Posted: Mon Apr 17, 2023 20:12 Post subject: DD-WRT Router with VPn behind ISP Router
Hi guys,
Trying to get this working as I want it but haven't used DD-WRT in a very long time and a lot of things have changed and i'm stuck to be fair.
I have some ZTE modem/router from ISP and i need to connect my own router with VPN behind it with only 1 client.
I have a Netgear R7000 with DD-WRT v3.0-r44715 which i can use or a Asus AC-RT68U which i can flash and use. I just chose the Netgear since it has a better CPU.
Now, I've managed to get the internet working by changing Netgear ip to x.x.2.1 and I assume if I install the VPN it will do the trick but I have a few things I would like to change if possible.
I am currently using pretty much default settings, see attached.
can i have the ISP modem/router not visible from the network? maybe having x.x.1.1 being the Netgear ip?
how do i avoid double NAT or any other conflicts? i have access to both routers
since all traffic will go through VPN i guess i can disable firewall and any kind of security? any opinions on settings i can change/disable to make the connection faster?
Any help would be greatly appreciated guys.
Thanks!
Untitled-1.png
Description:
Filesize:
41.09 KB
Viewed:
1170 Time(s)
Last edited by vrfx on Mon Apr 17, 2023 20:26; edited 1 time in total
Configure ISP gateway modem combo to true bridge mode, or at least IP passthrough or DMZ plus.
Otherwise double NAT, keep modem and router on their own separate IP network blocks or ranges.
Joined: 16 Nov 2015 Posts: 6410 Location: UK, London, just across the river..
Posted: Mon Apr 17, 2023 20:39 Post subject:
first update as blkt recommends !!! last build 52330..
Than use R7000, as it has a touch better specs...for VPN you dont have install anything, but
go to Services>VPN>client enable ....than set your VPN provider details...
since all traffic will go through VPN i guess i can disable firewall and any kind of security? any opinions on settings i can change/disable to make the connection faster?
Nope you dont have to disable firewall..it wont make any difference, but you will open a huge security hole...
Bear in mind VPN on R7000 depends form VPN provider,servers,encryption,location in best case scenario, R7000 will deliver 30-40Mbit over VPN...
If your VPN provider allows Wireguard instead of OpenVPN, than speed will be much better...as Wireguard is not that CPU intensive due to its nature of been in kernel space,instead of user space like OpenVPN...
Also.. See the forum guidelines with helpful pointers about how to research your router, where and what firmware to download, where and how to post and many other helpful tips:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087 _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
I have some reading to do but as much as I want to I don't think Wireguard is an option for me as it would be too difficult to get the conf file, no access to a linux machine.
I'll read through the documentation and I'll see how it goes.
Joined: 16 Nov 2015 Posts: 6410 Location: UK, London, just across the river..
Posted: Tue Apr 18, 2023 13:54 Post subject:
vrfx wrote:
Thanks for all the info guys!
I have some reading to do but as much as I want to I don't think Wireguard is an option for me as it would be too difficult to get the conf file, no access to a linux machine.
I'll read through the documentation and I'll see how it goes.
If your VPN provider supports WG, you dont need a linux machine to configure WG...just read the manual... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Thanks for the help. It's actually working fine without any tinkering, reset all settings and started again from scratch, just changing the ip works and does what I need.
I'm using it as is for now and will tinker over time with it.