How to get ProtonVPN working with OpenVPN WAN

Everything Else
#1

We’ve been asked to get OpenVPN working with ProtonVPN for one of our customers and have had no difficulty doing so. We were particularly interested in this VPN provider since they (and we) use Proton Mail. For anyone interested, here are the steps:

  1. Upgrade FW to 8.1.1
  2. Obtain and install the Open VPN WAN license, “LIC-OPN-WAN” (inexpensive – only $20 in the USA.)
  3. Start the OpenVPN setup at Network → WAN → OpenVPN.
  4. If you have not obtained an account with ProtonVPN do so now at https://account.protonvpn.com/login.
  5. Get the .ovpn file at https://account.protonvpn.com/downloads#openvpn-configuration-files after selecting the options you want (same procedure for free or paid versions.)
  6. Enter your credentials where called for on the OpenVPN config page. Note that this is not your ProtonVPN log-on as explained here – How to log in to ProtonVPN? - ProtonVPN Support.
  7. Set the other parameters on the OpenVPN set-up page as needed.
  8. Set outbound policy (Network → Outbound Policy) to direct the desired traffic to the OpenVPN WAN.

This set-up was not difficult and it seems to work well. Kudos to the Peplink product management folks and engineers for implementing this feature.

4 Likes
#2

Once a link is established, how do you connect the router to a different ProtonVPN server?

#3

Hi Michael. It appears that one selects the target server during the process of building the .ovpn file – step 5 in my posting. That’s also where you will select TCP or UDP, for example. If you want to use a different server you’ll need to change .ovpn’s. I experimented with building multiple .ovpn files, downloading them and loading each in-turn to the Peplink router. I did not find any issues.

#4

First thing, ProtonVPN is an excellent choice.

With some OpenVPN providers, you can create a single .ovpn file that refers to multiple VPN servers. Not sure if ProtonVPN supports that. For example, you might create an ovpn config file that would connect to any of multiple servers in a chosen country.

#5

Hi Michael. As I understand it one selects the desired configuration and the .ovpn file is built with those parameters. It does not work like, for example, the iOS “app” where one can select which server is to be used on start-up. Having said that, it’s easy to have multiple .ovpn files on a client desktop and load the desired one when needed.

#6

I’m pleased it works with Proton. I’ll be interested to hear if anyone manages to get it working properly on Windscribe. I haven’t had much luck. It works on some websites but others time out with no connection. I’ve tried different Windscribe servers, fiddled with MTU and tried both UDP and TCP but never got it working well. I use Windscribe’s WireGuard service on a Raspberry Pi and it works perfectly.

#7

I have a Surf Soho MK3, have updated the firmware to 8.1.1, and purchased and installed the OpenVPN license key. I’m using a free ProtonVPN account and have a connection to the VPN server, which shows as being in standby. I’m unable to do 3 things shown in the quick start guide linked in the email announcing 8.1.1 or discussed in your instructions.

  1. The OpenVPN WAN 1 that was set up automatically at the time I installed the license key does not appear in the Uplink Connection Priority dropdown, so the default WAN is being used for the uplink.

  2. The Quick Start indicates that the WAN and the OpenVPN WAN 1 should both be Priority One. When I drag the OpenVPN WAN 1 to Priority One, the WAN becomes Priority Two, and vice-versa.

  3. I don’t find Network…Outbound Policy so am unable to direct desired traffic to the VPN.

The FAQ indicates that all Peplink routers support OpenVPN client, so I’m stumped as to how to proceed. Perhaps an updated firmware is needed? Any help would be appreciated.

Thanks in advance,

Jim

1 Like
#8

Hello,

I am on a Pepwave Surf SOHO MK3 Firmware: 8.1.1 build 4994.

Followed the Peplink/Pepwave OpenVPN guide and purchased the license, activated it, rebooted, configured, saved settings, ping test, etc… (Firmware Release for OpenVPN WAN).

Shows as connected, however no network traffic is going through the OpenVPN WAN. The Surf SOHO UI is slightly different from the one in the guide when it comes to the “Outbound Policy” setting.

Respectfully,
Dam

#9

@Dam, the provided screenshots from Firmware Release for OpenVPN WAN is based on Balance Two. So it is a bit different from SOHO MK3. Have you created an outbound policy to route traffic to the OpenVPN WAN? How you notice no network traffic is going through the OpenVPN WAN?

#10

Please refer to following instruction to set the outbound policy rule: pass all traffic to OpenVPN WAN if connected, pass to ethernet WAN otherwise.

#11

@TK_Liew @Kenny

Thanks for the info. However my Admin UI does not match the 8.1.1 Manual.

A screen shot of my options… I am missing “Outbound Policy” in the Advance menu.

Screenshot_2021-01-19 Web Admin
Screenshot_2021-01-19 Web Admin1061×814 17.6 KB

I am missing the option/feature entirely?

Thanks for the help.
-Dam

#12

The manual displays a different set of options and features in the advanced menu.

Screenshot 2021-01-19 230046
Screenshot 2021-01-19 2300461472×818 171 KB

#14

@jlanderson227 and @Dam, this likely a bug. Please PM your serial number for me to take a look.

1 Like
#15

2933-DA52-XXXX

TIA for your assistance!

#16

@TK_Liew

Forum says … I cannot send you a personal message.

Screenshot 2021-01-20 210808

EDIT: Resolved … was able to send PM