[GUIDE] OpenVPN Setup always stay online with location change every 24 hours roulette

Hi,
in this guide i will show you how to set up a vpn-connection with a automatically location change and good settings for your ovpn-file so the connection is stable and your router can handle the 24 hours disconnect from some openvpn providers. if you want a permanent check, if the connection is online, use the scripts below in the next post!)

[HowTo]

  1. Download the ovpn-file from your provider and edit it with a texteditor

  2. Compare it with my ovpn-file an add missing lines, but don’t change commands if your vpn provider use other settings for one command -> Don’t change such commands!

Here is my file!


remote uk-lon2.privatevpn.com 1194 udp
remote [youradress] [port] [type] #add how many locations you like, above is a example
remote-random
nobind
dev tun

Options

tun-ipv6
remote-cert-tls server
client
comp-lzo
persist-key
persist-tun
verb 3

Router

reneg-sec 0
auth-nocache
connection retry -1
route-delay
keepalive 3 10
resolv-retry infinite
auth-retry interact
ping-restart 0
ping-timer-rem
pull-filter ignore “auth-token”

Crypto

cipher AES-128-GCM
auth SHA256
auth-user-pass

Cert

-----BEGIN CERTIFICATE-----
[Here is your ca code in it]
-----END CERTIFICATE-----

-----BEGIN OpenVPN Static key V1-----
[Here is your key code in it]
-----END OpenVPN Static key V1-----

key-direction 1


  1. Remote-Random will chose every time there is a restart select a new location from your remote servers. So add "remote ". Add how many you like!

  2. Import the Settings to your router like you see it here and start the vpn:
    https://nordvpn.com/tutorials/gl-inet/openvpn/

  3. Connect to your wifi or lan of your router and use the terminal (linux):

ssh root@192.168.1.1

->hit enter and use your router passwort

  1. To set up a cronjob, use this first:
crontab -e
  1. Write this code in it (Restart of vpn everyday at 3:30am)
30 3 * * * /etc/init.d/openvpn stop ; /etc/init.d/openvpn start

If you want you can add a second line to restart your router 1 time in the year :wink: Or more often, do what you want!

* * 1 1 * sleep 70 && touch /etc/banner && reboot
  • You can set your times by yourself, here you see the timetable:
*     *     *   *    *        command to be executed
-     -     -   -    -
|     |     |   |    |
|     |     |   |    +----- day of week (0 - 6) (Sunday=0)
|     |     |   +------- month (1 - 12)
|     |     +--------- day of        month (1 - 31)
|     +----------- hour (0 - 23)
+------------- min (0 - 59)
  1. A few other commands, which may or may not be necessary, to ensure that cron was running:
/etc/init.d/cron start

/etc/init.d/cron enable

/etc/init.d/cron restart
  1. You can actually interact with cron through the web panel as well and check if the settings are saved: more settings > extended > Luci Login > System > Scheduled tasks.

Reconnect-Script for staying online every time!

If you don’t want to use a cronjob or the cronjob isn’t working with your vpn-provider, you can use that script to let your router listening and reconnect if necessary.
-> You can use the ovpn-file from the provider without tweaking (tweaking is recommended with this script too), your router will check if the connection is lost and reconnect automatically if there is no connection.

Let’s start:

  1. If you are a new vpn-user, you can check my tutorial how to connect to your vpn provider with ovpn-file: HowToOpenVPNClient

  2. Login in Luci and than go to: System->Software and search for nano and install it (if not working write “opkg install nano” before the third point in ssh)

  3. Go into Terminal (Linux) and write:

ssh root@192.168.1.1

->hit enter and use your forris/luci passwort

  1. Write this and hit enter:
nano /usr/bin/vpn_reconnect
  1. Copy/Paste this script and change for your VPN-Connection:
    “PublicVPN_Fr_Paris” in the script is the Name of my created VPN
    (in Luci->Services->OpenVPN and the name of your created VPN you sould change in the script below)
#!/bin/sh

#wait for the openvpn to connect for the first time
sleep 120

while [ true ]; do

#check if openvpn is enabled, if not, go to next loop
vpn_enabled=$(uci get glconfig.openvpn.enable)
if [ "$vpn_enabled" != "1" ]; then
	echo "VPN not enabled, check 20 seconds later"
	sleep 20
	continue
fi

vpn_pid=$(pidof openvpn)
tun0_ifname=$(ifconfig tun0)

if [ -z "$tun0_ifname" ] && [ -z "$vpn_pid" ]; then
	echo "VPN enabled but not running, restarting it"
    /etc/init.d/startvpn restart
else
	echo "VPN is connected and connecting, check 20 seconds later"
fi

sleep 20

done

and then do Strg + o than Enter than Strg + x

Then:

chmod +x /usr/bin/vpn_reconnect

Then open the rc.local file:

nano /etc/rc.local

Add this to the end of the file just before exit:

/usr/bin/vpn_reconnect &

Do again Strg + o, Enter, Strg + x to save and quit again.

The script should run on boot now :slight_smile:

Optional Alternative) Script with manual time to set how often the connection will be checked

This script should: a) keeps the connection up (restarts it) and b) at no point allows non-VPN traffic through IF that’s how you’ve set things up. Also you can set the time by yourself how often there will be a connnection check

  1. Login in Luci and than go to: System->Software and search for nano and install it (if not working write “opkg install nano” before the third point in ssh)

  2. Go into Terminal (Linux) and write:

ssh root@192.168.1.1

->hit enter and use your forris/luci passwort

  1. Write this and hit enter:
nano /usr/bin/vpn_restart

Copy/Paste this script and edit this lines:
“PublicVPN_Fr_Paris” in the script is the Name of my created VPN
(in Luci->Services->OpenVPN and the name of your created VPN you sould change in the script below)

#!/bin/sh

# Should openvpn already be in operation? If not, nothing to do, exit.
enabled=$(uci get glconfig.openvpn.enable)
vpn_client=$(uci get network.ovpn)    # removed when startvpn stopped explicitly

if [ "$enabled" != "1" ] || [ "$vpn_client" != "interface" ]; then
exit 0
fi

# First hop should be to the internal VPN gateway (10.8.8.1) if VPN up.
# If we're going through VPN then all is well, do nothing.
first_hop=$(traceroute 8.8.8.8 2>&1 | head -2 | tail -1 | awk '{print $2}')

if [ "$first_hop" == "10.8.8.1" ]; then
logger -t VPN_restart VPN is fine.
exit 0
fi

killall openvpn 2>/dev/null
ovpn=$(uci get glconfig.openvpn.ovpn)
/usr/sbin/openvpn "$ovpn" &
(sleep 1; /etc/init.d/network reload) &

logger -t VPN_restart VPN was down and had to be restarted.

-> Hit “enter” and write ":wq

  1. To set up a cronjob, write:
crontab -e

and entered:

*/5 * * * * /usr/bin/vpn_restart

which is the name and location of my script.

  1. A few other commands, which may or may not be necessary, to ensure that cron was running:
/etc/init.d/cron start

/etc/init.d/cron enable

/etc/init.d/cron restart

PS:
You can actually interact with cron through the web panel as well: Advanced settings > System > Scheduled tasks.

As for the “-t” option, it just adds a “tag” to the log so that logs reference the tag as opposed to user.root or whatever the default is. (There is a main page out there but I can’t find it right now!)

Links:





https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1010529
How to run reboot command in openwrt only once at a particular time using crontab?
https://oldwiki.archive.openwrt.org/doc/howto/cron

You can use this settings i think for all OpenWRT-Router :slight_smile: Only change few settings!