Configuring your OpenWRT router to use ExpressVPN to provide unrestricted internet access to all your devices
I am in China. I have subscribed to ExpressVPN access to check my gmail and facebook. I have a pocket router (TL-MR3020). How can I use that VPN for all my devices (laptop, mobile, tab, Android TV box). TL-MR3020 can run OpenWrt. It has a USB port, an Ethernet port and 802.11bg WiFi
Here are the steps. They involve downloading packages to your OpenWrt router. OpenWrt repositories are blocked in China as well. So complete these steps in your home country before you fly to China. (If you are already in China, you can install the ExpressVPN client on your laptop, and share that VPN Connection with your OpenWrt Router. Refer to this blog post on steps on how to do that)
- Install OpenWrt on your TL-MR3020 router. (Refer to this blog post on how to do that - the latest version is a bit big and requires an external flash drive for extra memory size)
- Connect your OpenWrt router to unrestricted internet. Make sure you can access the router's console over SSH or serial (using PuTTY)
- Install OpenVPN packages on your TL-MR3020, issue the following commands using the console:
# opkg update
# opkg install openvpn-openssl luci-app-openvp ca-certificates
- Reboot the router.
- After this point, your router does not neet unrestricted internet access, you can now connect the TL-MR3020 router to the restricted network - just make sure your laptop and your router are on the same network. In my case I connected my TL-MR3020 to my set-top box which has a builtin WiFi router. The set top box has been provided by my Chinese ISP.
My TL-MR3020 connected to my Chinese ISP's set top box
- Using a web browser, login to your ExpressVPN account and download the OpenVPN configuration file corresponding to the VPN server that you want to connect to. These .ovpn files are specific to your account and do not require modifications (like editing password or login). They will work as long as you keep renewing your subscription.
I downloaded "my_expressvpn_uk_-_berkshire_-_2_udp.ovpn" for my use
Downloading the .ovpn files
- Use WinSCP to connect to your router and upload this .ovpn file to /etc/openvpn folder. You can upload more .ovpn files in case you think that you will need to switch servers in the future.
uploading the .ovpn files to TL-MR3020 using WinSCP
- Configure the various files using nano editor over PuTTY SSH:
- Issue the following commands to set Google DNS
# uci add_list dhcp.lan.dhcp_option="6,184.108.40.206,220.127.116.11"
# uci commit dhcp
- Using web login to LuCI on your OpenWrt router, configure a startup task instructing OpenVPN to initiate a VPN connection at bootup using the following lines:
openvpn --cd /etc/openvpn --config /etc/openvpn/my_expressvpn_south_korea_udp.ovpn
Configuring a startup task
Please note that OpenVPN will try to connect to VPN server only once failing which it will
stop trying. So you may need to reboot your router manually by power cycling if you arent able to access the internet.
- Now connect your devices to TL-MR3020's wifi signal and try accessing the internet.
Some more screenshots of LuCI's configuration pages - these correspond to the settings in the configuration files present in /etc/config