Menu
What's new
By:
Filters Better Search

OpenVPN server on DD-WRT?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

S

smapdi

Occasional Visitor
Can anyone point me to a good tutorial on how to set up OpenVPN on a router using DD-WRT as a server? I've seen a ton of tutorials on having the router act as a client to another OpenVPN server but nothing recent on how to make my router an OpenVPN server.

I just want to be able to use OpenVPN to connect back to my home network when I'm away.

If it helps any this would be on an Netgear R7000 so I don't believe resource constraints would apply.
 
smapdi said:
Can anyone point me to a good tutorial on how to set up OpenVPN on a router using DD-WRT as a server? I've seen a ton of tutorials on having the router act as a client to another OpenVPN server but nothing recent on how to make my router an OpenVPN server.

I just want to be able to use OpenVPN to connect back to my home network when I'm away.

If it helps any this would be on an Netgear R7000 so I don't believe resource constraints would apply.
Click to expand...
I think DD WRT only does PPTP VPN Server
I don't think it supports Open VPN server as you are asking.
 
yorgi said:
I think DD WRT only does PPTP VPN Server
I don't think it supports Open VPN server as you are asking.
Click to expand...

There is both an option for OpenVPN Server/Daemon and OpenVPN Client which leads me to believe that you can run a standalone server.

upload_2016-7-18_6-11-31.png
 
smapdi said:
There is both an option for OpenVPN Server/Daemon and OpenVPN Client which leads me to believe that you can run a standalone server.

View attachment 6804
Click to expand...
I haven't touched a DD WRT router in a while. I never setup a VPN server with DD WRT.
For what its worth take a look at this http://www.snbforums.com/threads/how-to-setup-a-vpn-server-with-asus-routers.33638/
its setting up a VPN server with ASUS. I am sure ASUS has copied some code from Tomato or WRT
maybe it might help. When you enable the VPN server do you get other options?
If you can show the options maybe I can help you out more.
 
This is what I get when I enable it:

upload_2016-7-18_11-44-39.png


I can figure out some of the needed parts but I believe there is additional iptables rules and settings.

Any help would be greatly appreciated
 
yorgi said:
I haven't touched a DD WRT router in a while. I never setup a VPN server with DD WRT.
For what its worth take a look at this http://www.snbforums.com/threads/how-to-setup-a-vpn-server-with-asus-routers.33638/
its setting up a VPN server with ASUS. I am sure ASUS has copied some code from Tomato or WRT
maybe it might help. When you enable the VPN server do you get other options?
If you can show the options maybe I can help you out more.
Click to expand...
Since you mention Asus routers, would installing Asuswrt-Merlin on my R7000 be worthwhile? I'm honestly not married to DD-WRT and don't mind switching as long as the project is stable and maintained.
 
smapdi said:
Since you mention Asus routers, would installing Asuswrt-Merlin on my R7000 be worthwhile? I'm honestly not married to DD-WRT and don't mind switching as long as the project is stable and maintained.
Click to expand...
Hmm if you can install Merlin on it go for it :)
 
yorgi said:
Hmm if you can install Merlin on it go for it :)
Click to expand...

Netgear R7000 - nope... AsusWRT on Netgear is not an RMerlin build, it's a fork, and not very well supported...

OP is better off working the DDWRT solution perhaps, or reverting back to factory...
 
sfx2000 said:
Netgear R7000 - nope... AsusWRT on Netgear is not an RMerlin build, it's a fork, and not very well supported...

OP is better off working the DDWRT solution perhaps, or reverting back to factory...
Click to expand...


It's actually XWRT which is a port of Merlin to the R7000 (http://xvtx.ru/xwrt/about.htm) last update was May so it's not terribly out of date.

I'm actually somewhat set up with OpenVPN in DD-WRT but I think either my iptables rules are messed up or the config is wrong because I can't seem to get a connection with either the Android client nor with the Ubuntu command line one.

This is what my settings look like:

upload_2016-7-20_10-34-44.png



The TLS Auth Key and Certificate Revoke List are blank. I checked running processes on the router and I see that the OpenVPN process is running and bound to port 1194

My firewall script looks like this:

iptables -I INPUT 1 -p udp --dport 1194 -j ACCEPT
iptables -I FORWARD 1 --source 192.168.254.0/24 -j ACCEPT
iptables -I FORWARD 1 --source 192.168.111.0/24 -j ACCEPT
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT

Does this look right to you guys?
 
sfx2000 said:
I have a hard time with AsusWRT being run on non-ASUS equipment - esp. when Netgear has a great opensource effort on their own with the DDWRT and OpenWRT communities...
Click to expand...

The R7000 may have really great DD-WRT support but the OpenWRT support is incredibly underwhelming. Since the Broadcom drivers for the 2.4 and 5 GHz radios is closed source, the OpenWRT port doesn't have WiFi which makes it useful for the 4 devices I have physically plugged into my router but worthless for the 10 + wireless clients I have.
 
smapdi said:
It's actually XWRT which is a port of Merlin to the R7000 (http://xvtx.ru/xwrt/about.htm) last update was May so it's not terribly out of date.

I'm actually somewhat set up with OpenVPN in DD-WRT but I think either my iptables rules are messed up or the config is wrong because I can't seem to get a connection with either the Android client nor with the Ubuntu command line one.

This is what my settings look like:

View attachment 6820


The TLS Auth Key and Certificate Revoke List are blank. I checked running processes on the router and I see that the OpenVPN process is running and bound to port 1194

My firewall script looks like this:

iptables -I INPUT 1 -p udp --dport 1194 -j ACCEPT
iptables -I FORWARD 1 --source 192.168.254.0/24 -j ACCEPT
iptables -I FORWARD 1 --source 192.168.111.0/24 -j ACCEPT
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT

Does this look right to you guys?
Click to expand...
Try changing the hash algorithm to SHA1
I think that is your problem
 
Last edited:
smapdi said:
It's actually XWRT which is a port of Merlin to the R7000 (http://xvtx.ru/xwrt/about.htm) last update was May so it's not terribly out of date.

I'm actually somewhat set up with OpenVPN in DD-WRT but I think either my iptables rules are messed up or the config is wrong because I can't seem to get a connection with either the Android client nor with the Ubuntu command line one.

This is what my settings look like:

View attachment 6820


The TLS Auth Key and Certificate Revoke List are blank. I checked running processes on the router and I see that the OpenVPN process is running and bound to port 1194

My firewall script looks like this:

iptables -I INPUT 1 -p udp --dport 1194 -j ACCEPT
iptables -I FORWARD 1 --source 192.168.254.0/24 -j ACCEPT
iptables -I FORWARD 1 --source 192.168.111.0/24 -j ACCEPT
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT

Does this look right to you guys?
Click to expand...
where did you get those certificates? I don't see in any certificates in that URL you posted.
he seems to be talking about certificates and where to paste them but no download link for them.
Did DD WRT generate the certificates?
Without certificates you will never be able to set i up properly.
also y0u didn't completely follow that guide. You changed things all over the place
I would suggest duplicating that guide and finiding proper certificates because just grabbing parts from here and there wont help you out much.
Personally I would not bother with DD WRT...I would put stock firmware
here is a guide for netgear products and VPN servers
Netgear is a good company I don't get why you would want to put DD WRT on it. That firmware was great in the 90s, now its old news.
http://kb.netgear.com/app/answers/detail/a_id/23854/~/how-do-i-use-the-vpn-service-on-my-nighthawk-router-with-my-windows-client?
Netgear seems to have a very thorough and up to date VPNServer and client.
go that route because your router will work better as well.
 
yorgi said:
where did you get those certificates? I don't see in any certificates in that URL you posted.
he seems to be talking about certificates and where to paste them but no download link for them.
Did DD WRT generate the certificates?
Without certificates you will never be able to set i up properly.
also y0u didn't completely follow that guide. You changed things all over the place
I would suggest duplicating that guide and finiding proper certificates because just grabbing parts from here and there wont help you out much.
Personally I would not bother with DD WRT...I would put stock firmware
here is a guide for netgear products and VPN servers
Netgear is a good company I don't get why you would want to put DD WRT on it. That firmware was great in the 90s, now its old news.
http://kb.netgear.com/app/answers/detail/a_id/23854/~/how-do-i-use-the-vpn-service-on-my-nighthawk-router-with-my-windows-client?
Netgear seems to have a very thorough and up to date VPNServer and client.
go that route because your router will work better as well.
Click to expand...

The certs are generated via the easy-rsa scripts that come with the OpenVPN software. Using certs from some random website would be really, really dumb especially since you don't want anyone to have the private key of your VPN. The parts of the tutorial I modified are only a) for switching to the standard UDP port for OpenVPN (the tutorial used the HTTPS port which most home ISPs block) and b) using a different non-routeable /24 address space. Neither of these would break the setup. At this point the only issue is the iptables rules which I think I can figure out.

I assume using the Netgear Genie does the same thing as the link you put in shows that it provides the CA cert, server cert, server private key as well as the Diffie Hellman PEM. I'm not going back to Netgear firmware as it doesn't give me the level of control a 3rd party firmware does.

Thanks for the suggestions though.
 
You must log in or register to reply here.

Similar threads

M
Help Me Understand OpenVPN
Replies
5
Views
554
Tech9
Tech9
S
Offload OpenVPN to Raspberry Pi 5 versus using my AXE16000 for site-site?
Replies
2
Views
501
sunactive
S
M
OpenVPN / site to site with special security/routing constraints
Replies
7
Views
330
elorimer
E
M
VPN for a Cruise Ship
Replies
11
Views
651
sfx2000
sfx2000
B
Asus Merlin OpenVPN CloudConnexa Support
Replies
1
Views
315
L&LD
L&LD
Similar threads
Thread starter Title Forum Replies Date
I Hardening Asus Merlin built in OpenVPN server VPN 1
B Does Asus AC5300 OpenVPN server support connect with IPV6 network? VPN 2
O TV with OpenVPN client VPN 15
M Help Me Understand OpenVPN VPN 5
S Offload OpenVPN to Raspberry Pi 5 versus using my AXE16000 for site-site? VPN 2
R How to route/bridge OpenVPN TUN Client to LAN/BR0? VPN 0
A openvpn on tp-link behind isp router VPN 0
T OpenVPN through Asus ET12 works on all my devices except for one... I can't figure out why, can anyone make sense of these logs? VPN 2
dougm [solved] PFSense+OpenVPN: Problems Routing Specific VLAN traffic out VPN VPN 1
gdgross Setting up VPN server (router?) for offsite access VPN 13

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 950 (members: 21, guests: 929)
Top