Skip to main content
Home Network

How to setup an Edgerouter as VPN Client

By January 23, 2023June 27th, 2023No Comments

VPN clients are getting really popular in the last couple of years and for a good reason. They protect your privacy and allow you to use the internet without any restrictions (Think of watching Netflix series that are not available in your county yet).

Now the downside of VPN is that you will need a client on your device to connect to the VPN server, something that isn’t possible with your smart tv for example. With an Edgerouter though, you can setup the VPN for your whole network.

In this article, I will explain how you can set up the EdgeRouter as a VPN Client for the three largest VPN providers, NordVPN, Surfshark, and ExpressVPN.

To connect to the EdgeRouter over SSH we will use Putty and upload the configuration files to the router we are going to use WinSCP. But any other SSH and FTP client will also do fine for this article

NordVPN and Edgerouter

So lets first start with setting up NordVPN on the EdgeRouter. You will need your login credentials from NordVPN, Putty to connect to your EdgeRouter over SSH and WinSCP to upload a file to the router.

  1. Create a file on your computer and name it vpnauth.txt. Open the file and type in your NordVPN username and password. Each on their own line:

    username
    password
  2. Next, we need to download the NordVPN server configuration. NordVPN has a great tool to find the best server near your location, which you can find here: https://nordvpn.com/servers/tools/.
    In the recommended server block (left side) click on Show all protocols and download the OpenVPN UDP config.

3. Open the configuration file (right-click it, open with notepad), we need to make two changes in the file:

– Change auth-user-pass to auth-user-pass /config/auth/vpnauth.txt
– Add below the auth-user-pass line the following: route-nopull

save the file

4. Now we need to upload the file to our router. Open WinSCP and connect to your router: enter the IP address of the router (If you don’t know the Ip Address of your router you can check this article), and your username and password:

Click on Login, you will get a security warning and a warning from the EdgeRouter itself. Click ok for both warnings.

5. On the right side in WinSCP, you will see the file on your EdgeRouter. By default, you will be in the folder /home/ubnt. Click on the root folder icon to navigate to the root of the EdgeRouter. You will now see a lot more folder, including config.

Open the config folder – and create a new folder with the name auth. Set the permissions to 0777

6. Upload the username password file that we created in step 1 and the configuration file from step 4 to the new folder.

7. Open Putty and connect to your EdgeRouter.

Log in with the username ubnt and the password of your EdgeRouter.

8. Enter the command below:

1.  configure #enters configuration mode on your EdgeRouter. You can close it with exit<font></font>
2.  <font></font>
3.  # We uploaded the files to /config/auth. <font></font>
4.  # REPLACE us4313.nordvpn.com.udp.ovpn with the filename that you download!<font></font>
5.  set interfaces openvpn vtun0 config-file /config/auth/us4313.nordvpn.com.udp.ovpn<font></font>
6.  set interfaces openvpn vtun0 description 'OpenVPN VPN tunnel'<font></font>
7.  commit<font></font>
8.  <font></font>
9.  set service nat rule 5000 description 'OpenVPN Clients'<font></font>
10. set service nat rule 5000 log disable<font></font>
11. set service nat rule 5000 outbound-interface vtun0<font></font>
12. set service nat rule 5000 source address 192.168.1.0/24<font></font>
13. set service nat rule 5000 type masquerade<font></font>
14. commit<font></font>
15. <font></font>
16. set protocols static table 1 interface-route 0.0.0.0/0 next-hop-interface vtun0<font></font>
17. set firewall modify SOURCE_ROUTE rule 10 description 'traffic from 192.168.1.0/24 to vtun0'<font></font>
18. set firewall modify SOURCE_ROUTE rule 10 source address 192.168.1.0/24<font></font>
19. set firewall modify SOURCE_ROUTE rule 10 modify table 1<font></font>
20. set interfaces switch switch0 firewall in modify SOURCE_ROUTE<font></font>
21. commit<font></font>
22. <font></font>
23. save

The configuration is applied after you pressed save. To check if the VPN Client is working on the EdgeRouter you can enter the following command:

1. run show log

At the end of the log file, you will see Initialization Sequence Completed. This means that your EdgeRouter is successfully connected to the servers from NordVPN.

ExpressVPN Configuration for the EdgeRouter

The configuration for ExpressVPN is pretty much the same, only a few steps are different. Just like with NordVPN, we need to get an authentication file and configuration file to get started.

  1. Create an account on ExpressVPN.com and go to My Account on the menu. Click on Setup ExpressVPN and then choose Manual Config. Download the configuration file (my_expressvpn_county_city_udp.ovpn)
  2. Open the configuration file with notepad. Change the following:

    – Change auth-user-pass to auth-user-pass /config/auth/vpnauth.txt
    – Add below the auth-user-pass line the following: route-nopull

    Save the file
  3. Next, create a new file on your computer and name it vpnauth.txt. Open the file and type in your ExpressVPN username and password, you will find these the My Account section where you also downloaded the configuration file.

    Make sure that the username and password are each on their own line.
  4. We need to upload the files to the EdgeRouter and connect to the router with SSH. Follow steps 4 to 7 from the NordVPN part above here.
  5. After you have uploaded both files to your router we can enter the configuration:
1.  configure #enters configuration mode on your EdgeRouter. You can close it with exit<font></font>
2.  <font></font>
3.  # We uploaded the files to /config/auth. <font></font>
4.  # REPLACE my_expressvpn_county_city_udp.ovpn with the filename that you download!<font></font>
5.  set interfaces openvpn vtun0 config-file /config/auth/my_expressvpn_county_city_udp.ovpn<font></font>
6.  set interfaces openvpn vtun0 description 'OpenVPN VPN tunnel'<font></font>
7.  commit<font></font>
8.  <font></font>
9.  set service nat rule 5001 description 'OpenVPN Clients'<font></font>
10. set service nat rule 5001 log disable<font></font>
11. set service nat rule 5001 outbound-interface vtun0<font></font>
12. set service nat rule 5001 source address 192.168.1.0/24<font></font>
13. set service nat rule 5001 type masquerade<font></font>
14. commit<font></font>
15. <font></font>
16. set protocols static table 1 interface-route 0.0.0.0/0 next-hop-interface vtun0<font></font>
17. set firewall modify SOURCE_ROUTE rule 10 description 'traffic from 192.168.1.0/24 to vtun0'<font></font>
18. set firewall modify SOURCE_ROUTE rule 10 source address 192.168.1.0/24<font></font>
19. set firewall modify SOURCE_ROUTE rule 10 modify table 1<font></font>
20. set interfaces switch switch0 firewall in modify SOURCE_ROUTE<font></font>
21. commit<font></font>
22. <font></font>
23. save

You should now have successfully connected your EdgeRouter to ExpressVPN, allowing every device in your network to use the services from ExpressVPN.

Surfshark OpenVPN configuration for EdgeRouter

Also with Surfshark, we can set up an OpenVPN connection from our EdgeRouter. Surfshark is one the cheapest VPN provider supporting unlimited devices, so if you haven’t picked a VPN yet, make sure you check this article!

Just like the other two, we need to get an authentication file and configuration file to get started.

  1. Create an account at Surfshark.com and click on Devices.
  2. Scroll down to Advanced and select Manual. At the bottom of the page, you will find your service credentials. We will need this later.
  3. Pick a location and download the UDP configuration file
  4. Open the configuration file with notepad. Change the following:
    – Change auth-user-pass to auth-user-pass /config/auth/vpnauth.txt
    – Add below the auth-user-pass line the following: route-nopull
    Save the file
  5. Next, create a new file on your computer and name it vpnauth.txt. Open the file and type in the username and password from the service credentials (see step 2).
  6. Make sure that the username and password are each on their own line.
  7. We need to upload the files to the EdgeRouter and connect to the router with SSH. Follow steps 4 to 7 from the NordVPN part above here.
  8. After you have uploaded both files to your router we can enter the configuration:
1.  configure #enters configuration mode on your EdgeRouter. You can close it with exit<font></font>
2.  <font></font>
3.  # We uploaded the files to /config/auth. <font></font>
4.  # REPLACE us-mia.prod.surfshark.comsurfshark_openvpn_udp.ovpn with the filename that you download!<font></font>
5.  <font></font>
6.  set interfaces openvpn vtun0 config-file /config/auth/us-mia.prod.surfshark.comsurfshark_openvpn_udp.ovpn<font></font>
7.  set interfaces openvpn vtun0 description 'OpenVPN VPN tunnel'<font></font>
8.  commit<font></font>
9.  <font></font>
10. set service nat rule 5001 description 'OpenVPN Clients'<font></font>
11. set service nat rule 5001 log disable<font></font>
12. set service nat rule 5001 outbound-interface vtun0<font></font>
13. set service nat rule 5001 source address 192.168.1.0/24<font></font>
14. set service nat rule 5001 type masquerade<font></font>
15. commit<font></font>
16. <font></font>
17. set protocols static table 1 interface-route 0.0.0.0/0 next-hop-interface vtun0<font></font>
18. set firewall modify SOURCE_ROUTE rule 10 description 'traffic from 192.168.1.0/24 to vtun0'<font></font>
19. set firewall modify SOURCE_ROUTE rule 10 source address 192.168.1.0/24<font></font>
20. set firewall modify SOURCE_ROUTE rule 10 modify table 1<font></font>
21. set interfaces switch switch0 firewall in modify SOURCE_ROUTE<font></font>
22. commit<font></font>
23. <font></font>
24. save

You should now have successfully connected your EdgeRouter to Surfshark, allowing every device in your network to use the services from Surfshark.

Conclusion

The configuration above should work in principle for every VPN provider, you only need an OpenVPN configuration file from your provider to get started. I hope this article helped you with setting up the EdgeRouter as a VPN client.

VPN’s are getting really more common these days, whats is your VPN and why did you start using it? Let me know in the comments below!

Close Menu