Gargoyle Router and PIA OpenVPN config

OK, its been quite sometime since by last post, lots has happened in the world , stupid is on the rise , evil continues to try to get in the way of our day today,and everyone seems to want to know what YOU are doing (google, crackers , governments, and others)

One way to mitigate this is to use a VPN service , like PIA (Private Internet Access) and the most useful way to do this is by using a router configured to use the service exclusively.

There are many 3rd party router firmwares , however not all routers are compatible, so do check compatibility if you choose to use DD-Wrt , Advanced Tomato, Tomato – by Shibby, OpenWrt, LEDE or as I have for my TP-Link router Gargoyle.

OK for the most part it is REAL easy to set up Gargoyle-Router as a VPN client. the following assume you have Gargoyle-Router  set up and in use ( my network uses the Gargole-Router as a Subnet to another router that handles the ISP connection) . It also assumes that you have ssh access to the router.

before doing anything with the GUI , first ssh into the router and get to the OpenVPN folder

ssh root@192.168.x.x

root@Gargoyle:~# cd /etc/openvpn

root@Gargoyle:/etc/openvpn#

then use the echo command to create the auth.txt file ( contains username and password) and confirm it using the cat command.

root@Gargoyle:/etc/openvpn#echo “<username>” >> auth.txt

root@Gargoyle:/etc/openvpn#echo “<password>” >> auth.txt

root@Gargoyle:/etc/openvpn#cat auth.txt

<username>

<password>

It then get s little tedious as you also have to have a “cat crl.rsa.XXXX.pem” file, if you know how to use vim, good on you , cuz do not except how to delete lines and then save ( see later)

to set up the .pem file , I used the echo command with the >> switch to add each of the 15 lines individually like

root@Gargoyle:/etc/openvpn#echo “—–BEGIN X509 CRL—–” >> crl.rsa.2048.pem
root@Gargoyle:/etc/openvpn#echo “MIICWDCCAUAwDQYJKoZIhvcNAQENBQAwgegxCzAJBgNVBAYTAlVTMQswCQYDVQQI” >> crl.rsa.2048.pem
root@Gargoyle:/etc/openvpn#echo “HgYDVQQDExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UEKRMXUHJpdmF0” >> crl.rsa.2048.pem
root@Gargoyle:/etc/openvpn#echo “each line in turn” >> crl.rsa.2048.pem

ending with:
root@Gargoyle:/etc/openvpn#echo “—–END X509 CRL—–” >> crl.rsa.2048.pem

then confirming it with

root@Gargoyle:/etc/openvpn#cat crl.rsa.2048.pem

now you can ( for a while go to the GUI and log in.

Once logged in, go to Connections >OpenVPN  and select OpenVPN client. then complete all the required boxes.

vpnsetup2

One this is done Save changes, on doing so it will advise that the configuration has been saved but failed to connect (bummer) , at which point go back to your terminal that you ssh’d into the router with.

The reason why it fails is that Gargoyle writes its own OpenVPN configuration , that points to two files that PIA does not use , some will get round this by making phantom config files ( although as the files are keys, and certs) , this does not seem wise to me.

When back at the terminal you can check the gaining config directly by using

root@Gargoyle:/etc/openvpn# openvpn grouter_client_<randonstringybit>.conf

which will confirm the error, to fix it we need to remove two lines from the .conf file, and the only editor onboard is .. vi

The two lines you need to remove are

cert /etc/openvpn/grouter_client_<randonstringybit>.crt
key /etc/openvpn/grouter_client_<randonstringybit>.keyroot

to do this use vi on the config file

root@Gargoyle:/etc/openvpn# vi grouter_client_<randonstringybit>.conf

then move the cursor to the fist line and tap d twice , it wil remove the line , and then repeat again for the second line, after removing both lines press <esc> :wq <enter>.

you can the retry the config manually again

root@Gargoyle:/etc/openvpn# openvpn grouter_client_<randonstringybit>.conf &

which should now get to the initialisation confirmation and start the VPN client.

when you  rebook you shoudl see a confirmation that the VPN is connceted on the login page , and on the Connections > OpenVPN page.

Mine has now been up for about 2 hours without issue, please post back if you have any success with this.

Jase

 

 

 

 

Advertisements
Gargoyle Router and PIA OpenVPN config

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s