Thank you for these OpenVPN ‘client’ capable travel routers!
I want to share how I setup an OpenVPN TAP connection between my new GL.iNet750S Slate router with firmware version 3.0.25 as an OpenVPN client to my Netgear NightHawk R7000 home router as the OpenVPN server. This OpenVPN TAP connection allows my remote Fire TV dongle to connect to my Fire TV Recast over the air DVR at home.
After enabling the VPN in my Netgear NightHawk home router, I download the ‘non-windows.zip’ file and I modified the ‘client2.ovpn’ configuration file that is inside the ‘non-windows.zip’ file which by default is set to ‘dev tap’ and not ‘dev tun’.
I added a ‘route-gateway’ line to the ‘client2.ovpn’ file which changed the default route on the client GL.iNet router’s LAN to use my Netgear NightHawk LAN gateway ‘192.168.0.1’ that is on the server side of the OpenVPN TAP connection.
I added an ‘ifconfig’ line to the ‘client2.ovpn’ file which statically assigned the IP address on the ‘tap0’ interface of the GL.iNet router when the OpenVPN connection is created because the GL.iNet router was not getting a DHCP IP address from the Netgear NightHawk to set on the ‘tap0’ interface upon OpenVPN connection. I used the IP address ‘192.168.0.254’ which was on the same subnet as my Netgear NightHawk router’s LAN 192.168.0.0/24, and an IP address that was outside the NetGear NightHawk’s DHCP range.
Modified ‘client2.ovpn’ file:
client
dev tap
proto udp
remote x.x.x.x ####
route-gateway 192.168.0.1
ifconfig 192.168.0.254 255.255.255.0
…
On the GL.iNet router GUI, I selected VPN, then OpenVPN Client, and uploaded the ‘non-windows.zip’ file with the modified ‘client2.ovpn’ file inside it and named it ‘MyOpenVPN-TAP’.
After connecting to the OpenVPN-TAP connection, I noticed that things didn’t work because the GL.iNet router’s firewall default is set to not forward traffic from the ‘ovpn’ zone to the ‘lan’. So on the GL.iNet router GUI, I opened Advanced settings, selected Network, then Firewall, then selected edit on the ‘ovpn’ zone. On the Firewall Zone Settings - Zone “ovpn” page in the ‘Inter-Zone Forwarding’, I selected the drop-down on the ‘Allow Forward to the destination zone’, and I check-marked the ‘lan’ interface, then selected Save & Apply.
Because I wanted things to work both-ways, I added a static route on the home Netgear NightHawk router’s GUI to route the GL.iNet’s default LAN network ‘192.168.8.0/24’ to the GL.iNet’s ‘tap0’ interface IP address ‘192.168.0.254’ which I statically assigned in the ‘client2.ovpn’ file above. On the Netgear NightHawk’s GUI, I selected Advanced, Advanced Setup, Static Routes, then Add, and after inputting the below, and selected Apply.
Private: Checked
Active: Checked
Destination IP Address: 192.168.8.0
IP Subnet Mask: 255.255.255.0
Gateway IP Address: 192.168.0.254
Metric: 2
That’s it! I am enjoying my over the air TV stations and DVR recordings from my Fire TV Recast on my Fire TV dongle remotely over the OpenVPN connection from wherever I am. I can connect to all the devices on my Netgear Nighthawk home network, and I can connect from my home devices to the devices on the GL.iNet router LAN as well, both-ways. And all the devices connected to the GL.iNet router’s LAN use my home service provider’s network to get to the internet.
BTW, I also realized that if the network that the GL.iNet router was connecting to for internet access (on my MiFi hotspot in my case) caused issues if it was using the same private network ‘192.168.0.0/24’ as my home Netgear Nighthawk router’s LAN at home. So, I changed the network (on my MiFi hotspot) to use a different network, ‘172.16.0.0/24’. This is something that I will need to keep in mind if I connect the GL.iNet router to any hotel/open WiFi service, or another family home network that uses the same ‘192.168.0.0/24’ network as well.
Extras
Since the GL.iNet 750S Slate Router has a physical mode button on the site, I changed the GL.iNet router’s ‘Button Setting’ to the ‘OpenVPN’ setting so that I could enable and disable the OpenVPN connection manually using the switch on the side of the GL.iNet 750S Slate router. I then grabbed my label maker and put a ‘VPN’ label next to the physical mode switch on the side of the GL.iNet router. I really like having this button because I can toggle the OpenVPN connection off when I want to stream directly from Amazon Video, Netflix, Hulu, or any other app on my Fire TV dongle.
After the OpenVPN-TAP was connected, I went to ‘Advanced Settings’, logged in again, then selected ‘System’/‘LED Configuration’ settings on the GL.iNet router and added an LED Notification named ‘OpenVPN’. I selected the wlan2g (since I don’t use 2g anyway), set the trigger to ‘netdev’, then set the device to ‘tap0’, and saved and applied. This makes the middle LED on the GL.iNet 750S Slate router light up when the OpenVPN connection is active. I then grabbed my label maker and put a ‘VPN’ label over the physical ‘2g’ LED on the front of the GL.iNet router.