Use OpenVPN on a Secondary OpenWRT router

This article aims to route the traffic on your secondary router with OpenWRT installed to an OpenVPN server.

In this article, I used a TP-Link Archer C20 V5 router with OpenWrt 22.03.4. You can use your own version of OpenWRT, and router and the instructions should more or less be the same.

Please make sure to back up your current configuration in-case something goes wrong and you have to reset the router. This article is provided to you as-is and we will not be liable for any actions you perform on your router.

If things go south, please make sure you know how to recover from such a situation.

Additionally, please make sure you have connected your ethernet cable to the WAN/Internet port and NOT the Ethernet port.


  • Router with OpenWRT installed
  • Remote Server with OpenVPN Server installed. ?

If you have already installed OpenVPN on your router, you may skip to Configuring OpenVPN Client.

Updating package lists

To get the latest packages, you will have to update the package list on your router. To do this, go to your Router IP and go to System > Software.

Then, click on the Update Lists button.

Then, the software lists should be updated. In any case, if the software is not updated, it means that the router cannot connect to the internet. In that case, you will have to ask around with the folks in OpenWRT forums who will help you fix it, Make sure to include your configuration, and debug logs so that it is quicker to help you. (Don’t ask to ask)

Installing the required packages

Now, you will have to install openvpn-openssl and luci-app-openvpn.
The first package is the actual OpenVPN app, which you can activate by SSH’ing into the router and the latter adds an interface to manage your OpenVPN connections in the router page. It is optional if you want to do everything from SSH.

Configuring OpenVPN Client

After both packages are installed, refresh the page. And you should see a new dropdown on the navigation bar called VPN, hover over it, and click on OpenVPN.

Now, download your .ovpn file, name it anything you like, and upload it.
If you want an easy way to install OpenVPN Server onto your VPS, I suggest using angristan/openvpn-install.

After it has been uploaded, click on the Enabled checkbox and click on Save and Apply the button beside the file you just uploaded.

Start the OpenVPN instance, if it hasn’t started already.

Setting up interface

At this point, you should have lost the internet connection on your devices. To route the connections through the VPN, hover over the Network dropdown on the navbar and click on Interfaces.

If you get prompted to update the interfaces like in the screenshot below, click on the continue button.

Click on the Add new interface button.

Inside the popup, You may give it any name, in my case, I named it OpenVPN. On protocol, select the Unmanaged option in the dropdown.
and on device, select tun0.

Then, click on Create Interface button.

The interface properties should pop up. Ensure the Bring up on boot option is checked and click on the Save button.

Then, finally, click on the Save & Apply button at the bottom of the screen.

Configuring firewall

To set up the firewall, hover the Network dropdown and click on the firewall option.

Under the Zones heading, click on the Add Button.

A creation popup should appear. In there fill in the following values as in the table below.

Option NameValue
NameAny Name
Input Reject
MSS ClampingChecked
Covered NetworksPreviously created interface name, i.e OpenVPN
Allow forward to destination zonesunspecified
Allow forward from source zoneslan

It should look similar to the configuration below.

Then, click on Save and click on Save and Apply.

Finally, reboot the device. The option to reboot is under System dropdown.

After reboot, the device should forward connections over VPN. To confirm this you may visit Status > Routing. Your table should look somewhat like this, where I have marked over with red should have the public IP address of your server.

You can also check it by visiting websites like to verify your device is being routed correctly over the VPN.