Setting this up was an exercise in patience. The main reason being that I upgraded this router from OpenWRT 14 to 18 over the years, while keeping the config files. The best thing is to start from a scratch fresh install of OpenWRT.
Another issue is the limited amount of space on this router. To solve this, I inserted an old 512MB usb stick and extended the fileystem using the extroot feature of OpenWRT.
Original howto at https://openwrt.org/docs/guide-user/additional-software/extroot_configuration
Remove all non-essential packages from the base system. In my case, this is ddns scripts, bind-host, wget and openvpn. Now there is enough free space to add the necessary modules for the external filesystem.
Note: Format and partition the USB storage before trying to do that with fdisk on openwrt. It does not seem to have all the functionality.
Note: For a USB stick, use F2FS instead of Ext4.
opkg update && opkg install block-mount kmod-fs-f2fs kmod-usb-storage kmod-usb-ohci kmod-usb-uhci mkf2fs fdiskNow connect the prepared USB stick. In my case, there was no proper partition table, so I did not have /dev/sda1 but just /dev/sda. The scripts need to be adapted to that.
mkfs.f2fs /dev/sdaThen we transfer the content of the current overlay inside the external drive:
mount /dev/sda /mnt ; tar -C /overlay -cvf - . | tar -C /mnt -xf - ; umount /mntGenerate the fstab automatically using
block detect > /etc/config/fstab; \sed -i s/option$'\t'enabled$'\t'\'0\'/option$'\t'enabled$'\t'\'1\'/ /etc/config/fstab;sed -i s#/mnt/sda1#/overlay# /etc/config/fstab; \cat /etc/config/fstab;Test the filesystem with
mount /dev/sda /overlaydf -hReboot the router and verify that the available space is still as expected.
Then add and configure ddns to get a hostname again…
Follow the original howto: https://openwrt.org/docs/guide-user/services/vpn/openvpn/basic
Generating the keys took more than an hour.
Distribute the /etc/openvpn/vpnclient.ovpn file to the clients.
After the create-configs.sh has finished, it probably failed to restart the necessary services. Do this manually with uci commit openvpn
service network restartservice firewall restartservice openvpn restartCheck if it is running with ps.
When connecting, check the logs with: logread -e openvpn
Note: It is not possible to connect to the VPN from inside the local lan.