Projects & Stories

OpenWRT + TP Link WR841N(D) + OpenVPN

A friend of mine asked me the other day whether it is possible to get VPN running on the TP-LINK-WR841N(D). Quickly it was clear that the stock firmware is not capable of doing VPN but it is supported by OpenWRT.

Honestly I never had the pleasure with the so called "Wireless Freedom"!

It was surprisingly easy to flash the router and getting OpenWRT running <3 After getting familiar with the package-manager and searching in the Wiki for some VPN tut, I quickly ran into a huge problem.

There is not enough space for all the dependencies (libopenssl, openvpn) and since the WR841N(D) has no USB ports we have a serious problem.

Plus I don't want a NFS (which has also space issues)!

So what's left? We sure have a working Internet connection and a "huge" tmpfs. On the other side the tmpfs will not survive a reboot (Now it becomes messy. Anyone with weak nerves stop reading!).

What about writing a script which download and install the whole VPN stuff on every startup into tmpfs?!

#!/bin/sh /etc/rc.common


. /etc/profile

install() {  
  local OVPNPATH=/tmp/openvpn
  local OSSLPATH=/tmp/libopenssl
  [ ! -d ${OVPNPATH} ] && mkdir ${OVPNPATH}
  [ ! -d ${OSSLPATH} ] && mkdir ${OSSLPATH}
  command opkg update || exit 1
  # install openvpn
  cd ${OVPNPATH}
  tar xzf $(opkg download openvpn-openssl |grep Downloaded |cut -d\  -f4 |sed '$s/.$//')
  tar xzf data.tar.gz
  # delete unnecessary things (save space)
  rm -f pkg.tar.gz data.tar.gz control.tar.gz debian-binary
  # install libopenssl
  cd ${OSSLPATH}
  tar xzf $(opkg download libopenssl |grep Downloaded |cut -d\  -f4 |sed '$s/.$//')
  tar xzf data.tar.gz
  # delete unnecessary things (save space)
  rm -f control.tar.gz debian-binary data.tar.gz

start () {  
  # lvl 99 is not enough the script is too
  sleep 10 # fast for the install step
  install # setup openvpn and libssl
  command openvpn --writepid /tmp/openvpn/ --daemon --config /etc/openvpn/client.conf

stop() {  
  PIDOF=$(ps |egrep openvpn |egrep  -v grep |awk '{print $1}')
  kill ${PIDOF}

Do not forget setting the right environment variables and we are good to go (/etc/profile):

export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/tmp/libopenssl/lib  
export PATH=$PATH:/tmp/openvpn/bin  

In my opinion a router shouldn't boot that often.. well it is still dirty but show me another way, except for buying a new router ;) and I am all yours!

Thanks for the idea ciberterminal and this version of the script works for 700kbs ROM as well!