PureVPN (OpenVPN) on an OpenWRT router

We would like to thank the original author of this review at www.punj.co.uk for granting us permission to publish this particular blog content. The original contents of the review can be found at http://www.punj.co.uk

We are providing the contents here for educational purposes and offer no guarantee that this process will work for you. On this note you should be aware that by carrying out the processes here you do so at your risk 

In this tutorial we will help you setup PureVPN on your router with the OpenWRT firmware.

Head over here if you are looking at installing and setting up DDWRT firmware on your router

PureVPN offers a great VPN service, with some great apps to get you up and running on your devices. However we found using and setting up the service on our OpenWRT router quite problematic. The support files seem out dated and buggy, and there is little help available on the support pages and internet.

Please remember this tutorial is for creating a secondary VPN only router to your main primary internet router

You must ensure that you have the following for this setup to work

Cable router with OpenWRT firmware already setup with SSH access. Our test router had the OpenWRT firmware V18.06.4

Windows 10 OS computer for setting up our VPN router.

A PureVPN subscription. Head over here if you don’t have one. You will be provided with a great offer using our link here

You will require the following files. Download these and have them on your desktop.

PureVPN profile – Download from here - Extract using winzip or 7zip on to your windows 10 desktop

WinSCP – Download from here – Install program as this will be required later

Let’s now carry out the steps required

Access and login into the OpenWRT router from your browser so that we can update and install the necessary router software program files.

Within the OpenWRT browser Luci screen go to “System” > “Software”

Now click on the “Update” button and wait for the screen to update

Now within the “Download and install package” tab enter "luci-app-openvpn openvpn-openssl" and press the “OK” button. This will now install the VPN package software to the router. Be patient for the software to install.

We now need to configure the OpenVPN package and setup the firewall

Now go to "Network" > "Interfaces" and click the "Add new interface" button.

Now Enter "openvpn" in "Name of the new interface". 

Select "Unmanaged" in the "Protocol of the new interface" box.

Select "Custom interface" and enter "tun0". Note the zero and not the letter O.

Now click the "Submit" button.

Now click the "Advanced Settings" tab and select "Bring up on boot".

Now click the "Firewall Settings" tab and select "unspecified -or- create:". enter "vpn".
Click "Save and apply".

You should now have the "OpenVPN interface" like the picture below.

** Important Note: Please be careful here as you can lock yourself out of LuCI. **

Now go to "Network" -> "Firewall"
Change on "wan" "Input" and "Forward" to "drop"
Deselect "wan" "Masquerading" and "MSS clamping" checkbox.
Change on "vpn" "Input" and "Forward" to "drop"
Select "vpn" "Masquerading" and "MSS clamping" checkbox.
Click "Save and apply".   

 

Now click the "lan" "Edit" button.

Select "vpn" "Allow forward to destination zones:" checkbox.

Deselect the "wan" "Allow forward to destination zones" checkbox.
Click "Save and apply".
Click "Back to Overview" button.

Your Firewall Zones should look like the image below.
Note: Devices connected to the LAN will only get internet access when the VPN is enabled.

Lets now add the PureVPN profile.

Install WinSCP and run program.
Log in to your router.



On the left window, navigate to  your "Desktop".
On the right window, navigate to "/etc/openvpn".
Drag purevpn folder from left window to the right.

Double click purevpn folder in right window, then double click on "auth" file.
Enter your purevpn username on top line. eg purevpn0*****
Enter purevpn password on bottom line.
Save and close file.

Now navigate in right window to "/etc/config".
Rename the  "openvpn" file in right window to "openvpn.bak".
Now drag the new "openvpn" file from left window to the right.
Exit WinSCP.
Reboot OpenWRT/LEDE router.

Log back into OpenWRT/LEDE and go to "Services" -> "OpenVPN"
Click on the "enabled" checkbox next to purevpn.
Click "Save and apply".
Finally press the "Start" button to enable the VPN.
Note: Connection to PureVPN is a little slow. This is normal

To change VPN server, go to "Services" -> "OpenVPN"

Click the "Edit" button.
The Server list is available here. This is updated by PureVPN
Note: Select servers with UDP protocol.

You can now visit www.ipleak.net to check your VPN status.

As an option you may wish to add the Google DNS Servers.

Go to: "Network" -> "Interfaces" -> "LAN" -> "Edit" -> "DHCP Server" (below the “Common Configuration” section) -> "Advanced Settings". In the "DHCP-Options" enter: "6,8.8.8.8,8.8.4.4".
Click "Save and apply".

Hopefully you will now have a working OpenWRT PureVPN connection.

We would like to thank the original author of this review at www.punj.co.uk for granting us permission to publish this particular blog content. The original contents of the review can be found at http://www.punj.co.uk

We are providing the contents here for educational purposes and offer no guarantee that this process will work for you. On this note you should be aware that by carrying out the processes here you do so at your risk 

TP LINK router firmware recovery

 

TP LINK router firmware recovery

In this tutorial we will show you how we recovered our TP-Link WR1043nd V1.10 wireless router from a failed firmware update. Our method used is very simple and has worked for us on multiple times.

TP-Link manufactures computer networking products and are highly recommended on the internet. The design within the recent products includes for a recovery method should problems arise in carrying out the risky firmware update.

The example used here can be used to recover other models using the correct method for your device.

 

The basics of our recovery method is to connect up a PC or laptop as a TFTPD server to our faulty failed router and upload a good working copy of the firmware. If all goes well you will have recovered your TP-Link WR1043nd V1.10 wireless router.

Please do remember we offer no guarantee if this method will work for you. Also there is always a big risk in updating any software / firmware that can leave the device’s totally bricked.

So let’s begin and show you how to recover the TP-Link WR1043nd V1.10 wireless router from a failed firmware update.

You will require the following for the WR1043nd V1.10 recovery method. Our example is for the UK version of the router and firmware.

-          A computer or laptop with an Ethernet port – We used a laptop with Windows 10

-          A RJ45 Ethernet cable to use between your laptop and the WR1043nd router

-          Up to date firmware from the TP-Link website - https://www.tp-link.com/uk/support/download/tl-wr1043nd/v1/#Firmware

** Please do not download the wrong version firmware for your router otherwise there is a big risk you will brick your device**

-          A TFTP server for communicating with the faulty router. In our example we used TFTPD32/TFTPD64. You can down this from  https://tftpd32.jounin.net

 

Let us now get our PC / Laptop and TFTPD32/TFTPD64 server ready for the recovery

1.  On your PC / Laptop create a directory called “temp”. In our example the location of our directory was c:\temp\ . Within this directory place the files downloaded which will be the firmware from the TP-Link website and TFTPD32/TFTPD64 server. If the files were downloaded in a compressed zip format then decompress them using WinZip or 7zip.

In our example within the directory c:\temp\ we had the following files decompressed.

 a.       The TP-Link firmware  – wr1043nv1_en_3_15_up_boot(140319).bin

b.       The TFTPD32/TFTPD64 server files. Tftpd64.exe, tftpd32.ini and tftpd32.chm

 

 

2. 2.  We now need to set the IPv4 address of the wired Ethernet interface on our PC / Laptop to 192.168.0.66, and subnet mask to 255.255.255.0.

 

 

3.     3. We now need to rename the firmware file. This is very important as this will be the file that the router will be looking for in recovery mode. So rename the file “wr1043nv1_en_3_15_up_boot(140319).bin” 

To

“wr1043nv1_tp_recovery.bin

 

4.   4.    Start the TFTP server – Run the tftpd64.exe file

5.  5.     Point the TFTP server’s directory to the folder that you previously unzipped the router firmware to eg “C:\temp\”

Also point the server interface to the PC / Laptop NIC within the drop bar to the NIC as shown below 192.168.0.66

 

 

6.   6.    With the router powered off plug in your Ethernet cabling between the LAN port of the router and the PC / Laptop Ethernet port.

7.  7.     Ensure the TP-Link router stays powered off. Now hold down the reset button on the router and keep it depressed. Power the router on, wait until you see the firmware being uploaded and then release the reset button. If the firmware upload is successful this will be shown in the log view bar tab – ** VERY IMPORTANT** DO NOT SWITCH THE ROUTER OF FOR 5 MINUTES

 IF THE RECOVERY WAS SUCCESSFUL see below – If not carry out the above steps again

 

8.  8.     Power down the router and reconfigure your PC / Laptop NIC back to its original settings as before

 

 

9.  9.     Power your router on and log on to the router configuration page

— IP address: 192.168.0.1
— Username: admin
— Password: admin

 

 

 This method always works for us. If you run in to problems it will be for the following reasons

-          Wrong firmware and filename not renamed as shown in the tutorial

-          NIC IP address and settings not configured correctly as shown above

-          During the firmware upload you will see the progress bar. The router may seem un-responsive. Wait a minimum of 5 minutes – Possibly 10 before powering down

-          Finally you may have defective hardware preventing the recovery.

 

Hopefully our tutorial has been helpful in repairing your router 

We are providing the contents here for educational purposes and offer no guarantee that this process will work for you. On this note you should be aware that by carrying out the processes here you do so at your risk.