How to implement an encrypted (VPN?) link into my local LAN

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
Shaggy1
DD-WRT Novice


Joined: 18 Jan 2017
Posts: 43

PostPosted: Sat Jun 18, 2022 16:54    Post subject: How to implement an encrypted (VPN?) link into my local LAN Reply with quote
System information
Quote:
Router: Netgear R7800


dd-wrt version:
Quote:
Firmware: DD-WRT v3.0-r44719 std (11/04/20)
Time: 18:38:38 up 54 days, 9:40, load average: 0.03, 0.09, 0.10
WAN IP: 185.219.109.47


Hi

I have installed a VPN client from an external provider on my router so that my outward going traffic is encrypted at the router and decrypted by the VPN server.

What I would also like to be able to do is to have an encrypted link in to my LAN from an external network.

Could someone clarify what I would need to do to do this ?

Is the way to do it to run a vpn server on my router , open required ports (ssh, https) via port forwarding and connect via a vpn clinet on my device ?

Or does simply opening up ssh/https ports and connecting using those protocols provide a relatively secure link in itself ?
Sponsor
dale_gribble39
DD-WRT Guru


Joined: 11 Jun 2022
Posts: 1889

PostPosted: Sat Jun 18, 2022 17:29    Post subject: Reply with quote
First order of business is to upgrade your router to the current release of DD-WRT.

https://download1.dd-wrt.com/dd-wrtv2/downloads/betas/2022/06-16-2022-r49212/netgear-r7800/

It is not entirely clear if you used a 3rd party VPN client or not, but you should consider using the included
OpenVPN or WireGuard client in DD-WRT for your connection to your VPN provider.

To answer your question regarding how to set up access from the outside world, you should consider reading
the OpenVPN / WireGuard guides that have been written and carefully curated by egc:

OpenVPN guides and documentation
WireGuard guides and documentation

_________________
"The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost

"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio

<fact>code knows no gender</fact>

This is me, knowing I've ruffled your feathers, and not giving a ****
Some people are still hard-headed.

--------------------------------------
Mac Pro (Mid 2012) - Two 2.4GHz 6-Core Intel Xeon E5645 processors 64GB 1333MHz DDR3 ECC SDRAM OpenSUSE Leap 15.5
the-joker
DD-WRT Developer/Maintainer


Joined: 31 Jul 2021
Posts: 2146
Location: All over YOUR webs

PostPosted: Sat Jun 18, 2022 17:34    Post subject: Reply with quote
Hello

First your dd-wrt build is seriously outdated (I bet you were looking at router database which is outdated), wireguard and openvpn side has any many patches by egc to fix issues and add features only available in current builds. Well since he patched it last, also current DD-WRT builds have many patched known security vulnerabilities, while your build is...not on any of the above.

Both on stickies on these subforums

OpenVPN guides https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327398
Wireguard guides and docs https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327397

You dont need to install anything on router from VPN providers, only maybe their configs, Dd-WRT has both server/client and once setup every connection/client will use the tunnel or whatever you setup following the guides.

WireGuard is better performing as its a in kernel implementation while OpenVPN is a 3rd party component built into DD-WRT.

Both the guides are writen by egc who is our resident tunneling expert and beloved M.C.H.O.

For firmware upgrades http://ftp.dd-wrt.com/dd-wrtv2/downloads/betas/2022/

Current build is 06-16-2022-r49212

You should upgrade then do a nvram reset and reconfigure from scratch.

Upon login to web interface, you should also clear browser cache to let the new UI load properly, for this use CTRL+F5

_________________
Saving your retinas from the burn!🔥
DD-WRT Inspired themes for routers
DD-WRT Inspired themes for the phpBB Forum
DD-WRT Inspired themes for the SVN Trac & FTP site
Join in for a chat @ #style_it_themes_public:matrix.org or #style_it_themes:discord

DD-WRT UI Themes Bug Reporting and Discussion thread

Router: ANus RT-AC68U E1 (recognized as C1)


Last edited by the-joker on Sat Jun 25, 2022 17:08; edited 1 time in total
Shaggy1
DD-WRT Novice


Joined: 18 Jan 2017
Posts: 43

PostPosted: Sat Jun 25, 2022 14:01    Post subject: Reply with quote
Hi

Thank you very much for your replies.

Thank you for the link to the latest firmware - in general we are supposed to use versions under 'beta' ?
> You should upgrade
As far as upgrading goes I was simply going to download the bin file, go to Administration->Firmaware, browse to the bin file and press 'Upgrade'. Is that the correct procedure, or is it more complicated than that ?
> then do a nvram reset and reconfigure from scratch.
So all my configuration will be lost on the upgrade ? including basic setup, wireless configuration, vpn client etc.
If so is there any way to back my current config up to a file of some sort, then re-load it after the upgrade ?

Yes I am using a 3rd party VPN - they provided me with the configuration/certificates to run the openvpn client on the router, so I did not need to put one on every device.

I'm on a fairly steep learning curve as regards VPN at the moment, so I'm still trying to clarify things from a top level, so I'm not entirely clear at the why/how one could have a local vpn client, since I thought you'd always need an external server the other side of the ISP to decrypt ?

I take it from your replies it is OK, then, to run both a VPN server and a vpn client on the router ?

Thank you for the link to the setup guides. I've not come accross wireguard before. As far as I can gather it is a lighter weight, more up to date vpn server implementation - so you either use wireguard or openvpn - is that correct ?

Since I'm pretty new to vpn I am a bit confused as to how routing would work. Before diving in to the vpn set up I'd like to have a bit of a top level understanding of what is needed/how the packets are routed.
General questions that come to mind are things like:
How does the router 'know' that outgoing traffic initiated from my LAN should be routed via the vpn client ?
And what happens with outgoing traffic triggered by requests from my vpn client on my device on an external network - how does it know to route through local vpn server ? or is it all always routed through my vpnn client ?
How does the router 'know' that incoming traffic from my third party vpn server shoud be routed through my vpn client for decryption ?
And incoming traffic from the client on my device (on an external network) should be routed through the vpn server for decryption ?
Which of these routing behaviours do I need to explicitly configure ?
And what is handled automatically by the vpns (I get the impression a separate subnet is set up by the vpn)

Bit outside the scope of this forum - but I don't suppose anyone knows of any documentation that might help answer some of these questions ?
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12812
Location: Netherlands

PostPosted: Sat Jun 25, 2022 15:25    Post subject: Reply with quote
Former speakers already linked to the OpenVPN guides:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327398

You need the Client setup guide.

With any luck there is a paragraph about your specific provider.

If not, let us know which provider you have

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Shaggy1
DD-WRT Novice


Joined: 18 Jan 2017
Posts: 43

PostPosted: Sun Jul 10, 2022 10:45    Post subject: Reply with quote
> If so is there any way to back my current config up to a file of some sort, then re-load it after the upgrade ?
Anyone any idea if this is possible ?
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12812
Location: Netherlands

PostPosted: Sun Jul 10, 2022 11:20    Post subject: Reply with quote
Shaggy1 wrote:
> If so is there any way to back my current config up to a file of some sort, then re-load it after the upgrade ?
Anyone any idea if this is possible ?


No otherwise it would be garbage out garbage in Sad

However there are ways to preserve some settings see:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=322503

Alternative copy all nvram variables to a file:
nvram show > /tmp/mynvram.txt

and grab the file with winscp and use what you need to reenter

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Shaggy1
DD-WRT Novice


Joined: 18 Jan 2017
Posts: 43

PostPosted: Mon Jul 11, 2022 8:47    Post subject: Reply with quote
Thank you very much for the link.

> No otherwise it would be garbage out garbage in
Ok. So presumably the settings for a previous release may not be entirely compatible with a new one.
Shaggy1
DD-WRT Novice


Joined: 18 Jan 2017
Posts: 43

PostPosted: Sat Jul 16, 2022 16:01    Post subject: Reply with quote
I downloaded easyddup and am going through the instructions in QuickStart.txt. I got to the point where I run:
Code:
./nvram-save.sh


but this came up with a message :
Code:
nvram-save.sh: NVRAM variable file not found: nvram-dd-wrt.ini


Does anyone know where I should get this file from ?

Is it simply a matter of using the provided nvram-dd-wrt.ini.sample for this or do I need to somehow generate this file from my current routing settings ?
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12812
Location: Netherlands

PostPosted: Sat Jul 16, 2022 16:13    Post subject: Reply with quote
Better ask your question in the easyddup thread: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=322503&start=210
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Shaggy1
DD-WRT Novice


Joined: 18 Jan 2017
Posts: 43

PostPosted: Sat Sep 10, 2022 10:09    Post subject: Reply with quote
Ok. Thank you I will try posting there
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum