Virtualised VPN router setup using OpenWRT & NordVPN

Unlock seamless VPN connectivity for all your devices without breaking the bank. Learn how to create a virtual router using OpenWRT on a Proxmox virtual machine, bypassing NordVPN's 6-device limit and ensuring a secure, stable connection for your entire network.

XX
4 min read
OpenWRTTechnologyProxmoxVPNHomelabHacking

NordVPN is a top-notch VPN provider, offering an impressive server list and exceptional upload and download speeds. However, it has one significant limitation: it only allows up to 6 VPN clients to connect simultaneously. This can be a problem if you have multiple devices or want to connect all your devices at home to use the VPN. One solution is to use a VPN through your router, but VPN-capable routers can be expensive and often have subpar throughput.

In this article, we'll explore an alternative solution: using OpenWRT on a virtual machine with Proxmox. This approach allows you to create a virtual router that can connect to your VPN, providing a secure and stable connection for all your devices.

To get started, you'll need the following hardware:

  • A server or old PC with Proxmox installed
  • A decent WiFi Access Point
  • A USB 3 to Ethernet dongle (if your Proxmox server has only one NIC)

For this setup, we'll be using the following hardware:

  • Intel i7 8th Gen Based NUC with 16 GB RAM
  • TP-Link Archer AX3000 as the Access Point
  • TP-Link UE300 USB 3 to Gigabit adapter
  • The router provided by our internet service provider

Initial Setup

After installing Proxmox, connect to your ISP router using the available NIC on your server. Then, connect the Ethernet dongle to the Access Point's WAN port. If you're using a WiFi router as an Access Point, change the mode to AP mode.

Setting up the OpenWRT VM

  1. Download the latest x86-64 OpenWRT image from the official website (https://downloads.openwrt.org/releases/22.03.2/targets/x86/64/openwrt-22.03.2-x86-64-generic-ext4-combined.img.gz).
  2. Unzip the file to get the .img file.
  3. Upload the .img file to your Proxmox ISO storage.
  4. Create a new VM, and in the OS section, click "Do not use any media."
  5. In the CPU section, select 2 or 4 cores and set the "Type" to "host." Add "aes" in the "Extra CPU Flags" section.
  6. Select 512 MB RAM. In the network section, untick the Firewall.
  7. Finish the setup, but don't start the VM yet.
  8. Note the VM ID (in our case, 200).

From your Proxmox node shell, go to the ISO store (cd /var/lib/vz/template/iso) and:

  1. Change the name of the OpenWRT file (mv openwrt-22.03.2-x86-64-generic-ext4-combined.img owrt.raw).
  2. Expand the raw file to 2 GB (qemu-img resize -f raw ./owrt.raw 2048M).
  3. Mount the RAW image to your OpenWRT VM (qm importdisk 200 owrt.raw local-lvm).

Now, close the shell and:

  1. Click on the VM you created and go to the Hardware section.
  2. Double-click on the unused disk, change the type to SATA, and click Add.
  3. Add a USB device, select your Ethernet dongle, and click Add.
  4. Add a network device, uncheck the Firewall, and click Add.
  5. Go to the Options for this VM and enable SATA0 in the boot order section.
  6. Finally, start the VM.

Configuring OpenWRT

Once the VM is booted, create a new password for OpenWRT using the passwd command. To find the IP address for the dashboard, use an app like Fing (make sure your phone is connected to the ISP-provided router network WiFi).

Setting up OpenWRT

  1. Once you're in the OpenWRT dashboard, go to Network > Interfaces > Devices (you should see eth0, eth1, and eth2). If eth2 is missing, you'll need to install the driver for your USB dongle.
  2. Search for your dongle's chipset (e.g., RTL8153 for the UE300) and install the corresponding driver (e.g., KMOD-USB-NET-RTL8152).
  3. Create a new bridge device: click Add device configuration, select Bridge device, and add the existing device (eth2, Ethernet adapter).
  4. Create a new interface: click Add new interface, select Static Address, and use the bridge device (xdLAN).
  5. Edit the interface: set the IPv4 address to 10.0.0.1, netmask to 255.255.255.0, and gateway to the IP of the WAN interface. Enable the DHCP server.
  6. If you see a WAN6 interface, delete it.
  7. Connect to your VPN WiFi from a phone and check if you can access the internet. If yes, the initial setup is complete!

Automating the Process

To automate this process, you can run the following code on your Proxmox shell:

bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/vm/openwrt.sh)"

NordVPN OpenVPN Client Setup

  1. Go to the Software section, update the lists, and install openvpn-openssl, ip-full, and luci-app-openvpn.
  2. Refresh the page, and you should see VPN on your menu bar.
  3. Open OpenVPN, delete all example instances, and go to the NordVPN website to download the OpenVPN config file for your chosen server.
  4. Upload the config file to OpenWRT, edit it, and change the auth-user-pass line to point to your NordVPN credentials file (e.g., /etc/openvpn/NordVPN.auth).
  5. Add your NordVPN service credentials to the file in the format: USERNAME PASSWORD
  6. Click Save, go to the OpenVPN instances, enable and save, then start the service.
  7. Go to Network > Firewall, edit the LAN > WAN tab, and select only the VPNLAN interface.
  8. Edit the WAN tab, Advanced Settings, and select the tun0 interface.
  9. Save and apply the changes. Your VPN should now be working! Congratulations!
← Back to home