We use OpenWRT-based packages in ZyXel Keenetic routers

Not so long ago, ZyXel supported OPKG, an open-source module, for packages from the popular OpenWRT OS for home routers. This means that some of them can now be bet on ZyXel Keenetic. In this article, I will describe the process of including a package, setting up an Entware repository with thousands of packages, and setting up a router as an OpenVPN client.



At the moment, the project is inhabited and discussed in this forum .
Requirements - any kinetics with the latest version of NDMSv2 and a USB port, except for 4GII / III models. Perhaps, on some devices, for the appearance of the necessary components, you will need to switch to the beta branch of the firmware.

First of all, we go to the router settings, and there, in the updates, we install, choosing the necessary options, the components of Open Package support, IPv6, as well as all the components from the USB storage section. IPv6 is needed for netfilter to work properly when we drive traffic into the tunnel. You will also need the FTP component on the device if the configuration files are not downloaded directly to the USB flash drive, but via the network.

On the flash drive, create an ext2 / ext3 partition with any label in Latin (for example, keendev), connect it to the router and create the install folder on the partition labeled keendev.

Further in this folder you need to upload the installation file:

- for Keenetic DSL, LTE, VOX - mips ;

- for other Keenetic`s - mipsel ;

Then on the page "Applications> OPKG" put a daw "Enable". Then select the required USB-drive from the list, in the field “Script initrc:” enter /opt/etc/init.d/rc.unslung and click “Apply”.

If everything was done correctly, then the line "... Entware-Keenetic installation is complete!" Will appear in the system log after a while.

Now you can go to the kinetics via ssh, root login, zyxel password.
The password is in no way associated with the kinetics password. It changes, if necessary, with the passwd command.

First of all, we will update the list of packages: opkg update

Installing packages is done with the opkg install% commandname% command.

For the OpenVPN client to work, the following packages are needed:



You can find out already installed ones using opkg list-installed, uninstalled ones need to be installed without specifying the version at the end, only the package name.

In the / opt / etc / openvpn folder, you need to create the openvpn.conf file to help touch and vi, about the following format:



If your OpenVPN provider gives the router.ovpn file, it can also be used. Then in the startup script /opt/etc/init.d/S20openvpn you need to specify it in the line:
ARGS = "- daemon --cd / opt / etc / openvpn --config router.ovpn"

To indicate in the iptables script which interfaces you need to use, you need to figure them out using the ifconfig command.
We are looking for an interface with inet addr matching the local address of your router. For example, it will be br0.

Now you need to register the iptables script in the cd /opt/etc/ndm/netfilter.d folder. Let's call it openvpnfil.sh:



Now the router needs to be rebooted.

After the reboot, we go again via ssh and turn on OpenVPN if it didn’t turn on at boot:

/opt/etc/init.d/S20openvpn start

In the kinetics logs (already in the web configurator), you can see if everything is fine. It will also say where and what is bad if something goes wrong.