How to Setup ExtremeVPN on the OpenWRT 21.02/18.06 Router

Before we can proceed with this guide, you will need to know what your ExtremeVPN credentials are, as they are essential during manual configuration. If you don’t know it, you can follow these steps to access them;

• Visit the ExtremeVPN member area. You can click here to visit our member area.
• Enter your ExtremeVPN registered email address and password in the space provided and click on Login.
• Once logged in, click on the Subscription tab, which you will see on the left panel.
  On the subscription page, scroll down to see your VPN credentials.
• You can see and copy your ExtremeVPN credentials, username, and password. Click on the Eye icon beside your password to make it visible and easier to copy.

Here is an advanced guide on how you can connect your router using the OpenWRT firmware version 21.02 to ExtremeVPN;

• The first step is to get a router flashed with the OpenWRT firmware version 21.02 and an enabled ExtremeVPN client.
• You will need to enable an SSH connection on your router. You must download one from a third-party SSH client like PuTTY to enable SSH access.
• The ExtremeVPN package will not be included in the firmware image, so you must install it.
• Install Putty and access your router IP. You can type your router IP address in the space provided under Host Name (or IP address). In this case, we use 192.168.1.1, the default IP address for the Linksey e900 router. Click on Open after typing the IP address.
• On the next window, enter the Root and Password of your Router.
• You will need to run the following commands to install ExtremeVPN:

1. opkg update
2. opkg install luci-app-extremevpn
3. opkg install extremevpn-openssl opkg install ip-full

• Next, you must download the ExtremeVPN configuration files, which you can find here.
• After downloading the zip file, unzip the files to a known location and go to either the TCP or UDP folder containing the ExtremeVPN files. For example, we will use a Spanish server with the file es2-evpn.evpn.
• You also need to copy specific files from your computer to your router. You must activate SFTP (SSH File Transfer Protocol) on the router to do that. You can do that by running the following SSH commands;

1. opkg update
2. opkg install openssh-sftp-server
3. You can now copy the desired file ‘es2-evpn.evpn’ to the /etc/extremevpn/folder of the router using the WinSCP on Windows.

• Right-click on the router side and select a new file with the name secret (it does not have a file extension). Enter your ExtremeVPN credentials in the next window.
  Save and close the file.
• Edit the es2-evpn.evpn and save the path in the secret file that contains your VPN credentials.
• Save and close the file once you are done.
• To configure ExtremeVPN (while also using the SSH connection provided by PuTTY), identify the file name in /etc/config/extremevpn. Run the following commands:

1. uci set extremevpn.extremevpn=extremevpn
2. uci set extremevpn.extremevpn.enabed=’1’
3. uci set extremevpn.extremevpn.config=’/etc/extremevpn/es2-evpn.evpn’
4. uci commit extremevpn

Note that es2-evpn.evpn is the ExtremeVPN file used for this guide. When following this guide, you must enter your preferred file’s complete name in the place where es2-evpn.evpn is written.

• Create a new network interface by following these commands;
• uci set network.extremevpntun=interface
• uci set network.extremevpntun.proto=’none’
• uci set network.extremevpntun.ifname=’tun0’
• uci commit network
• You can now make a new firewall zone and configure a forwarding rule to allow traffic from the LAN to the VPN. Use the following commands;

1. uci add firewall zone
2. uci set firewall.@zone[-1].name=’vpnfirewall‘
3. uci set firewall.@zone[-1].input=’REJECT’
4. uci set firewall.@zone[-1].output=’ACCEPT‘
5. uci set firewall.@zone[-1].forward=’REJECT‘
6. uci set firewall.@zone[-1].masq=’1′
7. uci set firewall.@zone[-1].mtu_fix=’1′
8. uci add list firewall.@zone[-1].network=’extremevpntun‘
9. uci add firewall forwarding
10. uci set firewall.@forwarding[-1].src=’lan’
11. uci set firewall.@forwarding[-1].dest=’vpnfirewall‘
12. uci commit firewall

• Next, you will need to set up DNS on your router. You can use DNS from Google for the WAN interface of your router. Follow these commands to set up the router DNS;

1. uci set network.wan.peerdns=’0′
2. uci del network.wan.dns
3. uci add_list network.wan.dns=’8.8.8.8′
4. uci add_list network.wan.dns=’8.8.4.4′
5. uci commit
6. Reboot your router

• Ensure you wait 1-2 minutes after rebooting the router before logging in again. Once you re-login, go to the ExtremeVPN tab, which you will find under VPN, and check your connection status.
• You have successfully activated your ExtremeVPN profile and connected your router to the VPN.

Here are the steps to configure ExtremeVPN on the OpenWRT 18.06 router version;

• Using PuTTY or any SSH client of your choice, log in as Root to the router.
• Your default IP address is 192.168.1.1, but yours might be different. If you do not know your router’s IP address, check with your router’s customer support.
• Enter your username and password. The router’s default username and password are boot set as root, but this might be different if you have changed yours from the default.
• Ensure that your VPN package is updated to the latest on your device. Run the command below to do so;

1. opkg update

• Install the ExtremeVPN client package: opkg install extremevpn-opensslluci-app-extremevpn
• Next, go to /etc/extremevpn/ and create a file called vi tls-auth.key.
• From the ExtremeVPN package folder you just downloaded, open the Wdc.key file. Copy and paste the file’s contents to a text editor and save it there.
• The next step is to create a file called userpass.txt. Type it as vi userpass.txt.
• You can now enter your ExtremeVPN credentials.

You will need to create the ExtremeVPN configuration. To do this;

• Login to your router’s Luci web panel from your default browser.
• Once logged in, click on Services and select ExtremeVPN from the following drop-down window.
• Create a new instance and name it ExtremeVPN. Select Simple client configuration for a routed point-to-point VPN, the third option from the drop-down menu.
• Click on Add.
• Now you will need to configure the ExtremeVPN connection. Click on Switch to advanced configuration on the top right corner of the page.
• You will see four tabs on the advanced configuration page: Services, Networking, VPN, and Cryptography. Perform the following settings on each of the tabs:
• Click on the Service tab. You will see a setting called Verb. Ensure that the verb is set as 1.
• Click Save.
• Next, go to the Networking Tab.
• Set this page as follows while leaving the others as it is:

1. port: 53
2. nobind: check the box
3. persist_tun: check the box

• If you can’t find these fields on the networking tab, scroll down the page and access them from the additional field drop-down by clicking Add.
• Click Save.
• Next, go to the VPN tab.
• Set this page as follows while leaving the others as it is:

1. client: check the box
2. auth_user_pass: enter /etc/extremevpn/userpass.txt
3. remote: de2-evpn-udp.pointtoserver.com. Note that you will add the server name of the country you wish to connect to in this field. In this case, we connected to our German server, i.e., de2-evpn-udp.pointtoserver.com. You can access our complete list of server names here if you want to connect to another country.
4. proto: udp
5. resolv_retry:infinite

• If you can’t find these fields on the VPN tab, scroll down the page and access them from the additional field drop-down by clicking Add.
• Click Save.
• Finally, click on the Cryptography tab.
• Set this page as follows while leaving the others as it is:

1. auth: SHA1
2. cipher: AES-256-CBC
3. mute_replay_warnings: check the box
4. tls_client: check the box
5. ca: Upload the CA file that you downloaded earlier
6. tls_auth: /etc/extremevpn/tls-auth.key
7. auth_nocache: check the box
8. remote_cert_tls: server
9. key_direction: 1

• If you can’t find these fields on the Cryptography tab, scroll down the page and access them from the additional field drop-down by clicking Add.
• Click on Save & Apply.

Next, you need to create the VPN interface. To do this,

• Still logged in on the Luci web panel, click on Network.
• From the drop-down window that appears, select Interfaces.
• Click on Add New Interface.
• Fill the fields by entering the following as stated:

1. Name of the new interface: ExtremeVPN
2. Protocol of the new interface: select Unmanaged from the drop-down menu
3. Cover the following interface: Custom Interface – tun0

• Click Submit.

Finally, you must set the Firewall Rule for your VPN connection. To do this:

• Go to the Network tab and select Firewall from the drop-down menu.
• Click Add.
• Configure the firewall as stated below:

1. Name; Extreme_fw
2. Input: reject
3. Output: accept
4. Forward: reject
5. Masquerading: check the box
6. MSS clamping: check the box
7. Covered networks: select ExtremeVPN
8. Next, go to the Inter-Zone Forwarding section and select Allow forward from source zones.
9. Ian: check the box
10. wifi: check the box (do this if you have a wifi interface configured)
11. Click on Save & Apply.

Your VPN connection is now officially completed. ExtremeVPN is now configured on your OpenWRT 18.06 router. To initiate this connection;

1. Go to Services on the Luci web panel.
2. Click on ExtremeVPN.
3. Check the box under Enabled, which is beside ExtremeVPN.
4. Click on Start to initiate the connection.

In a few seconds, your connection will be activated. You can confirm your connection status by visiting this website www.ipaddress.com. Your address should show the server country that you connected to.

If the VPN connection does not start, you can visit /var/etc/client.conf directory, open the ExtremeVPN file, and remove the line secret shared-secret.key, save the file, and then recheck your connection setting.

You can also review your firewall settings and ensure everything is set correctly before reconnecting. If you are still unable to connect to ExtremeVPN after doing this,

1. Go to Status on the Luci web panel.
2. Click on System Log.
3. You can now share your problem with us on our 24/7 customer support.