Like A LOT of other people - I found the ipVanish OpenVPN Router instructions woefully out of date, however, they recently have updated them. I was finally able to get it setup after some trial and error and more than a little help from this forum.
With this setup I can change ipVanish Servers or 'turn off' my OpenVpn with one simple click in the DD-WRT GUI.
Here are some things you will need:
ipVanish User Name & Password:
Register at ipvanish.com
*Note* I recommend saving a copy of the CA Cert File on your computer just in case.
OpenDNS ipV4 Server Address:
Primary DNS: 208.67.222.222
Secondary DNS: 208.67.220.220
OpenDNS ipV6 Server Address (optional) I configured ipV6, checked it and then disabled it. This way if I ever need to enable it I can do so with one click. You don't need to do this - ipVanish currently does not support ipV6.
Primary DNS: 2620:0:ccc::2
Secondary DNS: 2620:0:ccd::2
ip Address Check:
whatismyipaddress.com whatismyip.com iplocation.net whatsmyip.org etc...
First step is to use one of the above sites (or another) to make a note of your ip address. It should show your current ip address, city and state.
Now go to the DD-WRT GUI (Control Panel). Under Setup - Basic Setup change Static DNS 1 & Static DNS 2 to OpenDNS ipV4 Servers. Click SAVE.
Next scroll down to Time Settings. Enter the server for your location and set time zone. Click SAVE
Next go to Services - Services and enable System Log (syslogd). Click SAVE.
Next go to Services - VPN and enable OpenVPN Client (start openvpn client). This will drop more settings down. Use settings below in screenshot (change the server to any ipvanish.com server you wish). Copy & Paste ipVanish CA Cert text in CA Cert Field. Click SAVE.
*Note* After countless adjustments and more trial and error - these are the settings that got ME the fastest and most reliable connection. You may find that you can get better speed with your router by changing Ports and/or Tunnel Protocol.
When your router fully comes back up. Check the OpenVPN connection:
First go to Status - OpenVPN. You should see a 'CONNECTED SUCCESS' as well as data transmission values.
Now go to one of the ip address websites. Your ip should have changed as well as city, state (the city, state of your ipvanish.com server).
If you want to disable your VPN for any reason (Netflix, etc..), just go to Services - VPN and disable OpenVPN Client then click Apply Settings.
I can't speak to any other mobile devices, but I can Enable & Disable my VPN without problems via my iPad (I don't even have to get off the couch!)
My plan through my ISP is 150/15
With the VPN disabled I get max download speed of 170 Mbps
With the VPN enabled I get max download speed of 34 Mbps
FIRMWARE:OpenWrt SNAPSHOT r8217-2cc821e / LuCI Master (git-18.276.41146-280dd33) MODEM:ARRIS SURFBoard SB8200 ROUTER:Linksys WRT32X USB NAS:Western Digital BLACK 1 TB Hardrive + Startech USB 3.0 External SATA III Enclosure
Last edited by spuriousoffspring on Thu Oct 05, 2017 20:57; edited 1 time in total
Joined: 05 Apr 2017 Posts: 981 Location: Louisiana, USA
Posted: Fri May 05, 2017 9:23 Post subject:
Very glad it helped!
It took me quite a while to figure out my initial setup wasn't connecting due to a DNS issue.
I kept trying to use ipVanish's DNS Servers at: 198.18.0.1 & 198.18.0.2.
According to their own Help Page, (which they have since updated with much better info):
'A DNS leak is when those requests to transform an address/URL into an IP address somehow ends up going through someone else's DNS server instead of our VPN. This is considered a breach of privacy because whoever owns the DNS server can do things you may not like, including but not limited to, recording what websites you visit or redirecting your requests to a server other than the one it was intended for.'
Their only solution is to configure the entire OpenVPN manually via script. This would make changing servers as well as enable / disable much more complicated.
After more research I found another definition of DNS Leak to be: any DNS from your Internet Service Provider.
There are many more options other than OPEN DNS. I just found them to be the fastest for my location.
* I have used Level3 and Google DNS with no problems
Another setting that I found to be different for me was the Port and Protocol.
Everything I read said that UDP port 1194 is the fastest. After playing around with the ports and other settings such as Tunnel MTU & Tunnel UDP Fragment the average download speed I would get was around 14 Mbps.
After switching to TCP port 443 my average speed climbed to around 30 Mbps.
There is an added benefit to this configuration also as some websites block VPN users by identifying the port 1194. Switching to port 443 tricks some (not all) into looking like https (http secure). _________________ DD-WRT Installation & Setup TUTORIAL http://www.dd-wrt.com/phpBB2/viewtopic.php?t=311117
FIRMWARE:OpenWrt SNAPSHOT r8217-2cc821e / LuCI Master (git-18.276.41146-280dd33) MODEM:ARRIS SURFBoard SB8200 ROUTER:Linksys WRT32X USB NAS:Western Digital BLACK 1 TB Hardrive + Startech USB 3.0 External SATA III Enclosure
Joined: 05 Apr 2017 Posts: 981 Location: Louisiana, USA
Posted: Fri May 05, 2017 9:32 Post subject:
By the way, as different speed test give mixed results, the above mentioned speeds were through fast.com if you want to compare. _________________ DD-WRT Installation & Setup TUTORIAL http://www.dd-wrt.com/phpBB2/viewtopic.php?t=311117
FIRMWARE:OpenWrt SNAPSHOT r8217-2cc821e / LuCI Master (git-18.276.41146-280dd33) MODEM:ARRIS SURFBoard SB8200 ROUTER:Linksys WRT32X USB NAS:Western Digital BLACK 1 TB Hardrive + Startech USB 3.0 External SATA III Enclosure
I have not yet tested which setup is better... I'm waiting for a new router WRT1900ACS.
Can anyone give some feedback about the new IPVanish setup instructions vs this one shared by spuriousoffspring?
Thanks
I am by no means an expert in this and hopefully somone will correct me if I am wrong, but I believe that the updated setup from ipVanish still doesn't take into account that the scripts listed under 'Additional Config' are options in the GUI.
I tried their new setup and it will not work until I clear the 'Additional Config' box.
FIRMWARE:OpenWrt SNAPSHOT r8217-2cc821e / LuCI Master (git-18.276.41146-280dd33) MODEM:ARRIS SURFBoard SB8200 ROUTER:Linksys WRT32X USB NAS:Western Digital BLACK 1 TB Hardrive + Startech USB 3.0 External SATA III Enclosure
Interesting. I have the scripts in the additional configuration box and it is working. When I get home tonight I'll delete the scripts in that box and see what happens.
Interesting. I have the scripts in the additional configuration box and it is working. When I get home tonight I'll delete the scripts in that box and see what happens.
So I tried taking the text out of the additional configuration box and it works as normal. Not really sure what that text does in their set up guide.
Joined: 05 Apr 2017 Posts: 981 Location: Louisiana, USA
Posted: Wed May 10, 2017 15:23 Post subject:
stangdriverdoug wrote:
stangdriverdoug wrote:
Interesting. I have the scripts in the additional configuration box and it is working. When I get home tonight I'll delete the scripts in that box and see what happens.
So I tried taking the text out of the additional configuration box and it works as normal. Not really sure what that text does in their set up guide.
Works both ways...with and without the text.
Here's a screenshot of my OpenVPN Status Log. Compare it to yours with the 'Additional Config' scripts in place and see if there are any major differences.
FIRMWARE:OpenWrt SNAPSHOT r8217-2cc821e / LuCI Master (git-18.276.41146-280dd33) MODEM:ARRIS SURFBoard SB8200 ROUTER:Linksys WRT32X USB NAS:Western Digital BLACK 1 TB Hardrive + Startech USB 3.0 External SATA III Enclosure
I have received my new router WRT1900ACS V2 and configured OpenVPN with exactly the same settings as IPVanish new instructions. The speeds are very good for me with this setup.
My ISP connection is 120/8 Mbps.
With VPN disable I get 41 with fast.com and 119 with speedtest.
With VPN enable I get 18 with fast.com and 84 with speedtest.
For now I will leave it this way since I don't have many free time to play with the settings and I believe it will be hard to achieve significant better results.
Posted: Wed May 31, 2017 18:30 Post subject: Cannot connect
Hi, I have netgear n7000 with latest Kong firmware on it. I am trying to setup ipvanish on it. Followed ipvanish setup guide, followed the instructions here but still no luck. Anyone can help me with that please?
Jan 1 01:01:18 DD-WRT daemon.err openvpn[1150]: VERIFY ERROR: depth=1, error=certificate is not yet valid: C=US, ST=FL, L=Winter Park, O=IPVanish, OU=IPVanish VPN, CN=IPVanish CA, emailAddress=support@ipvanish.com
Jan 1 01:01:18 DD-WRT daemon.err openvpn[1150]: OpenSSL: error:14090086:lib(20):func(144):reason(134)
Jan 1 01:01:18 DD-WRT daemon.err openvpn[1150]: TLS_ERROR: BIO read tls_read_plaintext error
Joined: 05 Apr 2017 Posts: 981 Location: Louisiana, USA
Posted: Wed May 31, 2017 19:01 Post subject: Re: Cannot connect
kella wrote:
Hi, I have netgear n7000 with latest Kong firmware on it. I am trying to setup ipvanish on it. Followed ipvanish setup guide, followed the instructions here but still no luck. Anyone can help me with that please?
Jan 1 01:01:18 DD-WRT daemon.err openvpn[1150]: VERIFY ERROR: depth=1, error=certificate is not yet valid: C=US, ST=FL, L=Winter Park, O=IPVanish, OU=IPVanish VPN, CN=IPVanish CA, emailAddress=support@ipvanish.com
Jan 1 01:01:18 DD-WRT daemon.err openvpn[1150]: OpenSSL: error:14090086:lib(20):func(144):reason(134)
Jan 1 01:01:18 DD-WRT daemon.err openvpn[1150]: TLS_ERROR: BIO read tls_read_plaintext error
This is the error message in syslog
Did you substitute the @ in your user name / email address for an _ ?
I should have updated the instructions above after updating to the newer firmware, but here goes...
After updating to Brainslayer's 2017 May 2 v3.0 r31924 Firmware I found that I had to use the updated ipVanish instructions.
The only 2 differences from my earlier instructions are:
TLS Cipher= none
Additional Config= from ipVanish dd-wrt v3 instructions
FIRMWARE:OpenWrt SNAPSHOT r8217-2cc821e / LuCI Master (git-18.276.41146-280dd33) MODEM:ARRIS SURFBoard SB8200 ROUTER:Linksys WRT32X USB NAS:Western Digital BLACK 1 TB Hardrive + Startech USB 3.0 External SATA III Enclosure
FIRMWARE:OpenWrt SNAPSHOT r8217-2cc821e / LuCI Master (git-18.276.41146-280dd33) MODEM:ARRIS SURFBoard SB8200 ROUTER:Linksys WRT32X USB NAS:Western Digital BLACK 1 TB Hardrive + Startech USB 3.0 External SATA III Enclosure