Warning: These directions have not been updated to include how to protect yourself against the TunnelVision / DHCP option 121 attack like our instructions for our Penguin VPN 2.0 Wireguard instructions have. If you have any questions about it please contact support and if needed let us know that you'd like updated directions that include how to protect yourself from TunnelVision / DHCP Option 121 attacks for the Private Internet Access OpenVPN instructions for libreCMC.
* These direction are applicable to newer releases of libreCMC and should work on 1.5+ and have been confirmed to work on libreCMC 1.5.2
1. Download an OpenVPN TCP config files https://www.privateinternetaccess.com/openvpn/openvpn-strong-tcp.zip
2. Extract the ovpn config file you want to use and make note of its location
3. Open the ovpn config file that you downloaded in a text editor
4. Find and replace the "auth-user-pass" line with "auth-user-pass /etc/openvpn/key.txt", save the file, and exit
5. Download and extract our default OpenVPN configuration for Private Internet Access on libreCMC 1.5+ (it is the same as the one for nord-vpn)
https://www.thinkpenguin.com/files/default-openvpn-config-nord-vpn-1.5-o...
6. Copy the ovpn file you downloaded and edited for Private Internet Access into the previously extracted directory etc/openvpn
7. Rename the ovpn file to client.ovpn
8. Open a text editor and enter your Private Internet Access login username on the first line and the password on the 2nd line
9. Save the file as key.txt in the previously extracted etc/openvpn directory
10. Open a file archiver utility such as the GNOME archive manager and create an archive named etc.tar.gz containing the etc folder previously extracted.
11. Connect the USB power cable to your mini wireless router
12. Connect an ethernet cable from the LAN port on the router to the LAN port on your computer
13. Give the router a minute to boot up and then open a web browser and login to the router at https://192.168.10.1 (no password set by default, just hit login)
If you see "Warning: Potential Security Risk Ahead" click the Advance button and then Accept the Risk and Continue
14. Click the Go to password configuration... button and set a password, and don't forget to hit the Save followed by dismiss buttons once the setting have been successfully saved
15. Go to Network > Interfaces and click the Edit button next to LAN
16. In the IPv4 address box replace 192.168.10.1 with 192.168.3.1
17. Click the Save & Apply Button at the bottom of the page
18. Give the router 30 seconds to apply the configuration, but expect it to fail, and give it another 30 seconds to "roll back"
You should get "Configuration has been rolled back!" hit Apply anyway button
You will probably see a a message that says "Device unreachable!" at this point. This is normal.
Now disconnect and re-connect your PC ethernet connection via your network applet.
19. Connect an ethernet cable from the mini wireless router's WAN port to a LAN port on a modem or upstream router
20. Open https://192.168.3.1 in your web browser and log back into your router with your new password
If you see "Warning: Potential Security Risk Ahead" click the Advanced... button and Accept the Risk and Continue
21. Go to System > Software and click Update lists... button and then Dismiss once completed
22. Enter openvpn-openssl in the filer box and click the Install button next to openvpn-openssl when it appears
* You can also just enter openvpn-openssl into the Download and install package box and click OK to do the same thing
* If it doesn't work you probably copy and pasted openvpn-openssl and have an extra space in the box alongside the name openvpn-openssl
23. Go to System > Backup / Flash Firmware
24. Click the Browse button under the Restore section, then select the etc.tar.gz file you created earlier
25. Click the Upload Archive button to upload your configuration
26. Give the router a minute to restart and then log back in
* Even after the login page appears it may need a minute before it'll actually let you login
27. Go to Network > Interfaces and click the Add new interface button
28. In the Name of the new interface box enter VPN
29. In the Cover the following interface drop down select the Custom Interface: option and enter tun0
30. Hit the enter key and click the Submit button to continue
31. In the Use custom DNS servers box enter 8.8.8.8 (Google may not be ideal, but it's good for testing with) or whatever your preference is for a DNS server, then hit the + button next to it
32. Click the Save & Apply button at the bottom of the page
33. Click the Delete button next to the WAN that shows Protocol: DHCPv6 client
34. Go to Network > Firewall
35. Under Zones click the Add button to add a new zone
36. Enter VPN in the Name box
37. In the Input drop down select reject
38. In the Output drop down select accept
39. In the Forward drop down select reject
40. Check the boxes that say Masquerading and MSS clamping
41. Under Covered networks select VPN
42. Under Allow forward from source zones: select lan: lan
43. Now click the Save & Apply button
44. Go back to Network > Firewall
45. Under Zones click Edit button next to lan > wan VPN
46. Under the Forward drop down select reject
47. Remove wan: wan from Allow forward to destination zones:
48. Click Save & Apply button
49. Click the Edit button next to wan > reject
50. Under the input drop down select reject
51. Under the forward drop down select reject
52. Uncheck Masquerading and MSS clamping
53. Click the Save & Apply button
54. Go to Network > Interfaces and click the Edit button next to WAN
55. Go to the Advanced Settings tab and uncheck the box Use DNS servers advertised by peer.
56. Enter your prefered DNS server in the Use custom DNS servers box, example: 8.8.8.8 & then click the Save & Apply button
57. Go to Network > Wireless and click the Edit button next to where it says the SSID name (libreCMC)
58. Next to Wireless network is disabled click the Enable button
59. Under Interface Configuration enter libreCMC-VPN into the ESSID box
60. Click the Wireless Security tab and select WPA2-PSK
61. In the box that says Key enter a password to use for when you want to connect to your libreCMC-VPN access point
62. Click Save & Apply button
63. Go to System > Reboot and click Perform reboot button
64. Give the router a minute to reboot, but if everything worked you should be able to see that websites think you are located in another country/state/region... to test it visit https://infosniper.net/
Change your VPN username and password
1. Open a terminal and run the command:
ssh root@192.168.3.1
2. Run the command:
vi /etc/openvpn/key.txt
3. Hit the 'a' key on your keyboard to append a new line
4. Enter your username on the first line and hit enter
5. Enter your password on the 2nd line
6. Hit the Esc key on your keyboard
7. Type in :wq! and hit the enter key
8. Type reboot and hit enter
If all you are doing is changing the username and password then a reboot should result in the VPN connecting automatically assuming you've followed the directions on this page for the initial setup. If it doesn't connect after a minute then you probably have a username or password that isn't correct or you didn't save it correctly as is described here. Try again.