Subscribe to The infinite monkey theorem

Stay up to date! Get all the latest & greatest posts delivered straight to your inbox

OpenWRT,  OpenVPN,  Windscribe,  MR8300

Windscribe VPN on OpenWRT Linksys MR8300

In this article we will be setting up an OpenVPN client on OpenWrt.

  • at

    at

    Just another code monkey

    More posts by at.

    at

at

4 min read
Windscribe VPN on OpenWRT Linksys MR8300

In this article we will be setting up an OpenVPN client on OpenWrt.

OpenWrt is an open-source project for embedded operating systems based on Linux, primarily used on embedded devices to route network traffic.

It is fairly easy to install OpenWRT on MR8300 router. All we need to do is to follow the official guide.

Installing Windscribe on OpenWRT is not a simple task though. The only (mostly) working guide has been removed from the net but can still be found in the archives.

Requirements

  1. A router running OpenWrt (22.03 or 23.05 for MR8300 box)
  2. Windscribe Pro account
  3. ssh access to the router

OpenVPN Installation

  1. Login / ssh to the router. ssh root@192.168.1.1 or ssh root@openwrt.lan
  2. Update package lists opkg update Install luci, if needed opkg install luci
  3. Install required OpenVPN packages opkg install luci-app-openvpn opkg install openvpn-openssl
  • If luci is already installed, the same steps can be performed via the UI.
  • System -> Software

Firewall Configuration

We will do it by adding the TUN device to an existing WAN zone.

uci set firewall.@zone[1].device="tun0"
uci commit firewall
service firewall restart

@zone[0] is lan and @zone[1] is wan A cooler way of doing the same thing would be:

uci rename firewall.@zone[1]="wan"
uci del_list firewall.wan.device="tun0"
uci add_list firewall.wan.device="tun0"
uci commit firewall
service firewall restart

Download OpenVPN profile

  1. Go to https://windscribe.com/getconfig/openvpn (must be a pro user)
  2. Choose a location in the dropdown
  3. Select UDP for the protocol
  4. Select 443 for the port
  5. Select 2.4.6 or newer for OpenVPN
  6. Download the config and save under some name For exmaple Windscribe-Ashdod-YamPark.ovpn
  7. Get the credentials
username: qsano128-yoluknz
password: 4zrfc6e2ua

Install the profile

  1. From router’s luci UI go to Services > OpenVPN http://192.168.1.1/cgi-bin/luci/admin/vpn/openvpn

  2. In the OVPN configuration file upload section choose the profile downloaded in the previous step. For example: Windscribe-Ashdod-YamPark.ovpn

  3. Enter a name (windscribe-ashdod in our case) into the Instance name text field.

  4. Click Upload

  5. Under OpenVPN instances, it will now show an entry for windscribe-ashdod. Put a checkmark on Enabled. This will enable and start the connection later when we click on Save & Apply button.

  6. Now we need to update the profile. Select Edit and windscribe-ashdod configuration will appear.

  7. Find the line that reads auth-user-pass and change to auth-user-pass /etc/openvpn/windscribe_ashdod.auth

  8. Also add following configuration:

     script-security 2
 up "/etc/openvpn/updns"
 down "/etc/openvpn/downdns"

  9. Add username & password to the second session. For example:

     qsano128-yoluknz
 4zrfc6e2ua
    • please note that the first line is the username and the second line is the password.

  10. Click the Save button

Add Start-up Scripts

Login / ssh to the router and enter the following commands:

  1. Create the first script

    
cat<<'EOF' > /etc/openvpn/updns
#!/bin/sh
mv /tmp/resolv.conf.auto /tmp/resolv.conf.auto.hold
echo $foreign_option_1 | sed -e 's/dhcp-option DOMAIN/domain/g' -e 's/dhcp-option DNS/nameserver/g' >/tmp/resolv.conf.auto
echo $foreign_option_2 | sed -e 's/dhcp-option DOMAIN/domain/g' -e 's/dhcp-option DNS/nameserver/g' >> /tmp/resolv.conf.auto
echo $foreign_option_3 | sed -e 's/dhcp-option DOMAIN/domain/g' -e 's/dhcp-option DNS/nameserver/g' >> /tmp/resolv.conf.auto
EOF

  2. Create the second script

    
cat<<'EOF' > /etc/openvpn/downdns
#!/bin/sh
mv /tmp/resolv.conf.auto.hold /tmp/resolv.conf.auto
EOF

  3. chmod 755 /etc/openvpn/updns

  4. chmod 755 /etc/openvpn/downdns

  5. This part is a bit tricky as you need to know how to use a command line editor:

    • vi /etc/config/dhcp
    • add this line (properly aligned) at the end of the config dhcp 'lan' section:

    list dhcp_option '6,10.255.255.1,208.67.222.222,208.67.220.220'

Apply OpenVPN settings

This is a short but an absolutely critical step. Click on Save Apply button on OpenVPN UI page.

  • note: hopefully you did not forget to Put a checkmark on Enabled field in the Install the profile step.

We are done, almost!

Test It

We need to deploy our QA skills now.

  1. Go to ipleak.net
  2. Please make sure that you are not seeing your ISPs IP address there.

Now we are done. Have questions - please shoot me an email (qas @ blog domain).

You are still here? Why?

OVPN config file (/etc/openvpn/windscribe_ashdod.ovpn) file (excluding the certificate):

client
dev tun
proto udp
remote tlv-218.whiskergalaxy.com 443
verify-x509-name tlv-218.windscribe.com name

nobind
auth-user-pass /etc/openvpn/windscribe_ashdod.auth

resolv-retry infinite

script-security 2
up "/etc/openvpn/updns"
down "/etc/openvpn/downdns"

cipher AES-256-GCM
ncp-ciphers AES-256-GCM:AES-256-CBC:AES-128-GCM
auth SHA512

verb 2
mute-replay-warnings
remote-cert-tls server
persist-key
persist-tun

key-direction 1
<ca>

Nothing is easy, but who wants nothing?

Subscribe to The infinite monkey theorem

Get the latest posts delivered right to your inbox

The infinite monkey theorem © 2024 | The infinite monkey theorem - monkeys do not lie