INSTALLATION or SETUP VPN NETWORK
The OpenWRT system supports multiple VPN sites and VPNs.. Router Manual

  • VPN-Mini Router
  • default ip address is 192.168.1.1
  • Include one USB cable and short lan cable
  • NOT include power adapter

Max.300Mbps Wi-Fi Speed
1 x Toggle button
1 x Ethernet Ports (Ethernet Speed 10/100Mbps , one LAN and one WAN port)

  • Power Input Type-C USB, 5V/2A
  • Operating Temperature 0 ~ 40C (32 ~ 104F)
  • Storage Temperature -20 ~ 70C (-4 ~ 158F)
  • default login : root  without password
  • default SSID : VPN-LiteMR  without password

 


  • VPN-Lite Mini Router
  • default ip address is 192.168.1.1
  • Include one USB cable and short lan cable
  • NOT include power adapter

Max.300Mbps Wi-Fi Speed
1 x Toggle button
1 x Ethernet Ports (Ethernet Speed 10/100Mbps)

  • Power Input Type-C USB, 5V/2A
  • Operating Temperature 0 ~ 40C (32 ~ 104F)
  • Storage Temperature -20 ~ 70C (-4 ~ 158F)
  • default login : root  without password
  • default SSID : VPN-LiteMR  without password

Setup router root login (administrator's) password

Change VPN-Lite Mini Router LAN port IP Address:

Change IP Address and Click Save →  Apply unchecked → 

Go to Windows Start icon  →  cmd  → Enter

C:\Windows\System32>ipconfig /renew

Web interface instructions
Click on Network → Interfaces, then click on the Edit button of the LAN Network.
In General Setup tab, in IPv4 address type in the desired static IP address for the LAN interface of your OpenWrt Router, 
if your main router's address is 192.168.1.1 (most common), set the IP address of your OpenWrt router LAN interface to 192.168.2.1 
(or to something that isn't 192.168.1.X, anyway). Once you have chosen and written the IP address, write it down in the same sticker 
with the user/password above, it will be used to connect to your device in the future.
By default the WAN interface/port is set as DHCP client, this will allow it to work with networks where there is another router giving 
addresses without further configuration. If you need to set static address please see the instructions for Client device, and change the WAN interface settings accordingly.

Command-line instructions Configure the LAN interface statically with the new IP address 192.168.2.1.

uci set network.lan.ipaddr="192.168.2.1"
uci commit network
/etc/init.d/network restart

Change VPN-Lite 4G Router LAN port IP Address:

Login http://ip-address/cgi-bin/luci/ → Network → Interfaces → (Configuration Interfaces, LAN)  →  Edit → 

→ 

VPN-Lite Mini Router has to configure gateway IP and DNS IP for the internet connection by another router.
VPN-Lite 4G Router the internet connection by sim card on the other interface.

VPN-Lite Mini Router connected VPN computer setup Static IP for VPN service
Static IP address on Windows 10 / 11
1. Go to Start ? Settings
2. Select Network & Internet 
3. Select your internet connection (WiFi or Ethernet) and click on Properties.
4. Go to IP settings ? IP assignment ? Edit.
5. Click Automatic (DHCP) and select Manual from the dropdown menu.
6. Toggle the IPv4 switch on. 
7. Fill in the IP settings.
IPv4 Address....: 192.168.2.200
Subnet Mask.....: 255.255.255.0
Default Gateway.: 192.168.2.2
DNS Servers.....: 192.168.2.1
Click Save when youre done. 
8. You've successfully changed your IP address

Router Command line interface
Login http://ip-address/cgi-bin/luci/ → Services → ttyd → (Command Line, CLI interface on the Web)

OR

https://www.putty.org/  →  Download putty.exe   → SSH ip address and ssh default port 22

Case 1 with an OpenVPN Site-to-Site configuration example:

Server (Hub) Router directly connected to the internet and enabled WAN port SSH service. 
Enable ssh service 2233 on the VPN-Mini Router WAN port.
Login → http://ip-address/cgi-bin/luci/ → Go to → System → Administration → SSH Access → Add instance → Interface WAN → Port 2233 → Save → Save & Apply

Login → http://ip-address/cgi-bin/luci/ → Go to → Network → Firewall → Firewall - Zone Settings → mouse scroll down → wan → CHANGE Input reject to accept → Save → Save & Apply

VPN Server Router enable OpenVPN Site-to-Site tunnel command : set-ovpn-s-t-s-server
root@VPN-Lite300:~# set-ovpn-s-t-s-server
Server OpenVPN site to site tun1-4 udp port number: ( default 1194 udp )
1194
openvn site to site tunnel service udp port from 1194 - 1198
Server tun1 ip address:
192.168.121.1
OpenVPN Server Side Router connected the internet fix public ip address 1.2.3.4
#######################################################################################
##### Please Enter Dynamic DNS (DDNS) Domain Name or internet public ip below: #####
1.2.3.4
#######################################################################################
## Please enter username (username can not with any punctuation) ##
site1
Changing password for ovpnssite1
New password: site1password
Retype password: site1password
passwd: password for ovpnssite1 changed by root
2023-08-14 05:22:03 WARNING: Using --genkey --secret filename is DEPRECATED. Use --genkey secret filename instead.
Complete and Please run command : reboot
root@VPN-Lite300:~#
root@VPN-Lite300:~# set-ovpn-s-t-s-server
OpenVPN Server Side Router connected the internet fix public ip address 1.2.3.4
#######################################################################################
##### Please Enter Dynamic DNS (DDNS) Domain Name or internet public ip below: #####
1.2.3.4
#######################################################################################
## DO NOT DUPLICATE username below OpenVPN site to site users ##
site1 tun1 udp 1194 server-ip 192.168.121.2 client-ip 192.168.121.1 peer 1.2.3.4
#######################################################################################
## Please enter username (username can not with any punctuation) ##
site2
Changing password for ovpnssite2
New password: site2password
Retype password: site2password
passwd: password for ovpnssite2 changed by root
2023-08-14 13:42:15 WARNING: Using --genkey --secret filename is DEPRECATED. Use --genkey secret filename instead.
Complete and Please run command : reboot
root@VPN-Lite300:~#


VPN-Lite Mini Router remote site VPN Client configure VPN tunnel to Server
root@VPN-Lite:~# set-ovpn-s-t-s-peer
###############################################################
OpenVPN s-to-s Server the REAL IP Address OR DDNS domain name:
1.2.3.4
###############################################################
Do you need to change SSH default port 22: (change others=y/Y)?
y
###############################################################
Please enter SSH port numebr here:
2233
###############################################################
Please enter OpenVPN username for scp download configure file
site1
Host '1.2.3.4' is not in the trusted hosts file.
(ssh-rsa fingerprint sha1!! ee:6e:20:31:67:1b:7b:b1:30:aa:e6:31:9e:f0:f9:29:fe:1f:cd:51)
Do you want to continue connecting? (y/n) y
ovpnssite1@1.2.3.4's password:
copenvpn 100% 186 0.2KB/s 00:00
cping-ovpn-192.168.121.2.sh 100% 257 0.3KB/s 00:00
cjob 100% 133 0.1KB/s 00:00
client_site_to_site.auth 100% 636 0.6KB/s 00:00
ovpnssite1_network 100% 191 0.2KB/s 00:00
server_site_to_site.conf 100% 148 0.1KB/s 00:00
ovpnssite1-s-t-s.info 100% 126 0.1KB/s 00:00
server_site_to_site.auth 100% 636 0.6KB/s 00:00
client_site_to_site.conf 100% 166 0.2KB/s 00:00
Please change this router br-lan others network and ip address

root@VPN-Lite:~#

VPN-Lite 4G Router remote site VPN Client configure VPN tunnel to Server
root@VPN-4GLite:~# set-ovpn-s-t-s-peer
###############################################################
OpenVPN s-to-s Server the REAL IP Address OR DDNS domain name:
1.2.3.4
###############################################################
Do you need to change SSH default port 22: (change others=y/Y)?
y
###############################################################
Please enter SSH port numebr here:
2233
###############################################################
Please enter OpenVPN username for scp download configure file
site2
Host '1.2.3.4' is not in the trusted hosts file.
(ssh-rsa fingerprint sha1!! ee:6e:20:31:67:1b:7b:b1:30:aa:e6:31:9e:f0:f9:29:fe:1f:cd:51)
Do you want to continue connecting? (y/n) y
ovpnssite2@1.2.3.4's password:
copenvpn 100% 186 0.2KB/s 00:00
ovpnssite2_network 100% 191 0.2KB/s 00:00
cjob 100% 133 0.1KB/s 00:00
client_site_to_site.auth 100% 636 0.6KB/s 00:00
ovpnssite2-s-t-s.info 100% 126 0.1KB/s 00:00
server_site_to_site.conf 100% 148 0.1KB/s 00:00
cping-ovpn-192.168.121.6.sh 100% 257 0.3KB/s 00:00
server_site_to_site.auth 100% 636 0.6KB/s 00:00
client_site_to_site.conf 100% 166 0.2KB/s 00:00
Please change this router br-lan others network and ip address

root@VPN-4GLite:~#

root@VPN-4GLite:~# ping -c 3 -I 192.168.3.1 192.168.1.1
PING 192.168.1.1 (192.168.1.1) from 192.168.3.1: 56 data bytes
64 bytes from 192.168.1.1: seq=0 ttl=64 time=8.922 ms
64 bytes from 192.168.1.1: seq=1 ttl=64 time=10.548 ms
64 bytes from 192.168.1.1: seq=2 ttl=64 time=6.966 ms

--- 192.168.1.1 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 6.966/8.812/10.548 ms
root@VPN-4GLite:~# ping -c 3 -I 192.168.3.1 192.168.2.2
PING 192.168.2.2 (192.168.2.2) from 192.168.3.1: 56 data bytes
64 bytes from 192.168.2.2: seq=0 ttl=63 time=9.366 ms
64 bytes from 192.168.2.2: seq=1 ttl=63 time=14.250 ms
64 bytes from 192.168.2.2: seq=2 ttl=63 time=8.001 ms

--- 192.168.2.2 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 8.001/10.539/14.250 ms
root@VPN-4GLite:~#

The 4G Mobile router's internet connection is stable for VPN service. The 4G Mobile Router is not moving for a stable internet connection.


Case 2 is a different VPN Hub or Server internet router than Case 1.. The VPN Hub site or VPN Server router needs to be connected to another internet router. 
The internet router needs to have NAT service port forwarding. Some home routers use virtual Servers for NAT Forwarding.
The home router can be checked by the internet search engine with the router's band and model and a NAT port forward.

In case 2, the internet router needs NAT to forward ssh and openvpn.
Case 2 is an OpenVPN Site-to-Site configuration example, the same as case 1.
Please see Case 1: VPN Setup Setup for more information.

VPN Server (Hub) Router directly connected to the internet and enabled WAN port SSH service.
Enable ssh service 2233 on the VPN-Mini Router WAN port.
Login → http://ip-address/cgi-bin/luci/ → Go to → System → Administration → SSH Access → Add instance → Interface WAN → Port 2233 → Save → Save & Apply
Login → http://ip-address/cgi-bin/luci/ → Go to → Network → Firewall → Firewall - Zone Settings → mouse scroll down → wan → CHANGE Input reject to accept → Save → Save & Apply

VPN-Lite Mini Router and VPN-Lite Mini Router change ip address as Case 3
Login http://ip-address/cgi-bin/luci/ → Network → Interfaces → (Configuration Interfaces, LAN) → Edit → Change IP Address → Save → Apply unchecked


Case 3 OpenVPN Layer2 VPN (bridge mode multi-site)

VPN Server Router enable OpenVPN Layer2 VPN tunnel run command: set-bm-ovpn-server

root@VPN-Lite300:~# set-bm-ovpn-server
#######################################################################################
##### Please Enter OpenVPN service udp port number: #####
Server OpenVPN site to muiltsite service udp port number: ( default 1194 udp )
1194
Choose a size in bits for your keypairs 2048=y or 1024=n (y/n)?
The bits for your keypairs is 1024 and take a long time for key gen !

Using SSL: openssl OpenSSL 1.1.1t 7 Feb 2023
Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time
...................................................................................................................................... ..+.+................................
Using SSL: openssl OpenSSL 1.1.1t 7 Feb 2023
Generating RSA private key, 1024 bit long modulus (2 primes)
................................+++++
.......................+++++
e is 65537 (0x010001)
Using SSL: openssl OpenSSL 1.1.1t 7 Feb 2023
Generating a RSA private key
.+++++
....+++++
writing new private key to '/tmp//easy-rsa-5938.ahlhIH/tmp.HDcine'
-----
Using configuration from /tmp//easy-rsa-5938.ahlhIH/tmp.MBcCNE
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName :ASN.1 12:'server'
Certificate is to be certified until Nov 17 04:39:07 2025 GMT (825 days)
Write out database with 1 new entries
Data Base Updated
2023-08-15 04:39:07 WARNING: Using --genkey --secret filename is DEPRECATED. Use --genkey secret filename instead.
--------- complete openvpn bridge mode server configure ----------
###*** Delete openvpn bridge mode configure Reset to defaults by web interface ***###
Complete and Please run command : reboot
root@VPN-Lite300:~#
root@VPN-Lite300:~#
root@VPN-Lite300:~#
root@VPN-Lite300:~#

Server (Hub) Router add client (Spoke) for remote site name run command : set-bm-ovpn-client or set-bm-ovpn-nocheck-client

root@VPN-Lite:~# set-bm-ovpn-client
ls: /etc/openvpn/bridgeclient.conf: No such file or directory

The Internet connection public IP ADDRESS: 1.2.3.4

###################################################################
## Run set-bm-ovpn-server first for OpenVPN server enable ##

## Ctrl + C Stop wireguard multi site configuration ##
###################################################################
## Please enter The Internet public IP ADDRESS: or DDNS ##
1.2.3.4
1.2.3.4 is matching internet public ip address: 1.2.3.4
###################################################################
OpenVPN Bridge Mode router name list:
bridgeserver
###################################################################
Please enter other's router name:
site1
Using SSL: openssl OpenSSL 1.1.1t 7 Feb 2023
Generating a RSA private key
..............+++++
..................................................+++++
writing new private key to '/tmp//easy-rsa-8239.LJGdlP/tmp.BKcBke'
-----
Using configuration from /tmp//easy-rsa-8239.LJGdlP/tmp.cLkIhj
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName :ASN.1 12:'site1'
Certificate is to be certified until Nov 17 04:43:40 2025 GMT (825 days)
Write out database with 1 new entries
Data Base Updated
--------- complete openvpn bridge mode server configure ----------
###*** Delete openvpn bridge mode configure Reset to defaults by web interface ***###
root@VPN-Lite300:~#


root@VPN-Lite:~# set-bm-ovpn-client
ls: /etc/openvpn/bridgeclient.conf: No such file or directory

The Internet connection public IP ADDRESS: 1.2.3.4

###################################################################
## Run set-bm-ovpn-server first for OpenVPN server enable ##

## Ctrl + C Stop wireguard multi site configuration ##
###################################################################
## Please enter The Internet public IP ADDRESS: or DDNS ##
1.2.3.4
1.2.3.4 is matching internet public ip address: 1.2.3.4
###################################################################
OpenVPN Bridge Mode router name list:
bridgeserver
###################################################################
Please enter other's router name:
site2
Using SSL: openssl OpenSSL 1.1.1t 7 Feb 2023
Generating a RSA private key
...................+++++
......+++++
writing new private key to '/tmp//easy-rsa-8353.IPaJgm/tmp.AdEDOB'
-----
Using configuration from /tmp//easy-rsa-8353.IPaJgm/tmp.GCKoKk
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName :ASN.1 12:'site2'
Certificate is to be certified until Nov 17 04:45:16 2025 GMT (825 days)
Write out database with 1 new entries
Data Base Updated
--------- complete openvpn bridge mode server configure ----------
###*** Delete openvpn bridge mode configure Reset to defaults by web interface ***###
root@VPN-Lite300:~#
root@VPN-Lite300:~#
root@VPN-Lite300:~#
root@VPN-Lite300:~#


VPN-Lite Mini Router remote site Layer2 VPN Client configure VPN tunnel to Server
root@VPN-Lite300:~# set-bm-ovpn-peer
ls: /etc/openvpn/bridgeserver.conf: No such file or directory
ls: /etc/openvpn/bridgeclient.conf: No such file or directory
## Ctrl + C STOP and exit ##
###############################################################
###############################################################
OpenVPN BRIDGE Server the REAL IP Address OR DDNS domain name:
1.2.3.4
###############################################################
Do you need to change SSH default port 22 (y/n): (change=y)!
y
###############################################################
Please enter SSH port numebr here:
2233
###############################################################
Please enter openvpn bm client for scp download configure file
site1
Please enter OpenVPN BRIDGE Server Root passwd:
Host '1.2.3.4' is not in the trusted hosts file.
(ssh-rsa fingerprint sha1!! ec:cf:bf:00:4b:59:e7:42:24:db:ac:c0:86:fb:fe:35:91:65:73:18)
Do you want to continue connecting? (y/n) y
root@1.2.3.4's password:
site1.key 100% 916 0.9KB/s 00:00
openvpn 100% 183 0.2KB/s 00:00
ca.crt 100% 830 0.8KB/s 00:00
server.pem 100% 636 0.6KB/s 00:00
bridge-server.info 100% 76 0.1KB/s 00:00
bridgeclient.conf 100% 263 0.3KB/s 00:00
site1.crt 100% 3085 3.0KB/s 00:00
--------- complete openvpn bridge mode client configure ----------
###*** Delete openvpn bridge mode configure Reset to defaults by web interface ***###
Complete and Please run command : reboot
root@VPN-Lite300:~#
root@VPN-Lite300:~#



VPN-Lite 4G Router remote site Layer2 VPN Client configure VPN tunnel to Server
root@VPN-Lite300:~# set-bm-ovpn-peer
ls: /etc/openvpn/bridgeserver.conf: No such file or directory
ls: /etc/openvpn/bridgeclient.conf: No such file or directory
## Ctrl + C STOP and exit ##
###############################################################
###############################################################
OpenVPN BRIDGE Server the REAL IP Address OR DDNS domain name:
1.2.3.4
###############################################################
Do you need to change SSH default port 22 (y/n): (change=y)!
y
###############################################################
Please enter SSH port numebr here:
2233
###############################################################
Please enter openvpn bm client for scp download configure file
site2
Please enter OpenVPN BRIDGE Server Root passwd:
Host '1.2.3.4' is not in the trusted hosts file.
(ssh-rsa fingerprint sha1!! ec:cf:bf:00:4b:59:e7:42:24:db:ac:c0:86:fb:fe:35:91:65:73:18)
Do you want to continue connecting? (y/n) y
root@1.2.3.4's password:
site2.crt 100% 3085 3.0KB/s 00:00
site2.key 100% 916 0.9KB/s 00:00
openvpn 100% 183 0.2KB/s 00:00
ca.crt 100% 830 0.8KB/s 00:00
server.pem 100% 636 0.6KB/s 00:00
bridge-server.info 100% 76 0.1KB/s 00:00
bridgeclient.conf 100% 263 0.3KB/s 00:00
root@VPN-Lite300:~#
root@VPN-Lite300:~#



C:\>
C:\>ping 192.168.1.1

Pinging 192.168.1.1 with 32 bytes of data:
Request timed out.
Reply from 192.168.1.1: bytes=32 time=7ms TTL=64
Reply from 192.168.1.1: bytes=32 time=4ms TTL=64
Reply from 192.168.1.1: bytes=32 time=3ms TTL=64

Ping statistics for 192.168.1.1:
Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),
Approximate round trip times in milli-seconds:
Minimum = 3ms, Maximum = 7ms, Average = 4ms

C:\>ping 192.168.1.2

Pinging 192.168.1.2 with 32 bytes of data:
Reply from 192.168.1.2: bytes=32 time=14ms TTL=64
Reply from 192.168.1.2: bytes=32 time=6ms TTL=64
Reply from 192.168.1.2: bytes=32 time=6ms TTL=64
Reply from 192.168.1.2: bytes=32 time=6ms TTL=64

Ping statistics for 192.168.1.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 6ms, Maximum = 14ms, Average = 8ms

C:\>ping 192.168.1.3

Pinging 192.168.1.3 with 32 bytes of data:
Reply from 192.168.1.3: bytes=32 time=12ms TTL=64
Reply from 192.168.1.3: bytes=32 time=9ms TTL=64
Reply from 192.168.1.3: bytes=32 time=6ms TTL=64
Reply from 192.168.1.3: bytes=32 time=6ms TTL=64

Ping statistics for 192.168.1.3:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 6ms, Maximum = 12ms, Average = 8ms

C:\>ping 192.168.1.4

Pinging 192.168.1.4 with 32 bytes of data:
Reply from 192.168.1.4: bytes=32 time<1ms TTL=64
Reply from 192.168.1.4: bytes=32 time<1ms TTL=64
Reply from 192.168.1.4: bytes=32 time<1ms TTL=64
Reply from 192.168.1.4: bytes=32 time<1ms TTL=64

Ping statistics for 192.168.1.4:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\>