OpenVPN to my home router

Thanks @joakim_s. I didn’t post my last post when I wrote it, I thought some sort of divine inspiration would direct me to an answer four months ago, but it never happened. I had already started the work below when you replied.
I wouldn’t have taken the time to document it again, but the forum stores unposted replies - that’s really cool.

Solution below, read carefully as there is some back tracking on my part from other’s guides.

Knowing that the local network is the same class C as my home network and the modified single IP route was causing the most headache, I have completely changed my home IP range to simplify the issue. In fact, I know better, you always want to avoid 192.168.1.0/24 and 10.0.0.1/24 networks since so many devices are configured this way from the factory. Pick a third octet that’s anything besides 1, 2 or zero.

I’ve also started over with a generic LibreELEC Rpi 3 build. This is what I use at home via a RecalBox, so it’s what I’m used to.

Starting over:
Install LibreELEC Pi3 from Rpi imager.

Fire up the Pi, add WiFi network and SSH credentials. I don’t know why the Pi imager didn’t respect my configuration options through SHIFT+CTRL+X.

see note below Follow https://www.vpnranks.com/blog/libreelec/#How-to-Install-VPN-for-LibreELEC-in-us

Notes: Log in via PuTTY/SSH
Password had to be reset via Settings->Addons->LE settings plug in, probably cause I fat-fingered it the first time, but I don’t think I did? Oh, well.

I used FileZilla to transfer files. If you have SMB turned on, you can use that instead. However, accessing hidden directories may be more difficult. If you only have ssh turned on, you can use sFTP through your favorite application.

I altered the router created .ovpn file with this line after “keepalive 10 30”
auth-user-pass /storage/.kodi/addons/service.vpn.manager/custom/pass.txt
pass.txt is a user-password pair in plain text separated by a new line, no special formatting.

I had to turn on "show hidden files Settings->Media Settings (Expert)->“Show Hidden Files” to allow me to access the directory listed below. If you put your configs somewhere else (in a directory without dots), you won’t need this step.

I stored my *.ovpn in /storage/.kodi/addons/service.vpn.manager/custom along with “pass.txt”
If there is no password file the Wizard will ask you to enter it.

I imported the entire folder which also contained the router certificate, but I guess that was unnecessary as it was also in the OVPN file.

Log from import:

Sadly, it doesn’t seem to connect. I don’t know why the GUI addon doesn’t work right.

Restart, the GUI claims it needs to be configured again. sigh
I’ve given up on the GUI VPN configuration. I disabled the addon.
As such, I suggest skipping the part of the tutorial where you install the VPN addon. It has no value.

for reference command line-connect:
openvpn --config /storage/.kodi/addons/service.vpn.manager/custom/new.ovpn --auth-user-pass /storage/.kodi/addons/service.vpn.manager/custom/pass.txt --daemon --log /storage/Logs/openvpn_$(date +%y%m%d%s).log

Success!

Now to add the command above to /storage/.config/autostart.sh (normally, I would use /etc/rc.local or /etc/init.d)

#!/bin/bash
openvpn --config /storage/.kodi/addons/service.vpn.manager/custom/new.ovpn --auth-user-pass /storage/.kodi/addons/service.vpn.manager/custom/pass.txt --daemon --log /storage/Logs/openvpn_$(date +%y%m%d%s).log

Restart.

It works!

DIR/LS operations are still slow. It took several hours to catalog my library. However, video playback works. It doesn’t like some higher quality videos - it’s got to be a bit rate issue, I’m still having significant lag and stuttering on the same videos as I was previously. I might try this on a Rpi4 in the future.

I restarted the Pi, still connected.

And this may or may not be of value to anyone reading this thread, I’ve started storing RBFs (really big files) in a separate location from the rest of my collection. I just don’t want to make a habit of watching 2GB+ files every 30 minutes over the VPN. That’s a lot of bandwidth.
Because I now know 1080 is also going to be problematic with this set up, I’ll probably do the same for those files as well.

I also added the following to the autostart.sh (replace your own credentials and IP, of course) to mount the remote server via SMB. You’ll need to mkdir the “remote_SMB” directory.:
sudo mount -t cifs -o rw,vers=3.0,username=pi,password=raspberry //192.168.1.10/shared /media/remote_SMB
So if there’s some large file I do want to watch, I can simply SSH into the KODI box and copy it from the RBF directory to local storage (512GB USB stick) in the background. I’ve got a 10MB/s connection ATM, so 2GB won’t take that long to transfer.

FYI: I know a Rpi 3B+ media server will support at least three distinct 1080 streams over SMB when reading from a HDD and connected to the network via 10baseT wired ethernet. I ran a test where every TV in my home with a KODI device played a different stream for an hour - while I did not watch all three at the same time, as I checked on them throughout the experiment, I did not see any difference in the video/audio playback than what I expected.
Home Router is running the VPN server, an Asus RT-AX55, cable modem is a “Motorola” Arris Surfboard SB6141 (DOCSIS 3.0) internet connection is a 250Mb with occasional bursts to 300-ish. I’m using 1024 encryption.
Local router is provided by Spectrum Cable, SAX1V1S

Sometimes, if you lose the network, you’ll need to re-enter the WPA key, but it does prompt you, so it’s not terrible. Sometimes it auto-reconnects.