Nordvpn is an excellent VPN Provider with massive server list and best in class upload & download speed.

Problem is they only allow you to connect unto 6 vpn clients at the same time.
What if you have more devices or you want to connect all devices in your home to use VPN! Option is use vpn through your router, But often VPN client capable routers are expensive and their throughput is not good.

In this article I will show you how to use Openwrt on a virtual machine using proxmox.

Prerequisites

You will need a server or old pc where proxmox is installed
A decent Wifi Access Point
If your proxmox server has 1 Nic , then you need a usb3 to ethernet dongle.

Hardware I am using

1. Intel i7 8th Gen Based NUC with 16 GB ram
2. TP-Link Archer AX3000 as Access Point
3. TP-Link UE300 USB 3 to Gigabit adapter
4. Router provided by Internet service provider

Initial Setup

1. After you install proxmox , connect to your ISP router through the available NIC on your server
2. Connect Ethernet dongle to the Access Point’s WAN port.
3. If you are using a wifi router as Access Point , change the mode to AP mode.

Setting up OPENWRT VM

1. We will need to download latest x86-64 openwrt image.(https://downloads.openwrt.org/releases/22.03.2/targets/x86/64/openwrt-22.03.2-x86-64-generic-ext4-combined.img.gz)
2. Unzip the file to get .img file
3. Upload .img file to your proxmox ISO storage
4. Now lets create a VM , while setting up on OS section Click “Do not use any media”
5. On CPU section select 2 or 4 cores and set “Type” to “host”. Add aes in “Extra CPU Flags” section
6. Select 512 MB RAM On network section untick the Firewall
7. Finish But don’t start the VM Yet
8. Note the VM ID (In my case 200)
9. From your Proxmox node shell go to ISO store (cd /var/lib/vz/template/iso)
10. Change the name of Openwrt File(mv openwrt-22.03.2-x86-64-generic-ext4-combined.img owrt.raw)
11. You can expand the raw file we just created to 2 GB(qemu-img resize -f raw ./owrt.raw 2048M)
12. Mount the RAW image to our openwrt VM(qm importdisk 200 ddwrt.raw local-lvm) (*200 is my VM ID , use yours )
13. Now close shell and click on the VM you created, Go to Hard ware section , Double click on the unused disk , change type to SATA and click add
14. At the hardware section add USB Device -> Use USB Vendor/Device ID -> select your Ethernet Dongle
15. Again ADD network device , Uncheck Firewall and add
16. Go to options for this VM, on boot order section enable SATA0
17. Finally Start the VM
18. Once booted create a new password for Openwrt using passwd command
19. At this point you will need to know the ip for the dashboard. Use app like “Fing” to find out (make sure your phone is connected to the ISP provided router network wifi)

Setting Up OpenWRT

1. Once you are in the openwrt dashboard , go to network -> interfaces -> devices (you should see eth0,eth1,eth2) in case eth2 is missing then you need to install driver for the usb dongle
2. Search google with your dongle name and check the chipset used in this dongle , for UE300 I am using its RTL8153 ,now go to system software section ,click update lists. Once done search for RTL815 (or what ever your chipset, I am searching RTL815 because RTL8153 is not available ) for my case it showed KMOD-USB-NET-RTL8152 , good enough for UE300. Click install
3. Lets go back to devices and check if it works
4. Assuming it works , we will need to create a new bridge device . Click Add device configuration ->Device name:xdLAN Device Type : Bridge device -> Existing Device:eth2(Ethernet adapter)->MTU 1500 , MAC same as ethernet dongle’s MAC -> save
5. Now on interfaces section -> Add new interface ->Name: VPNLAN -> Protocol:Static Address -> Device Bridge:xdLAN->create Interface.
6. Once Created edit the interface ipv4 : 10.0.0.1 -> ipv4 netmask : 255.255.255.0 ipv4 gateway : IP OF WAN INTERFACE -> go to DHCP server section on edit interface , click enable
7. If you see a WAN6 interface delete it
8. At this point connect to your VPN wifi from a phone and check if you can access internet.
9. If yes then initial setup done !

You can automate this Part by running the below code on Proxmox Shell:

bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/vm/openwrt.sh)"

Nordvpn Openvpn Client Setup

1. Go to software section , update lists and install openvpn-openssl , ip-full , luci-app-openvpn
2. After refreshing you will see VPN on your menu bar.
3. Open openvpn from vpn , delete all the example instances.
4. Now go to https://nordvpn.com/servers/tools/ select the vpn server you want to use , click Show available protocols ->OPENVPN UDP -> Download Config
5. You will need to know your nordvpn “Service Credentials” (Available in nordvpn dashboard)
6. On openwrt -> openvpn section upload this config file once done click edit
7. find auth-user-pass and change it to auth-user-pass /etc/openvpn/NordVPN.auth (In your case Change NordVPN.auth to the (interface name you created).auth)
8. Add Service credentials to the section to add optional ‘auth…” Format
   USERNAME
   PASSWORD
9. Click save
10. Go to openvpn instances check Enabled save and apply then start
11. Go to network->firewall. On Zones Section Click edit on the lan => wan tab , In covered networks only select VPNLAN , deselect anything else
12. Edit the WAN tab , Advanced Settings->Covered devices select tun0-> save

At this point VPN should work! Congratulations