remote 'hk.torguardvpnaccess.com 1912'
	list remote 'in.torguardvpnaccess.com 1912'
	list remote 'ind.torguardvpnaccess.com 1912'
	list remote 'isr.torguardvpnaccess.com 1912'
	list remote 'jp.torguardvpnaccess.com 1912'
	list remote 'my.torguardvpnaccess.com 1912'
	list remote 'mos.ru.torguardvpnaccess.com 1912'
	list remote 'ru.torguardvpnaccess.com 1912'
	list remote 'saudi.torguardvpnaccess.com 1912'
	list remote 'singp.torguardvpnaccess.com 1912'
	list remote 'sk.torguardvpnaccess.com 1912'
	list remote 'thai.torguardvpnaccess.com 1912'
	list remote 'turk.torguardvpnaccess.com 1912'
	list remote 'vn.torguardvpnaccess.com 1912'

 

TorGuard_NAMERICA_AES128CBC_SHA256_TLS_Compression

config openvpn 'TorGuard_NAMERICA_AES128CBC_SHA256_TLS_Compression'
	option client '1'
	option dev 'tun'
	option proto 'udp'
	option resolv_retry 'infinite'
	option nobind '1'
	option ca '/etc/torguard/ca.crt'
	option ns_cert_type 'server'
	option tls_auth '/etc/torguard/ta.key 1'
	option cipher 'AES-128-CBC'
	option comp_lzo 'yes'
	option verb '3'
	option fast_io '1'
	option auth_user_pass '/etc/torguard/userpass.txt'
	option remote_random '0'
	option auth 'SHA256'
	option reneg_sec '0'
	option sndbuf '393216'
	option rcvbuf '393216'
	option tun_mtu '1400'
	option mssfix '1360'
	option txqueuelen '10000'
	option mlock '1'
	option suppress_timestamps '1'
	option persist_key '1'	
	option  persist_tun '1'
	option  log '/var/log/openvpn.log'	
	option  rport '1912'
	list remote 'ca.torguardvpnaccess.com 1912'
	list remote 'vanc.ca.west.torguardvpnaccess.com 1912'
	list remote 'cr.torguardvpnaccess.com 1912'
	list remote 'mx.torguardvpnaccess.com 1912'
	list remote 'pa.torguardvpnaccess.com 1912'
	list remote 'atl.east.usa.torguardvpnaccess.com 1912'
	list remote 'chi.central.usa.torguardvpnaccess.com 1912'
	list remote 'dal.central.usa.torguardvpnaccess.com 1912'
	list remote 'la.west.usa.torguardvpnaccess.com 1912'
	list remote 'lv.west.usa.torguardvpnaccess.com 1912'
	list remote 'sa.west.usa.torguardvpnaccess.com 1912'
	list remote 'fl.east.usa.torguardvpnaccess.com 1912'
	list remote 'nj.east.usa.torguardvpnaccess.com 1912'
	list remote 'ny.east.usa.torguardvpnaccess.com 1912'


 

TorGuard_NAMERICA_NORTH_AES128CBC_SHA256_TLS_Compression

config openvpn 'TorGuard_NAMERICA_NORTH_AES128CBC_SHA256_TLS_Compression'
	option client '1'
	option dev 'tun'
	option proto 'udp'
	option resolv_retry 'infinite'
	option nobind '1'
	option ca '/etc/torguard/ca.crt'
	option ns_cert_type 'server'
	option tls_auth '/etc/torguard/ta.key 1'
	option cipher 'AES-128-CBC'
	option comp_lzo 'yes'
	option verb '3'
	option fast_io '1'
	option auth_user_pass '/etc/torguard/userpass.txt'
	option remote_random '0'
	option auth 'SHA256'
	option reneg_sec '0'
	option sndbuf '393216'
	option rcvbuf '393216'
	option tun_mtu '1400'
	option mssfix '1360'
	option txqueuelen '10000'
	option mlock '1'
	option suppress_timestamps '1'
	option persist_key '1'	
	option  persist_tun '1'
	option  log '/var/log/openvpn.log'	
	option  rport '1912'
	list remote 'ca.torguardvpnaccess.com 1912'
	list remote 'vanc.ca.west.torguardvpnaccess.com 1912'
	list remote 'cr.torguardvpnaccess.com 1912'

 

TorGuard_NAMERICA_SOUTH_AES128CBC_SHA256_TLS_Compression

config openvpn 'TorGuard_NAMERICA_SOUTH_AES128CBC_SHA256_TLS_Compression'
	option client '1'
	option dev 'tun'
	option proto 'udp'
	option resolv_retry 'infinite'
	option nobind '1'
	option ca '/etc/torguard/ca.crt'
	option ns_cert_type 'server'
	option tls_auth '/etc/torguard/ta.key 1'
	option cipher 'AES-128-CBC'
	option comp_lzo 'yes'
	option verb '3'
	option fast_io '1'
	option auth_user_pass '/etc/torguard/userpass.txt'
	option remote_random '0'
	option auth 'SHA256'
	option reneg_sec '0'
	option sndbuf '393216'
	option rcvbuf '393216'
	option tun_mtu '1400'
	option mssfix '1360'
	option txqueuelen '10000'
	option mlock '1'
	option suppress_timestamps '1'
	option persist_key '1'	
	option  persist_tun '1'
	option  log '/var/log/openvpn.log'	
	option  rport '1912'
	list remote 'mx.torguardvpnaccess.com 1912'
	list remote 'pa.torguardvpnaccess.com 1912'

 

TorGuard_NAMERICA_CENTRAL_AES128CBC_SHA256_TLS_Compression

config openvpn 'TorGuard_NAMERICA_CENTRAL_AES128CBC_SHA256_TLS_Compression'
	option client '1'
	option dev 'tun'
	option proto 'udp'
	option resolv_retry 'infinite'
	option nobind '1'
	option ca '/etc/torguard/ca.crt'
	option ns_cert_type 'server'
	option tls_auth '/etc/torguard/ta.key 1'
	option cipher 'AES-128-CBC'
	option comp_lzo 'yes'
	option verb '3'
	option fast_io '1'
	option auth_user_pass '/etc/torguard/userpass.txt'
	option remote_random '0'
	option auth 'SHA256'
	option reneg_sec '0'
	option sndbuf '393216'
	option rcvbuf '393216'
	option tun_mtu '1400'
	option mssfix '1360'
	option txqueuelen '10000'
	option mlock '1'
	option suppress_timestamps '1'
	option persist_key '1'	
	option  persist_tun '1'
	option  log '/var/log/openvpn.log'	
	option  rport '1912'
	list remote 'chi.central.usa.torguardvpnaccess.com 1912'
	list remote 'dal.central.usa.torguardvpnaccess.com 1912'
	

 

TorGuard_NAMERICA_EAST_AES128CBC_SHA256_TLS_Compression

config openvpn 'TorGuard_NAMERICA_CENTRAL_AES128CBC_SHA256_TLS_Compression'
	option client '1'
	option dev 'tun'
	option proto 'udp'
	option resolv_retry 'infinite'
	option nobind '1'
	option ca '/etc/torguard/ca.crt'
	option ns_cert_type 'server'
	option tls_auth '/etc/torguard/ta.key 1'
	option cipher 'AES-128-CBC'
	option comp_lzo 'yes'
	option verb '3'
	option fast_io '1'
	option auth_user_pass '/etc/torguard/userpass.txt'
	option remote_random '0'
	option auth 'SHA256'
	option reneg_sec '0'
	option sndbuf '393216'
	option rcvbuf '393216'
	option tun_mtu '1400'
	option mssfix '1360'
	option txqueuelen '10000'
	option mlock '1'
	option suppress_timestamps '1'
	option persist_key '1'	
	option  persist_tun '1'
	option  log '/var/log/openvpn.log'	
	option  rport '1912'
	list remote 'atl.east.usa.torguardvpnaccess.com 1912'
	list remote 'fl.east.usa.torguardvpnaccess.com 1912'
	list remote 'nj.east.usa.torguardvpnaccess.com 1912'
	list remote 'ny.east.usa.torguardvpnaccess.com 1912'

 

TorGuard_NAMERICA_WEST_AES128CBC_SHA256_TLS_Compression

config openvpn 'TorGuard_NAMERICA_WEST_AES128CBC_SHA256_TLS_Compression'
	option client '1'
	option dev 'tun'
	option proto 'udp'
	option resolv_retry 'infinite'
	option nobind '1'
	option ca '/etc/torguard/ca.crt'
	option ns_cert_type 'server'
	option tls_auth '/etc/torguard/ta.key 1'
	option cipher 'AES-128-CBC'
	option comp_lzo 'yes'
	option verb '3'
	option fast_io '1'
	option auth_user_pass '/etc/torguard/userpass.txt'
	option remote_random '0'
	option auth 'SHA256'
	option reneg_sec '0'
	option sndbuf '393216'
	option rcvbuf '393216'
	option tun_mtu '1400'
	option mssfix '1360'
	option txqueuelen '10000'
	option mlock '1'
	option suppress_timestamps '1'
	option persist_key '1'
	option persist_tun '1'
	option log '/var/log/openvpn.log'
	option rport '1912'
	list remote 'la.west.usa.torguardvpnaccess.com'
	list remote 'lv.west.usa.torguardvpnaccess.com'
	list remote 'sa.west.usa.torguardvpnaccess.com'

 

TorGuard_SAMERICA_AES128CBC_SHA256_TLS_Compression

config openvpn 'TorGuard_SAMERICA_AES128CBC_SHA256_TLS_Compression'
	option client '1'
	option dev 'tun'
	option proto 'udp'
	option resolv_retry 'infinite'
	option nobind '1'
	option ca '/etc/torguard/ca.crt'
	option ns_cert_type 'server'
	option tls_auth '/etc/torguard/ta.key 1'
	option cipher 'AES-128-CBC'
	option comp_lzo 'yes'
	option verb '3'
	option fast_io '1'
	option auth_user_pass '/etc/torguard/userpass.txt'
	option remote_random '0'
	option auth 'SHA256'
	option reneg_sec '0'
	option sndbuf '393216'
	option rcvbuf '393216'
	option tun_mtu '1400'
	option mssfix '1360'
	option txqueuelen '10000'
        option mlock '1'
        option suppress_timestamps '1'
	option persist_key '1'
	option persist_tun '1'
	option log '/var/log/openvpn.log'
	option rport '1912'
	list remote 'br.torguardvpnaccess.com'
	list remote 'chil.torguardvpnaccess.com'

 

TorGuard_AFRICA_AES128CBC_SHA256_TLS_Compression

config openvpn 'TorGuard_AFRICA_AES128CBC_SHA256_TLS_Compression'
	option client '1'
	option dev 'tun'
	option proto 'udp'
	option resolv_retry 'infinite'
	option nobind '1'
	option ca '/etc/torguard/ca.crt'
	option ns_cert_type 'server'
	option tls_auth '/etc/torguard/ta.key 1'
	option cipher 'AES-128-CBC'
	option comp_lzo 'yes'
	option verb '3'
	option fast_io '1'
	option auth_user_pass '/etc/torguard/userpass.txt'
	option remote_random '0'
	option auth 'SHA256'
	option reneg_sec '0'
	option sndbuf '393216'
	option rcvbuf '393216'
	option tun_mtu '1400'
	option mssfix '1360'
	option txqueuelen '10000'
        option mlock '1'
        option suppress_timestamps '1'
	option persist_key '1'
	option persist_tun '1'
	option log '/var/log/openvpn.log'
	option rport '1912'
	list remote 'egy.torguardvpnaccess.com'
	list remote 'za.torguardvpnaccess.com'
	list remote 'tun.torguardvpnaccess.com'

 

TorGuard_AUSTRALIA_AES128CBC_SHA256_TLS_Compression

config openvpn 'TorGuard_AUSTRALIA_AES128CBC_SHA256_TLS_Compression'
	option client '1'
	option dev 'tun'
	option proto 'udp'
	option resolv_retry 'infinite'
	option nobind '1'
	option ca '/etc/torguard/ca.crt'
	option ns_cert_type 'server'
	option tls_auth '/etc/torguard/ta.key 1'
	option cipher 'AES-128-CBC'
	option comp_lzo 'yes'
	option verb '3'
	option fast_io '1'
	option auth_user_pass '/etc/torguard/userpass.txt'
	option remote_random '0'
	option auth 'SHA256'
	option reneg_sec '0'
	option sndbuf '393216'
	option rcvbuf '393216'
	option tun_mtu '1400'
	option mssfix '1360'
	option txqueuelen '10000'
        option mlock '1'
        option suppress_timestamps '1'
	option persist_key '1'
	option persist_tun '1'
	option log '/var/log/openvpn.log'
	option rport '1912'
	list remote 'au.torguardvpnaccess.com'
	list remote 'melb.au.torguardvpnaccess.com'
	list remote 'nz.torguardvpnaccess.com'

  • Like 1

Share this post


Link to post
Share on other sites
  • 0
19807409

Thanks for posting - the script seem to work quite well i hear.

 

Regards

 

 â˜º I it and am happy just don't  any reports/log/speedtests :), here is one, connection is over 4400km away, over the ocean

WrMrJu0.png:)

 

BTW: this is not only nice and cool, but it makes your WLAN even more secure :), my neigbours flipped out when they saw over 60 connections looking like that (and could not find their own :), place this code (I deliberatly write it now in ANSI), this is ie. your new SSID:

	option ssid '🆓💩ಠ_ಠ👌👌👌' 

where everybody searching WLAN does see this, IT can be just funny, I love this so much :)

'ಠ_ಠ'

 

wish you all fun :) in discovering it ;)

  • Like 1

Share this post


Link to post
Share on other sites
  • 0
19807409

I see now this forum software does have a bug ;) or some not perfect concept.

URL allows and you dont, now my first sentence has 1 point and sounds like very bad english, even me doesnt understand it now :)

qqMaY6V.png

 

Previous post should show you something like this:

'ಠ_ಠ'

Look:

c9xKnn3.png

Share this post


Link to post
Share on other sites
  • 0
19807409

And yes, to confirm, I can stream in full hd over US IP, without any issue, netflix and such do need maybe 30 seconds to 1 minute to run their stupid scripts in finding out how good your connection is and setting higher stream quality, actually it was always under 1 minute. Connection is very stable even if I am actually constanly connected over mobile connection (LTE). I stream now over US stream IP at the same time during speedtest and get following results:

 

5987346584.png

 

Now streaming with 2 clinets from netflix and getting this result:

URL to test: http://beta.speedtest.net/result/5987352329

5987352329.png

 

 

If your router is properly configured, then you can surf at the same time with good speed.

 

Already in this first stage of testing, openwrt performs really very well. I will not make any promotion in this thread by writting which devices I use/used, I dont want to slip this discussion away into some brand/modell specific discussion.

  • Like 1

Share this post


Link to post
Share on other sites
  • 0
19807409

After weeks, I can confirm that OpenWRT+OpenVPN does work much better than a software clients. So far, one of my routers is connected since weeks and even if WAN connection broke, TorGuard was always connected. I never got as near as good results with a software client on pc (only speed was a little bit better due to the difference of my router's cpu and my i7 on my desktop).

 

I've tested TorGuard and TorGuards client in many ways on different platforms, but these were main problems which I don't have if I run it on my router.

 

Main advantages of the usage of your VPN on your router are:

  • All devices use TorGuard/Other services and you dont need to set it additionally up
  • If there are issues, like hijacking your DNS, you apply your fixes on whole network
  • every device connected to it stays secure
  • keeps your network also safe from missconfigured devices of your guests/friends/fammily
  • Save a lot ressources and time, like updating clients on all devices, downloading updates for soft.....
  • Most consumer routers allow to serve up to 255 clients, which would mean, with 1 torguard connection you can spare 254 subscriptions per device :) (that's probably interesting for companies, as their clients connect over ie. openvpn to the server which has torguard as wan)
  • Until now, most stable connection until now is OpenWRT+TorGuard(openvpn)
  • l2tp gives me much better results then if I use it on my PC/client
  • .... much more advantages which are provided by communities (github/opewrt/ddwrt/pfsense/....)

 

There are much, much more advantages. All this is a part of this project. As for now, I can confirm that its working very stable and one location is now since almost a week connected and did not disconnect. No matter which scripts I wrote on my PC, I had more disconnects as first and sometimes pc just did not want to connect with crashing the client. Then I had always some issue on my phone, I start torguard client, everything works then after I did not do anything for 5-10 min, I look and torguard client is disconnected.

 

It does not happen to me if I use openvpn client and connect directly to the closest location (which is mostly my home router) and from there everything works great. Again, here your router provides openvpn server which provides you abbility to connect to your home.

 

I think it is very important that TorGuard can offer a distribution (or community) which includes all these fine things which I wrote in this and other threads about. This topic is not simple, especially not to create nice GUI for setup which does fill need of so many possible setups which users could wish and then all that over multiwan :), but multiwan is separate topic, I will talk about multiwan after everything else is finished and runs. If you finished everything, then multiwan and load balancing is just copy&paste part.

  • Like 1

Share this post


Link to post
Share on other sites
  • 0
45855621

 

Thats it. Please write about your experience. Add this config to your /etc/config/openvpn. It is just a demonstration of creating configs with my TorGuards App continet based, hope one of them will fit, this one was created now for general purpose and if you dont have hyper fast or hyper slow internet, I think this config will fit just fine to you, dont tune any setting if you dont know what you do :)

 

Thank you 19807409! You're doing a great job!

I have one more important question - now i have VPN running and connected, but i'm missing rules for router to push all traffic except local (192.168.x.x) via that VPN tunnel. Can you please post your 'network' and 'firewall' files content from /etc/config folder? And maybe anything else that i missed to make the thing work.

Share this post


Link to post
Share on other sites
  • 0
19807409

Thank you 19807409! You're doing a great job!

I have one more important question - now i have VPN running and connected, but i'm missing rules for router to push all traffic except local (192.168.x.x) via that VPN tunnel. Can you please post your 'network' and 'firewall' files content from /etc/config folder? And maybe anything else that i missed to make the thing work.

 

I am glad it helped a little bit, but can you tell me which endsetup is your goal at all?

 

Until then, you can add following to your /etc/config/openvpn

	option route_nopull '1'
	list route '192.168.2.0 255.255.255.0' 

where I assume that you created second lan interface with 192.168.2.x and you want it to ignore routes pulled and set it automaticly and use for all devices in that subnet. That's it. Hope it helps. How many connections do you want to establish at all and which hardware do you use?

 

I am getting 16/10 if I use only one VPN on my router, 14/8 if I enable 2 of them, 12/6 if 3. More I did not test.

 

However, there are different ways to setup your router. You could go also with simplicity which I would suggest and that's to use for every vpn instance one router, this way you achive best results for a little money. Ie, you get Archer C5 already ~$50, two of them are ~100 and so on. But then they also act as access points and not as routers. Simply, if I disable everything beside firewall and the rest, then I get even 20/12 with US IP which is actually almost the same which I get when I connect to a server less then 10km far away from me.

 

Like I said :), it would be easier to talk if we would knew what exact do you want to achieve. You are now good example for config creater, as TorGuadr or me in my app, we both could offer auto creation of these routes if you ie. mark checkbox "only for device" and choose ie. "lan2".

 

So, the more people say what they exactly want to have, the better it can be replied.

Share this post


Link to post
Share on other sites
  • 0
45855621

I am glad it helped a little bit, but can you tell me which endsetup is your goal at all?

 

Until then, you can add following to your /etc/config/openvpn

	option route_nopull '1'
	list route '192.168.2.0 255.255.255.0' 

where I assume that you created second lan interface with 192.168.2.x and you want it to ignore routes pulled and set it automaticly and use for all devices in that subnet. That's it. Hope it helps. How many connections do you want to establish at all and which hardware do you use?

 

Exactly. I have a standard dual-router setup, first one cheap connects to ISP (192.168.1.1), and the second one is running LEDE (192.168.2.1), connected to LAN of the first (LAN->WAN).

 

End-setup should look like this: all traffic that go "out" from the second router must go via VPN tunnel. No exceptions.

Only local traffic to configure router admin zone should stay local.

 

For now for my problem, i have read this article: https://www.robertkehoe.com/2015/08/setup-openvpn-using-openwrt/

It shows that except creating VPN instance, i must define new interface and new firewall rule, to show the router how to operate the traffic.

I have done everything similar to this, but eventually did something wrong (since LEDE have is a bit different GUI from OpenWRT, and article a bit old).

That's why i'm asking here for file content and that settings.

I have very small home network, just tired to run separate software on all devices.

 

And about equipment and speeds: since commercial routers can't process encryption on hardware level, the best option for price \ speed \ sofware performance is provided for now by Linksys WRT routers, such as WRT1900ACS and WRT1200AC. I have that one is that matters.

I think you will find the last few pages of this forum topic and tests \ settings provided by user McGenie interesting for your future development privateinternetaccess.com/forum/discussion/2845/openvpn-router-speeds/p8

Share this post


Link to post
Share on other sites
  • 0
19807409

Hello,

 

yes, this article shows you only how to connect to the service. Not all vpn scenarios are available.

 

I would maybe suggest you to use VLAN's with tagged ports.

 

I mostly use separate interfaces an separate LAN's allowing them to communicate or with other subnets/clients.

 

For that, yes, you need to override routes and set yours. 

 

I dont think anything is different, as in screenshot I see OpenWRT and it means it's almost the same. Difference is if you look into your VLAN's, you will recognise that CPU and ports may be different then on other models (take care with tutorials by copy&paste network interface)

 

But here is a setup for you (please read carefully):

Your first router acts as WAN, means, make WAN port to SWITCH port where all the firewall/dhcp and so on can be done on first router.

 

Then setup OpenVPN like you did and create separate WLAN's for that. If your first Router has WLAN, then you are almost done, as now you have over WLAN access to all networks, simple isnt it?

 

Next, you probably want to have a specific computer connected on LAN :) to get some specific address and that's easy with such setup. If your Router has 4 LAN ports (cheap one), then you could setup all LAN ports of your router to act as separate connection where you can split it by networks.

 

Your setup is actually finished and it should work as you wanted, lets make it together work. Do you get connection at all and are your settings currently correct with one?

 

To the point about routers:

For ie. price of one Linksys WRT1200 I can buy almost 3 Archer C5 :). Lol, thats not comparable and even HW is better.

 

Like I said before, some may also go for overpriced Asus Routers, for which I could buy 5-7 C5. I dont know about you :), but 5-7 C5 has clearly more power, ram and bandwith available. I mean, even Mikrotik devices are cheaper than Linksys. WRT54g/gl, this was time of Linksys but not anymore even if I liked them really much.

 

This is an example

config interface 'vpn1'
	option ifname 'tun0'
	option proto 'none'
	option auto '1'

config interface 'vpn2'
	option proto 'none'
	option auto '1'
	option type 'bridge'
	option _orig_ifname 'tun1'
	option _orig_bridge 'true'
	option ifname 'tun1 tun1.0'
config zone 'vpn1'
	option name 'vpn1'
	option network 'vpn1'
	option input 'REJECT'
	option forward 'REJECT'
	option output 'ACCEPT'
	option masq '1'
	option mtu_fix '1'
	list masq_src '192.168.1.0/24'
	option conntrack '1'

config zone 'vpn2'
	option name 'vpn2'
	option network 'vpn2'
	option input 'REJECT'
	option forward 'REJECT'
	option output 'ACCEPT'
	option masq '1'
	option mtu_fix '1'
	list masq_src '192.168.2.0/24'
	option conntrack '1'

config forwarding
	option dest 'vpn1'
	option src 'lan'

config forwarding
	option dest 'lan'
	option src 'vpn1'

config zone
	option name 'lan2'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	option network 'lan2'

config forwarding
	option dest 'vpn2'
	option src 'lan2'

config forwarding
	option dest 'lan2'
	option src 'vpn2'

Share this post


Link to post
Share on other sites
  • 0
19807409

Did anybody try to open all spoilers of post 2 :), it gets pretty long.

 

@TorGuardSupport

I can't put step two into the spoiler, it ignores it. How deep can a spoiler go? And what are exact restrictions?

 

There are better spoilers I guess or I am not so familiar with your, but this is a format which I would like to have:

If you dont specify any name, then it stays like it is
[spoiler][/spoiler]

But I want to name these spoilers, less work and better overview
[spoiler="Some Strange name :)"][/spoiler]

My guide would not look like 

OneLine - Sometext and formating
Second Line box called "spoiler". Somehow it does not sound attractive, some may think its add for a car shop.

It can be done in one line putting a name for the spoiler.

I get mad because of this stupid cloudflare settings, I lost so much time cause I lost so many times text by logging in with firefox. Capthca does not work, even on disabled adblock, please fix it, it is very annoying. I dont want to use separate browser at all.

Share this post


Link to post
Share on other sites
  • 0
45855621

@19807409, thanks, tried your example settings, but router was not responding after that till reset xD. my fault, i know very little in networking.

 

anyway will try to follow your new instructions from second post step-by-step on the week without double-router setup, will let know if succeeded.

Share this post


Link to post
Share on other sites
  • 0
19807409

if you only posted this one line, then it is undestandable that it does not work, you need all route, route 192.168.2.0 was just example, look in your log and look what is pushed, example of what a server tells you

PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.9.0.1,dhcp-option DNS 10.8.0.1,route 10.31.0.1,topology net30,ping 5,ping-restart 30,ifconfig 10.31.0.10 10.31.0.9'

if taka closer look, this is what is pulled:

/sbin/ifconfig tun0 10.31.0.6 pointopoint 10.31.0.5 mtu 1500
/sbin/route add -net 19x.xxx.xxx.xxx netmask 255.255.255.255 gw 192.168.8.1
/sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.31.0.5
/sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.31.0.5
/sbin/route add -net 10.31.0.1 netmask 255.255.255.255 gw 10.31.0.5

you could use the sama routes for your second connection but here you will need scripts

Something like that should work too:

/usr/sbin/iptables -t nat -A POSTROUTING -o tun+ -j SNAT --to-source $(ifconfig tun0 | grep "inet addr" | awk -F: '{print $2}' | awk '{print $1}')

Share this post


Link to post
Share on other sites
  • 0
19807409

Exactly. I have a standard dual-router setup, first one cheap connects to ISP (192.168.1.1), and the second one is running LEDE (192.168.2.1), connected to LAN of the first (LAN->WAN).

 

End-setup should look like this: all traffic that go "out" from the second router must go via VPN tunnel. No exceptions.

Only local traffic to configure router admin zone should stay local.

 

For now for my problem, i have read this article: https://www.robertkehoe.com/2015/08/setup-openvpn-using-openwrt/

It shows that except creating VPN instance, i must define new interface and new firewall rule, to show the router how to operate the traffic.

I have done everything similar to this, but eventually did something wrong (since LEDE have is a bit different GUI from OpenWRT, and article a bit old).

That's why i'm asking here for file content and that settings.

I have very small home network, just tired to run separate software on all devices.

 

And about equipment and speeds: since commercial routers can't process encryption on hardware level, the best option for price \ speed \ sofware performance is provided for now by Linksys WRT routers, such as WRT1900ACS and WRT1200AC. I have that one is that matters.

I think you will find the last few pages of this forum topic and tests \ settings provided by user McGenie interesting for your future development privateinternetaccess.com/forum/discussion/2845/openvpn-router-speeds/p8

 

I've posted how to create VLAN's and I created for you a screenshot showing how to do it in luci's web Interface.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×