[OPEN CALL šŸ“£] Bring NymVPN to OpenWRT!

This is a known bug myself and a few others have experienced on certain hardware. Something with the crypto is failing in the bandwidth credential claiming process.

I get this same error on my GL.inet SFT1200. I’ll dive into it this weekend, need to add debug logging so we can get a more specific error than failed to claim ecash bandwidth with the gateway.

1 Like

@code-zm thank you in advance, looking forward for your response

Could you recommend a Router which is already tested for NYM openWRT and is powerful enough, not too hard to configure? Ideally 2-3 options. Thanks.

Please add an option to disable routing on the vpn interface so that I could use pbr to route certain domains to the nymvpn mixnet

UPDATES:

  • Instead of relying on Wireguard kernel modules, I’m changing the backend to use Mullvad’s user space implementation, GotaTun.

  • Putting together a site for documentation, install process, recommended routers etc.

  • Bug fixes on the way

Thank you to everyone who has been testing it out!

2 Likes

Just ordered your make and model of gl.inet router (AX1800).

Also was wondering if you are running standard OpenWrt or the GL.inet version?

Made a new repo, stripped down to only what we need for OpenWrt:

1 Like

Hi,

I am trying to install nym-vpn_1.23.2_x86_64.ipk on the latest OpenWrt, but I encountered two problems:
I’m skipping the fact that we can’t install from webgui by televersing the package from a browser. We just have to wget the package from the router.

  1. Package requires a key for installation
    Running:

    apk add --allow-untrusted ./nym-vpn_1.23.2_x86_64.ipk
    

    gives an error about a signature, even with --allow-untrusted. It seems the package is signed in a way that the OpenWrt package manager cannot bypass.

  2. V2 package format error
    The same command outputs:

    ERROR: ./nym-vpn_1.23.2_x86_64.ipk: v2 package format error
    

    This suggests the .ipk is not fully compatible with the new apk OpenWrt package manager.

Suggestions / Requests:

  • Provide a signed .ipk package or instructions to generate a key so that installation works without errors.
  • Allow installation with --allow-untrusted to let users install custom packages.
  • Consider generating packages compatible with OpenWrt’s current manager.

Environment:

  • OpenWrt version: latest stable (x86/64 - OpenWrt 25.12.0 r32713-f919e7899d / LuCI openwrt-25.12 branch 26.063.06248~6e98b63)

Thank you.

PS: I just saw the new repo. It will still bring the same issues of the key, and the .ipk.
Also I don’t know if it’s normal, but there is no package on the release page of the new github page.

1 Like

Thanks for the feedback!

Just added a step in the build workflow to package for apk.

Regarding the new repo, I’m still making changes and fixes until I put out a release. Check here again over the weekend, should have a new release up soon.

If you can’t wait, download the pkg-* file from the workflow run artifacts: Release musl binaries Ā· dial0ut/nym-vpn-openwrt@73a2003 Ā· GitHub

1 Like

stock Gl.inet

Found the cause of the bug. Issue was ecash serialization on 32 bit platforms producing a different hash than what 64 bit platforms (gateways) expect.

Putting out a new release today.

Thanks for your patience!

I have it running on GL.inet AX1800. I’d recommend something with at least 256MB disk and 256MB RAM.

You can fit it onto weaker devices like GL.inet SFT1200 with some workarounds. Using zram and overlayfs works for me.

Will be purchasing more routers soon for testing. Also, once I get the website up and running I’ll put out an official minimum spec.

1 Like

v1.25.0 Release

New release is ready! Release Nym VPN v1.25.0 Ā· dial0ut/nym-vpn-openwrt Ā· GitHub

  • Pure rust user space wireguard via Mullvad’s Gotatun
  • Ad blocking
  • Performance optimization
  • .apk files for newer OpenWrt versions
2 Likes

cool, is new release compatible with glinet devices?

1 Like

Yes! Please give it a try and let me know if you run into any issues. Fixed the bandwidth credential bug so your architecture should be good to go now.

Quick update on what’s coming next:

  • Split tunneling
  • Built in updates
  • Signed release binaries
  • Documentation website

Latest release:

v1.26.0 Release

New release is ready! Release Nym VPN v1.26.0 Ā· dial0ut/nym-vpn-openwrt Ā· GitHub

  • Kill-switch toggle for PBR compatibility
  • Install script: curl -fsSL https://packages.dial0ut.org/install.sh | sh
  • Signed package feed at packages.dial0ut.org
  • Documentation site at docs.dial0ut.org
  • Built in updates via package managers opkg and apk

The GUI doesn’t have those updated features shown

1 Like

Fixed, the release CI was referencing the old standalone LuCI frontend repo, which we migrated into the openwrt repo.

Remove the package and reinstall. Also, clear browser cache with ctrl + shift + r / cmd + shift + r.

opkg remove nym-vpn

rm -rf /tmp/luci-*

curl -fsSL https://packages.dial0ut.org/install.sh | sh

The latest changes look like this:


Works fine now, thank you. Enabling Adblock would make the adguard home not work

1 Like