OpenWRT (LEDE) OpenVPN Setup

Share This!

The LEDE Project (“Linux Embedded Development Environment”) is a Linux operating system specifically for routers, founded as a spin-off of the OpenWRT project and share many of the same goals.


While most of the functions and steps are very similar to the standard OpenWRT, there are few differences, mainly on fixing the shortcomings of the OpenWRT development. For more details on the LEDE Project, you can refer to their About Page here


The steps below were tested on LEDE (Chaos Calmer) running set on a Linksys E1200 router that has the luci app openvpn plugin on site, so it might not be same on your firmware.


Ensure the router is able to get Internet connection and working fine before attempting to set up the VPN.


Step 1 – Update and install OpenVPN client package


Login as root to the router via SSH using Terminal, or a client of your choice i.e PuTTY 


By default, the address is but it might differ to yours. If you do not know the address of your router refer to the instructions lined below:

How To Find Your Default Network Gateway


The default username and password are both set as root


Ensure your package is up to date on your system. Run the command below:


opkg update



 Install the OpenVPN client package:


opkg install openvpn-openssl luci-app-openvpn



Confirm OpenVPN package is installed on the system and check the version using a single command:


openvpn –version


Note: To use our connection, you will need to ensure that the OpenVPN version is from 2.3.4 onwards


Head to /etc/openvpn/ 

Create a file called tls-auth.key

vi tls-auth.key


enter the lines below and save it.

-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----


Next, create a file called user.txt

vi user.txt

Enter your MPN Username and Password on the first line and the second line respectively and save it.

MPN Username
MPN Password

Take note of the full location of the files as you will need to input them later. 





Next, download the ca file into your computer to be used later.

Download CA File

Step 2 – Create OpenVPN configuration

Login to the router’s Luci Web panel from your browser. 

Navigate to  Services > OpenVPN

Create a new instance named MPNVPN and select the 3rd option from the drop-down: Simple client configuration for a routed point-to-point VPN. 

Click Add.  

Click on Switch to advanced configuration at the top right corner of the page to start configuring the OpenVPN connection.

Under the Services tab, just ensure verb is set to 1

Click Save.

Next, click on the Networking tab

Ensure these details are as below, leave others as it is.

port : 1194

nobind : Checked

persist_tun : Checked

Note: If the stated field is not there, scroll down and select it from the Additional Field drop down and click Add

Click Save.

Once that is done, click on the VPN tab.

Ensure these details are as below, leave others as it is.

client : Checked

auth_user_pass :  /etc/openvpn/user.txt


proto: udp

resolv_retry: infinite

The example above is set to connect to our GBR servers i.e. . If you are subcribed to a different plan or wish to connect to another country, please refer to the full list of server names that you can connect to from our Knowledge Base Article.

Note: If the stated field is not there, scroll down and select it from the Additional Field drop down and click Add

Click Save.

Select the Cryptography tab

Ensure these details are as below, leave others as it is.

auth: SHA256

cipher: AES-256-CBC

mute_replay_warnings: Checked

tls_client: Checked

ca: Upload the CA file that you downloaded earlier

tls_auth: /etc/openvpn/tls-auth.key

auth_nocache: Checked

remote_cert_tls: server

key_direction: 1 

Note: If the stated field is not there, scroll down and select it from the Additional Field drop down and click Add

click on Save & Apply.

Step 4 – Create the VPN Interface 

Navigate to Network > Interfaces


Click on Add New Interface

Enter the details as below:

Name of the new interface: MPNVPN
Protocol of the new interface: select Unmanaged from the drop down menu

Cover the following interface: Custom Interface – tun0

Click Submit.

Step 5 – Set the Firewall rule for the VPN connection

Navigate to Network > Firewall


Click Add.


Configure the firewall as below.





Input: reject
Output: accept
Forward: reject
Masquerading: Checked
MSS clamping: Checked
Covered networks: Select MPNVPN


For Inter-Zone Forwarding; 




Select Allow forward from source zones

 lan : Checked

 wifi : Checked (if you have wifi interface configured)


Once that is done, click on Save & Apply.


Head back to Network > Interfaces to assign the new firewall rule to the VPN Interface.



Click on Edit for MPNVPN and head to the Firewall Settings tab.



Select MPNVPN for the assigned firewall zone and click on Save & Apply.


Step 6 – Connection complete

MPN VPN is now configured in your OpenWRT router! 

Go to Services > OpenVPN, check the box for Enabled next to MPNVPN, then click the Start button to initiate the connection.

The connection should be completed within seconds, once connected you can confirm this by heading to our IP Info page to check on your location.

Alternatively, you can head to Network > Interface and the VPN Interface that you created earlier should already have a VPN IP assigned.

Any Problems?

If you are unable to access the Internet when the VPN is connected, look through the Firewall settings again and ensure it’s set correctly before trying again.

If you are unable to connect to the VPN, navigate to Status > System Log and contact us ([email protected]) with the latest connection log so we can get an idea where this is failing.