All Collections
Setup Guides
Manual Router Configurations
How to configure EdgeRouter - OpenVPN?
How to configure EdgeRouter - OpenVPN?
Steve M avatar
Written by Steve M
Updated over a week ago

This tutorial explains how to connect your EdgeRouter device to VPN using a Linux OS.

1. Create a new file on your computer and call it limevpnauth.txt for example. Open it and type in your LimeVPN Username in the first line and Password in the second line:

username
password

2. Then please download our .ovpn files from here.

3. Choose the server you want to connect to. For example if you want to connect to UK 2  server via UDP – please open the uk2.ovpn file and change this line:

auth-user-pass

to

auth-user-pass /config/openvpn/limevpnvpnauth.txt

and then save the file.

4. Your configured file should look like this:

###############################################################################

# OpenVPN 2.0 Sample Configuration File

# for PacketiX VPN / SoftEther VPN Server

# !!! AUTO-GENERATED BY SOFTETHER VPN SERVER MANAGEMENT TOOL !!!

# !!! YOU HAVE TO REVIEW IT BEFORE USE AND MODIFY IT AS NECESSARY !!!

# This configuration file is auto-generated. You might use this config file

# in order to connect to the PacketiX VPN / SoftEther VPN Server.

# However, before you try it, you should review the descriptions of the file

# to determine the necessity to modify to suitable for your real environment.

# If necessary, you have to modify a little adequately on the file.

# For example, the IP address or the hostname as a destination VPN Server

# should be confirmed.

# Note that to use OpenVPN 2.0, you have to put the certification file of

# the destination VPN Server on the OpenVPN Client computer when you use this

# config file. Please refer the below descriptions carefully.

###############################################################################

# Specify the type of the layer of the VPN connection.

# To connect to the VPN Server as a "Remote-Access VPN Client PC",

#  specify 'dev tun'. (Layer-3 IP Routing Mode)

#

# To connect to the VPN Server as a bridging equipment of "Site-to-Site VPN",

#  specify 'dev tap'. (Layer-2 Ethernet Bridgine Mode)

dev tun

###############################################################################

# Specify the underlying protocol beyond the Internet.

# Note that this setting must be correspond with the listening setting on

# the VPN Server.

# Specify either 'proto tcp' or 'proto udp'.

proto udp

###############################################################################

# The destination hostname / IP address, and port number of

# the target VPN Server.

# You have to specify as 'remote <HOSTNAME> <PORT>'. You can also

# specify the IP address instead of the hostname.

# Note that the auto-generated below hostname are a "auto-detected

# IP address" of the VPN Server. You have to confirm the correctness

# beforehand.

# When you want to connect to the VPN Server by using TCP protocol,

# the port number of the destination TCP port should be same as one of

# the available TCP listeners on the VPN Server.

# When you use UDP protocol, the port number must same as the configuration

# setting of "OpenVPN Server Compatible Function" on the VPN Server.

# Note: The below hostname is came from the Dynamic DNS Client function

#       which is running on the VPN Server. If you don't want to use

#       the Dynamic DNS hostname, replace it to either IP address or

#       other domain's hostname.

###############################################################################

# The HTTP/HTTPS proxy setting.

# Only if you have to use the Internet via a proxy, uncomment the below

# two lines and specify the proxy address and the port number.

# In the case of using proxy-authentication, refer the OpenVPN manual.

;http-proxy-retry

;http-proxy [proxy server] [proxy port]

###############################################################################

# The encryption and authentication algorithm.

# Default setting is good. Modify it as you prefer.

# When you specify an unsupported algorithm, the error will occur.

# The supported algorithms are as follows:

#  cipher: [NULL-CIPHER] NULL AES-128-CBC AES-192-CBC AES-256-CBC BF-CBC

#          CAST-CBC CAST5-CBC DES-CBC DES-EDE-CBC DES-EDE3-CBC DESX-CBC

#          RC2-40-CBC RC2-64-CBC RC2-CBC

#  auth:   SHA SHA1 MD5 MD4 RMD160

cipher AES-128-CBC

auth SHA1

###############################################################################

# Other parameters necessary to connect to the VPN Server.

# It is not recommended to modify it unless you have a particular need.

resolv-retry infinite

nobind

persist-key

persist-tun

client

verb 3

auth-user-pass

###############################################################################

# The certificate file of the destination VPN Server.

# The CA certificate file is embedded in the inline format.

# You can replace this CA contents if necessary.

# Please note that if the server certificate is not a self-signed, you have to

# specify the signer's root certificate (CA) here.

<ca>

-----BEGIN CERTIFICATE-----

MIIFEjCCA/qgAwIBAgIJANUzyFMl8dpCMA0GCSqGSIb3DQEBCwUAMIG2MQswCQYD
VQQGEwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzEVMBMG
A1UEChMMRm9ydC1GdW5zdG9uMR0wGwYDVQQLExRNeU9yZ2FuaXphdGlvbmFsVW5p
dDEYMBYGA1UEAxMPRm9ydC1GdW5zdG9uIENBMRAwDgYDVQQpEwdFYXN5UlNBMSEw
HwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4wHhcNMTgwNjA0MDg0MzM1
WhcNMjgwNjAxMDg0MzM1WjCBtjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRUw
EwYDVQQHEwxTYW5GcmFuY2lzY28xFTATBgNVBAoTDEZvcnQtRnVuc3RvbjEdMBsG
A1UECxMUTXlPcmdhbml6YXRpb25hbFVuaXQxGDAWBgNVBAMTD0ZvcnQtRnVuc3Rv
biBDQTEQMA4GA1UEKRMHRWFzeVJTQTEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0
Lm15ZG9tYWluMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy3wR3WMd
eOYqZaGuxL5VKxPKpL3YW6dIq9R2KTmdl5CVebX4NykLEsQQIS7M6QsNTXF8QMqg
G7YzUM4iuhWw4Qu1Z63OvGKpHXiiX/10zS2Qs0EhCb5Il0wddMQ/a+eVn4Qm2Lxd
XEFw1meFakOJEFAcIZKgXSTtT6cxomm2LIrJcLWbMz6pXbGO09gGlU+pBhmqdeQH
Xb71OlicbH8+CqpX3a+jXXTVU0cPAgUqa1+Dn0iwlsqb2IfhdmKzIQVboDJvx/r4
SPLjoZGJ9RDK1+PplMazQjZlgEX8EQoKgxtypTFlUmvOSq+YPIPvFMq0CykIWwsy
RKYetOZhE/asMQIDAQABo4IBHzCCARswHQYDVR0OBBYEFMEBKdGHg8HUnB7T5bHy
Kl6+bak8MIHrBgNVHSMEgeMwgeCAFMEBKdGHg8HUnB7T5bHyKl6+bak8oYG8pIG5
MIG2MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5j
aXNjbzEVMBMGA1UEChMMRm9ydC1GdW5zdG9uMR0wGwYDVQQLExRNeU9yZ2FuaXph
dGlvbmFsVW5pdDEYMBYGA1UEAxMPRm9ydC1GdW5zdG9uIENBMRAwDgYDVQQpEwdF
YXN5UlNBMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW6CCQDVM8hT
JfHaQjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBwgMZpRqy8nHcz
onKIIoa6HuiaDbQWQfquSN+oWGoAvtmgVGACJMPa0hHJa9miJaqbpQyvhK/ho3FG
YdMIfBnal7WeiFnp5F6pYOFzl+3vGHjJ+d4AD/YCG1Wi+bglWSRQDTBsnfjvu0GM
HI5/BHuw8MDuthvXAp3k8hF0oGoM06UpQiEPnSyZKF9CFwcz9sUCABffhy7bm9fj
aC0pCBYI6RqRBA20anI8Esa5k72gpoMEO/Ua+AgcFqvjiavAQQ3K3w4qndI7o5Nr
p33n6px9d+arwi9e2ZmpOhQCL7opJBOkG9V7IG6pEwQN8g4TO+4cipVyVwbI/RH8
7NW9EtL+

-----END CERTIFICATE-----

</ca>

###############################################################################

# The client certificate file (dummy).

# In some implementations of OpenVPN Client software

# (for example: OpenVPN Client for iOS),

# a pair of client certificate and private key must be included on the

# configuration file due to the limitation of the client.

# So this sample configuration file has a dummy pair of client certificate

# and private key as follows.

<cert>

-----BEGIN CERTIFICATE-----

MIID1jCCAr6gAwIBAgIBADANBgkqhkiG9w0BAQsFADBqMR0wGwYDVQQDDBQxODA1
OTQ2OTg3NjQ1NTQ0NzgyNzEdMBsGA1UECgwUMTgwNTk0Njk4NzY0NTU0NDc4Mjcx
HTAbBgNVBAsMFDE4MDU5NDY5ODc2NDU1NDQ3ODI3MQswCQYDVQQGEwJVUzAeFw0x
NzA5MjcxMDU0NTZaFw0zNjEyMzExMDU0NTZaMGoxHTAbBgNVBAMMFDE4MDU5NDY5
ODc2NDU1NDQ3ODI3MR0wGwYDVQQKDBQxODA1OTQ2OTg3NjQ1NTQ0NzgyNzEdMBsG
A1UECwwUMTgwNTk0Njk4NzY0NTU0NDc4MjcxCzAJBgNVBAYTAlVTMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6ie7ugfwZUhk57wHziV7qMbSAzSvrbnP
tAfHyxzMBh8e5bUJ2fmpmKrpDyLXPI3N4HT7G3Cc8INuNrfkMBuXDO/IY7/hgDTE
jtc8vryyunkCi4q6weG300Mw6VDARGkv87oWLB/1oE3K4AUQOOa2D14o66Mi6wPf
jhqy0N5aS7Gi8a83QzvwPqurZyFbks5jQkLCkCYRUqt4aKaf7I3dvQ9qsLiX2Zrb
+IyA0O1dhFgLV0Jci6kwkyy5+8C6r6Bf8BSIaNhRjsxEHNhLlOITLrawn87LAttq
GIAfTe8cbHxknL+0TTVHdqzlWgL9CYiBoQ2+x8KGBTvfRa+Bgd4LWQIDAQABo4GG
MIGDMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgH2MGMGA1UdJQRcMFoGCCsG
AQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDBQYI
KwYBBQUHAwYGCCsGAQUFBwMHBggrBgEFBQcDCAYIKwYBBQUHAwkwDQYJKoZIhvcN
AQELBQADggEBAI0gcEHBq6wIPgYw8IJs368cTC2wOlYYgd03SAy6pHQLLOhzdDaq
LPXoqoOIVk5dUANth6ZZWsSNqUJYy4wZ2jQxH9RXPNzpgO72dSqfILozK65RZhXU
QRicM2YZLTUNRIh28yncAzmMhhSlBAUDihTkjobJuZ1p5SY/AtViaA95b4dB6WRV
zNd9TYHSF+XeE0Ev6KT7RyN9bvdpVf+m9WPUR7Fo0MOaZ5cqBCUqhhgPPpe8tzk7
oQ2pyGEtRK+pPeS++XTRPENHl6ESWtmpnLPcKS+16dnIkfsjzH1x8ZoT6JexR4o/
8EmZMeNcNR3tRKTJ4+PyRCSTDRQ2VEqP+SU=

-----END CERTIFICATE-----

</cert>

<key>

-----BEGIN PRIVATE KEY-----

MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDqJ7u6B/BlSGTn

vAfOJXuoxtIDNK+tuc+0B8fLHMwGHx7ltQnZ+amYqukPItc8jc3gdPsbcJzwg242

t+QwG5cM78hjv+GANMSO1zy+vLK6eQKLirrB4bfTQzDpUMBEaS/zuhYsH/WgTcrg

BRA45rYPXijroyLrA9+OGrLQ3lpLsaLxrzdDO/A+q6tnIVuSzmNCQsKQJhFSq3ho

pp/sjd29D2qwuJfZmtv4jIDQ7V2EWAtXQlyLqTCTLLn7wLqvoF/wFIho2FGOzEQc

2EuU4hMutrCfzssC22oYgB9N7xxsfGScv7RNNUd2rOVaAv0JiIGhDb7HwoYFO99F

r4GB3gtZAgMBAAECggEAOporH4nxHkgaCO1EPtGeu0TXNrou5ZnFY9c2p5zTawzK

3M6MYqNbULwljAY6PAt5ZR2h4uIyRPd/0+3+DBQ7n587VcumEkIil2VC7LGpQYYb

nvTffLqTGSqNyTbOh9CTkboW5oAxJyeRCLP7tWH4WqxELYUsrgjQIG6KJkAf9SVL

dM2MzYMWySOZ02rlMBd9CUV5VTxJfBmAGoRm0pxz4CsYPP8US3exm2OBCgWtvsc+

mCcTMoZxH2EdQOC0ZmDeZckKWK6QWegxnNtU3QoHKFsGvbGOfIbQ2k8a2O39VblB

A7H1CPYijmBjwYxyZsCEYeki92o3o8gl9Qo76nGQoQKBgQD9aHfUaYnQaJIwGv47

Rjla9umHIT9IhNot2JPfZqQh8zUOTpmG1jhsIL8eH5T+suex/7lTYMykgDx8svMr

06vn4HSw0+Dc2DkkWlxQ38bWTSnRBBDUgkuitOLcByHj59+ZgutZGx4qVbKr7aZP

29D27jt2n/KbV5g6GzgE5907/QKBgQDsjNpWmOTIZceGfOqFzBZ3YREVTslWNIB4

exaiEm0c5A8b6+MMumcCQkr9p6g5Sipvg7XvI8f7RGFi7j8xycyAMrg4MudlGRU9

Fgi0P3DECgDCoQNKSKpKakOP4R54m7vvY9OoeK6UdV60ofTKmKXLJvuJC1svSlhr

Xfg8kU1VjQKBgG0DIPGWyTuHkMPzCMU1C31vVLzV96RZyoYIcmybeiZEuuFBvNf9

ld4mJDFwQqdjDTtMmEwfC0oFBIBcdzG2aHBi5bAgJc67kbFq0eXUrnQIU+HfzuGs

f58qE6G1y8WAPXeLk3UMrmhl32wI2w/lrzpa9+erHTHod8sfZHTvzgN9AoGBAKZN

xHbbWQUWoTcI/WyBdk4JnRQI5v3HPYb2qovZPoLwRzsPFPpu1lq9NrGsPFXCsaDi

zXbKBh++DGWcMCuVv0Nl5SQFja8C+m6O3iGy9Fmu2qf6wTBpc+eLW+J8l4qdmnwM

B9NKvRo8hg+iSVJiDTWNO4w2wq21rAIX95zFXsRFAoGAMw81QqRBIzuP6g+8p9jr

mYNlNGDNM5Rz/E4WnxrkacJEDkmDXUl6og9eDh9Pki78zeBU1m6VaFU85se/YB0F

Un9HzNiCd7WQRSKQVv17CozYNhImfUTnXq+yCUBspkUP2wYygSJom9WyA6PFrgOU

jjXQt746YcA8r+C/03qDXW0=

-----END PRIVATE KEY-----

</key>

5. Now access your EdgeMax routers via ssh. On UNIX-like machines:

ssh ubnt@routersIP

type in the password of your EdgeRouter.

On Windows download this app: https://www.bitvise.com/ssh-client-download :

6. Then perform these commands:

sudo -i
cd /config/
mkdir openvpn
chmod 777 openvpn

7. If you’re using Linux, disconnect from SSH and then copy the created files limevpnauth.txt and uk2.ovpn into your EdgeMax routers /config/openvpn directory via scp:

scp limevpnvpnauth.txt ubnt@routerIP:/config/openvpn
scp uk2.ovpn ubnt@routerIP:/config/openvpn

8. Then access your router via ssh again and type in:

sudo -i
configure
set interfaces openvpn vtun0 config-file /config/openvpn/uk2.ovpn
commit
save

9. To check the connection log you can type in:

run show log

And scroll down till you see “Initialization Sequence Completed”. That means your router is successfully connected to our service.

You can also check this website to check if you are connected.

Did this answer your question?