[Tutorial] How to setup a NordVPN OpenVPN client with dd-wrt

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking
Goto page 1, 2, 3, 4, 5, 6, 7, 8, 9  Next
Author Message
lollabie
DD-WRT Novice


Joined: 19 Oct 2013
Posts: 42

PostPosted: Tue Jun 24, 2014 19:05    Post subject: [Tutorial] How to setup a NordVPN OpenVPN client with dd-wrt Reply with quote
I'm posting this since it took me a bit of fiddling to get it working and to hopefully save you some time.

How to setup the OpenVPN client of dd-wrt so it works with the VPN provider NordVPN
NordVPN recently posted a blog post about this topic. But the solution they described didn't work for me. They paste the whole config in the startup script. My solution uses mainly the web interface.

Setup the OpenVPN client settings like shown here in the attached picture (mirror: http://imgur.com/EV6z2s2)

Use an UDP server and enter it's ip adress and use the correct certificates for that server (You can get all those values from the openvpn config files which you can download on the nordvpn website).

Now on your dd-wrt web interface go to Administration -> Commands
And enter this as your startup script (edit your username and password):

Code:
echo "YOURUSERNAME
YOURPASSWORT" > /tmp/openvpncl/user.conf

/usr/bin/killall openvpn
/usr/sbin/openvpn --config /tmp/openvpncl/openvpn.conf --route-up /tmp/openvpncl/route-up.sh --down-pre /tmp/openvpncl/route-down.sh --daemon



reboot, and everything should work!

If you want to use a tcp server, just change the protocol, IP, port and certificates.

The build I use is 24345M on a R7000.

UPDATE:

Also as of build 24710 you can enter the username and password via the GUI like this:



With that you no longer need that startup script and that one line in the "Additional config" section

UPDATE2:
Not sure if this guide is working anymore since it's been a while, check what others write in this post

Hope this helps!
If you want to say thanks: btc to 1MybiEbRYDkZwrVCDDZiq8sK2jdLK4eH2h


Last edited by lollabie on Sun Nov 26, 2017 0:27; edited 2 times in total
Sponsor
EmpireExpeditions
DD-WRT Novice


Joined: 11 Jul 2014
Posts: 1

PostPosted: Fri Jul 11, 2014 14:48    Post subject: Reply with quote
That's great, I flashed to DD-WRT yesterday and then tried to follow the guide by NordVPN and found that their instructions didn't work.
Thanks for your guide.

I'm experiencing a speed problem though...

Without VPN I get 118 Mbps download via speedtest on my net connection, using TunnelBlick on the Mac I get 110 Mbps download on speedtest.
But when I use the R7000 to handle the VPN connection and your guide, I can't get higher than 22 Mbps down. Switching the firewall off on the router makes no difference to performance either.

The CPU on the R7000 seems to be barely breaking a sweat so I'm wondering if there are some settings we're missing?

Certainly the (non working) guide from Nord includes a load of parameters we're not setting via the GUI.
lollabie
DD-WRT Novice


Joined: 19 Oct 2013
Posts: 42

PostPosted: Mon Jul 28, 2014 23:10    Post subject: Reply with quote
Yeah, I don't think those parameters have a influence on your throughput though.
But go ahead and try for yourself. You can put any of these other parameters in the "Additional config" section.

I got a 40mbit connection and get the full speed.


Last edited by lollabie on Mon Jul 28, 2014 23:17; edited 1 time in total
lollabie
DD-WRT Novice


Joined: 19 Oct 2013
Posts: 42

PostPosted: Mon Jul 28, 2014 23:14    Post subject: Reply with quote
Also as of build 24710 you can enter the username and password via the GUI like this:



With that you no longer need that startup script and that one line in the "Additional config" section
Iknownothing1
DD-WRT Novice


Joined: 13 Nov 2014
Posts: 1

PostPosted: Thu Nov 13, 2014 1:57    Post subject: Having problems with the setting. Reply with quote
Hello, I set everything exactly as written in this thread but however encountering the following logs even when the status was showing connected.


Quote:
Serverlog Clientlog 20141113 02:04:36 I OpenVPN 2.3.0 mips-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Mar 25 2013
20141113 02:04:36 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16
20141113 02:04:36 W WARNING: file '/tmp/openvpncl/user.conf' is group or others accessible
20141113 02:04:36 W WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
20141113 02:04:36 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20141113 02:04:36 W WARNING: file '/tmp/openvpncl/ta.key' is group or others accessible
20141113 02:04:36 I Control Channel Authentication: using '/tmp/openvpncl/ta.key' as a OpenVPN static key file
20141113 02:04:36 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
20141113 02:04:36 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
20141113 02:04:36 Socket Buffers: R=[172032->131072] S=[172032->131072]
20141113 02:04:36 I UDPv4 link local: [undef]
20141113 02:04:36 I UDPv4 link remote: [AF_INET]141.105.68.130:1194
20141113 02:04:36 TLS: Initial packet from [AF_INET]141.105.68.130:1194 sid=ca144186 12b51eb0
20141113 02:04:36 W WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
20141113 02:04:38 VERIFY OK: depth=1 C=RU ST=RU L=SanFrancisco O=NordVPN OU=RU CN=vpn-ru.nordvpn.com name=vpn-ru.nordvpn.com emailAddress=mail@host.domain
20141113 02:04:38 VERIFY OK: depth=0 C=PA ST=PA L=Panama O=NordVPN OU=NordVPN CN=vpn-ru.nordvpn.com name=NordVPN emailAddress=cert@nordvpn.com
20141113 02:04:39 W WARNING: 'link-mtu' is used inconsistently local='link-mtu 1558' remote='link-mtu 1590'
20141113 02:04:39 W WARNING: 'tun-mtu' is used inconsistently local='tun-mtu 1500' remote='tun-mtu 1532'
20141113 02:04:39 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
20141113 02:04:39 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
20141113 02:04:39 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
20141113 02:04:39 NOTE: --mute triggered...
20141113 02:04:42 2 variation(s) on previous 3 message(s) suppressed by --mute
20141113 02:04:42 I [vpn-ru.nordvpn.com] Peer Connection Initiated with [AF_INET]141.105.68.130:1194
20141113 02:04:45 SENT CONTROL [vpn-ru.nordvpn.com]: 'PUSH_REQUEST' (status=1)
20141113 02:04:45 PUSH: Received control message: 'PUSH_REPLY redirect-gateway def1 dhcp-option DNS 8.8.8.8 dhcp-option DNS 8.8.4.4 route 10.8.8.1 topology net30 ping 5 ping-restart 30 ifconfig 10.8.8.142 10.8.8.143'
20141113 02:04:45 OPTIONS IMPORT: timers and/or timeouts modified
20141113 02:04:45 NOTE: --mute triggered...
20141113 02:04:45 3 variation(s) on previous 3 message(s) suppressed by --mute
20141113 02:04:45 ROUTE_GATEWAY 10.0.0.1/255.255.255.0 IFACE=vlan2 HWADDR=6c:b0:ce:1f:8e:8e
20141113 02:04:45 I TUN/TAP device tun1 opened
20141113 02:04:45 TUN/TAP TX queue length set to 100
20141113 02:04:45 I do_ifconfig tt->ipv6=1 tt->did_ifconfig_ipv6_setup=0
20141113 02:04:45 I /sbin/ifconfig tun1 10.8.8.142 pointopoint 10.8.8.143 mtu 1500
20141113 02:04:45 /sbin/route add -net 141.105.68.130 netmask 255.255.255.255 gw 10.0.0.1
20141113 02:04:45 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.8.8.143
20141113 02:04:45 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.8.8.143
20141113 02:04:45 /sbin/route add -net 10.8.8.1 netmask 255.255.255.255 gw 10.8.8.143
20141113 02:04:45 I Initialization Sequence Completed
20141113 02:04:51 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20141113 02:04:51 D MANAGEMENT: CMD 'state'
20141113 02:04:51 MANAGEMENT: Client disconnected
20141113 02:04:51 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20141113 02:04:51 D MANAGEMENT: CMD 'state'
20141113 02:04:51 MANAGEMENT: Client disconnected
20141113 02:04:51 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20141113 02:04:51 D MANAGEMENT: CMD 'state'
20141113 02:04:51 MANAGEMENT: Client disconnected
20141113 02:04:52 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20141113 02:04:52 D MANAGEMENT: CMD 'log 500'
19700101 00:00:00


Is there a solution for this? Thank you for reading this.
mikescool
DD-WRT Novice


Joined: 30 Aug 2007
Posts: 5

PostPosted: Wed Feb 11, 2015 19:29    Post subject: Reply with quote
did you guys on NordVPN ever have the issue of only 1 device connected through the router having a working internet connection with OpenVPN on?
v222
DD-WRT Novice


Joined: 06 Mar 2015
Posts: 1

PostPosted: Fri Mar 06, 2015 21:11    Post subject: reply Reply with quote
SO, I attempted both methods. I could not find yours anywhere in my dd-wrt BUILD 26446 settings.

I attempted nordvpn's script also with a failure. Nordvpn referred me to here and was very little help.

can anyone help me?

thank you
it-chris
DD-WRT Novice


Joined: 24 Mar 2015
Posts: 1

PostPosted: Tue Mar 24, 2015 1:04    Post subject: Reply with quote
@v222 did you figure it out?

I would recommend clearing your VRAM before doing so. This method is outdated. It's as easy as making sure you enter both the TLS auth and CA Cert correctly starting and ending with ---begin cert---, the correct IP of the .ovpn file you downloaded for the desired server, a few settings (look below) and of course your username and password.

Here is a screenshot:

http://prntscr.com/6kl9rf

Also if you are interested in an easy iptables firewall rules for a vpn killswitch (be sure to flush existing iptable rules if necessary):

iptables -I FORWARD -i br0 -o tun1 -j ACCEPT
iptables -I FORWARD -i tun1 -o br0 -j ACCEPT
iptables -I FORWARD -i br0 -o vlan2 -j DROP
iptables -I INPUT -i tun0 -j REJECT
iptables -t nat -A POSTROUTING -o tun1 -j MASQUERADE

Keep in mind your interfaces might not be the same as mine. Run a quick ifconfig to resolve your interfaces.
tmo1138
DD-WRT User


Joined: 24 Mar 2015
Posts: 172
Location: Tacoma, Wa

PostPosted: Sat Apr 04, 2015 0:57    Post subject: Reply with quote
mikescool wrote:
did you guys on NordVPN ever have the issue of only 1 device connected through the router having a working internet connection with OpenVPN on?


I did.. and the people at NordVPN just referred me here to this page.. Confused
FluxSine
DD-WRT Novice


Joined: 26 Jun 2015
Posts: 1

PostPosted: Fri Jun 26, 2015 18:38    Post subject: OpenWRT + OpenVPN Router Client Setup Reply with quote
Hello,
Any of you had success configuring OpenWRT with OpenVPN? I only ask because NordVPN referred me to this site, but my router is a TP-Link WR841N and the only firmware that supports VPN is a custom OpenWRT firmware. I have it installed, but I'm wondering if anyone has used OpenWRT with OpenVPN and might have a good guide or link to look at. Thanks For you Help in advance.
vipersinu2
DD-WRT Novice


Joined: 06 Apr 2013
Posts: 17

PostPosted: Sun Dec 20, 2015 18:18    Post subject: Reply with quote
EmpireExpeditions wrote:
That's great, I flashed to DD-WRT yesterday and then tried to follow the guide by NordVPN and found that their instructions didn't work.
Thanks for your guide.

I'm experiencing a speed problem though...

Without VPN I get 118 Mbps download via speedtest on my net connection, using TunnelBlick on the Mac I get 110 Mbps download on speedtest.
But when I use the R7000 to handle the VPN connection and your guide, I can't get higher than 22 Mbps down. Switching the firewall off on the router makes no difference to performance either.

The CPU on the R7000 seems to be barely breaking a sweat so I'm wondering if there are some settings we're missing?

Certainly the (non working) guide from Nord includes a load of parameters we're not setting via the GUI.


The speeds should only be as fast as up upload speed from you ISP. Your on a VPN so transmit and recieve thru one pipe. You will be as fast as weakest link. I hope that helps
vipersinu2
DD-WRT Novice


Joined: 06 Apr 2013
Posts: 17

PostPosted: Mon Dec 21, 2015 15:46    Post subject: Reply with quote
mikescool wrote:
did you guys on NordVPN ever have the issue of only 1 device connected through the router having a working internet connection with OpenVPN on?


did you ever get 1 pc connecting resolved. I have the same issue. on vpn only 1 pc is getting connection, all the others go to limited or no connectivity. as soon as i disconnect from vpn; pc get dhcp and work again. vpn is only allowing one client at a time to use?
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 7924

PostPosted: Mon Dec 21, 2015 16:52    Post subject: Reply with quote
vipersinu2 wrote:
The speeds should only be as fast as up upload speed from you ISP. Your on a VPN so transmit and recieve thru one pipe. You will be as fast as weakest link. I hope that helps


Not true. The OpenVPN client is using the same ISP connection for upload and download, only the packets are encrypted and being forwarded to a single destination IP, that of the VPN provider. For performance testing purposes, the OpenVPN client will have the same up/down limitations wrt the ISP as any other connection over the WAN.

It's only if you were running your own local OpenVPN *server* and accessing it remotely that you would have this issue of your remote download performance being limited by the upload performance of your ISP since now the client and server have switched sides over the WAN.
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 7924

PostPosted: Mon Dec 21, 2015 17:04    Post subject: Reply with quote
vipersinu2 wrote:
mikescool wrote:
did you guys on NordVPN ever have the issue of only 1 device connected through the router having a working internet connection with OpenVPN on?


did you ever get 1 pc connecting resolved. I have the same issue. on vpn only 1 pc is getting connection, all the others go to limited or no connectivity. as soon as i disconnect from vpn; pc get dhcp and work again. vpn is only allowing one client at a time to use?


Did you NAT the VPN's tunnel? If you did, I don't see how the VPN provider could limit the number of clients anymore than your ISP can limit the number of clients behind the WAN. Not unless they were doing some sort of deep packet analysis, which seems extremely unlikely. In either case, the number of actual clients behind the network interface is obscured thanks to NAT.
vipersinu2
DD-WRT Novice


Joined: 06 Apr 2013
Posts: 17

PostPosted: Tue Dec 22, 2015 16:17    Post subject: Reply with quote
eibgrad wrote:
vipersinu2 wrote:
The speeds should only be as fast as up upload speed from you ISP. Your on a VPN so transmit and recieve thru one pipe. You will be as fast as weakest link. I hope that helps


Not true. The OpenVPN client is using the same ISP connection for upload and download, only the packets are encrypted and being forwarded to a single destination IP, that of the VPN provider. For performance testing purposes, the OpenVPN client will have the same up/down limitations wrt the ISP as any other connection over the WAN.

It's only if you were running your own local OpenVPN *server* and accessing it remotely that you would have this issue of your remote download performance being limited by the upload performance of your ISP since now the client and server have switched sides over the WAN.


That is a great bit of information. I have 160 down and 14 up. When dd wrt night hawk is connected to NordVPN I only get 14 which is my upload speed I though that was normal. And advice what I may be doing wrong. I have factory default router and just entered only info into openvpn client part of gui. I am connected to VPN when I check status on openvpn tab of GUI. Still only one client at a time. The other devices go limited or no connectivity.
Goto page 1, 2, 3, 4, 5, 6, 7, 8, 9  Next Display posts from previous:    Page 1 of 9
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum