Spyke

Posts

selfhosted·Selfhostedbyoddlyqueer

Setting up ProtonVPN on an OpenWRT router, no internet access with service up (UPDATE: found workaround)

--- UPDATE 2025-10-18 ---

I never found the solution for OpenVPN, I think there may be some steps missing from Proton's ovpn guide (as of this writing) regarding setting up a vpn zone but I am no longer actively looking for solutions. What I did instead was reset the router to default and followed the guide for WireGuard https://protonvpn.com/support/openwrt-wireguard which worked flawlessly and does what I need it to do. Thanks everyone for the help in troubleshooting!

--- ORIGINAL POST ---

Hi all, as the title says I'm trying to set up Proton VPN on an old router, with the goal of piping 100% of my home traffic through the VPN. I followed this tutorial I found https://protonvpn.com/support/how-to-set-up-protonvpn-on-openwrt-routers and as soon as I got to the end of it, I couldn't access the internet with the VPN instance started. If I turn it off, the router behaves normally. I've looked through the instructions and I can't see where I've deviated from them, and I'm a little out of my element with routers so I'm not sure how to improvise. Any advice on what to try would be appreciated!

Facts:

  • with the VPN service down, both the router and connected clients are able to access the internet (ping 8.8.8.8 is the test). However, with the VPN service up neither the router nor any connected client appears to be able to access the internet at all.
  • running OpenWRT 24.10.3, which should be supported
  • using the Free tier of Proton, I don't think that should be impacting as I don't see anything that says I can't do this with the Free tier, but it may be relevant
  • The OpenWRT router is currently behind my ISP router, which again I don't think is relevant (and it's how I would like the final topology to look anyway) but IDRK.

selected log snippets from the router. NOTE there are a ton of logs with the repeated EHOSTUNREACH array of varying lengths, they all seem to have the same error at the end: Host is unreachable (fd=5,code=148)

daemon.warn openvpn(protonvpn)[19695]: NOTE setsockopt TCP_NODELAY=1 failed
daemon.warn openvpn(protonvpn)[19695] sitnl_send: rtnl: generic error (-128): Network unreachable
...
daemon.notice openvpn(protonvpn)[19695]: WARNING: OpenVPN was configured to add an IPv6 route. However, no IPv6 has been configured for tun0, therefore the route installation may fail or may not work as expected.
...
daemon.notice openvpn(protonvpn)[19695]: Initialization Sequence Completed
daemon.err openvpn(protonvpn)[19695]: read UDPv4 [EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH]: Host is unreachable (fd=5,code=148)
daemon.err openvpn(protonvpn)[19695]: read UDPv4 [EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH]: Host is unreachable (fd=5,code=148)
daemon.err openvpn(protonvpn)[19695]: read UDPv4 [EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH]: Host is unreachable (fd=5,code=148)
... # This block repeats over and over
daemon.notice openvpn(protonvpn)[19695]: SIGUSR1[soft,tls-error] received, process restarting
daemon.warn openvpn(protonvpn)[19695]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
daemon.notice openvpn(protonvpn)[19695]: TCP/UDP: Preserving recently used remote address: [AF_INET]89.187.171.225:51820
daemon.warn openvpn(protonvpn)[19695]: NOTE: setsockopt TCP_NODELAY=1 failed
daemon.notice openvpn(protonvpn)[19695]: UDPv4 link local: (not bound)
daemon.notice openvpn(protonvpn)[19695]: UDPv4 link remote: [AF_INET]89.187.171.225:51820
daemon.err openvpn(protonvpn)[19695]: read UDPv4 [EHOSTUNREACH|EHOSTUNREACH]: Host is unreachable (fd=5,code=148)
daemon.err openvpn(protonvpn)[19695]: read UDPv4 [EHOSTUNREACH]: Host is unreachable (fd=5,code=148)
daemon.err openvpn(protonvpn)[19695]: read UDPv4 [EHOSTUNREACH]: Host is unreachable (fd=5,code=148)
daemon.err openvpn(protonvpn)[19695]: read UDPv4 [EHOSTUNREACH]: Host is unreachable (fd=5,code=148)
daemon.err openvpn(protonvpn)[19695]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
daemon.err openvpn(protonvpn)[19695]: TLS Error: TLS handshake failed
daemon.notice openvpn(protonvpn)[19695]: SIGUSR1[soft,tls-error] received, process restarting
View original on lemmy.ml
36
Comments11
asklemmy·Ask Lemmybyoddlyqueer

Seriously, how would a global democracy work?

This is something I've been thinking about for a while, and it's a huge problem, but I don't really see a lot of discussion about it. We have the technological means now for every single person on the planet to communicate directly with every single other person, in near-real time. The only real barrier to it is logistical (and is mostly impeded by resource hoarding). That's amazing. And the recent election in Nepal via Discord has me thinking again about how the internet could form the basis for a real, democratic, world government. There are a ton of problems that would need to be addressed, off the top of my head:

  • not everyone has internet access
  • not everyone that has access has unfettered access
  • It's hard to preserve anonymity and have fair elections
  • it's hard to verify elections haven't been tampered with
  • what happens when violent crimes are committed?
  • how do taxes work in this system?
  • how do armed forces work in this system?

I don't think any of these problems are necessarily unsolvable, but I don't know how. So, how would we get from where we are to where we want to be? How do we even define what the end state should look like?

View original on lemmy.ml
89
Comments97

You reached the end