This is pretty much their default guide. You see this when you login, click "DD-WRT routers", and then generate code under the automated installer after selecting the servers.
It says :
"In the "OpenVPN Daemon" section select "Enable".
Then click "Save".
Note! Do not enable OpenVPN Client."
If I follow all that step by step it does work perfectly as in my outgoing IP changes. Just don't know how to setup your stuff with this
Regarding your comment below, I dont want to sound rude either but since you brought their guide to the topic i just referred to an easier guide that is manual giving you the chance to understand and customize the OpenVPN much easier since you can see what values you set one by one rather than the automatic one your link refers to.
Thank you for this VERY informative & useful post. The observation about OpenVPN being broken above 18777 is on the mark. Of course no one has any way of knowing this outside of trial and error. I've been pulling my hair out since yesterday trying to figure out why this was not working until I saw your post, downgraded to 18777 and BANG, worked instantly. If somebody posts asking about all this he will likely be told to RTFM. What good is the stupid manual if the software is broken???? Anyway, I'll stop ranting now.
So thanks for that VERY important piece of info.
I had a couple other questions though. You said you're using HMA but then you also say enable openvpn client. The HMA people specifically tell you not to do that and ask to simply enable "OpenVPN server". If I threw your config into the additional config area of the OpenVPN server will it work?
Secondly, what IP would I substitute into the XXX. area? The VPN IP? That's unique everytime though.
Thank you so much for this post BTW. Exceptional stuff.
Sorry to tell you this but there are other builds above 18777 where OpenVPN works. I use build 18946 and OpenVPN works perfectly. For both client and server. You should double check before claiming that they dont work above build 18777
Sorry to tell you this but there are other builds above 18777 where OpenVPN works. I use build 18946 and OpenVPN works perfectly. For both client and server. You should double check before claiming that they dont work above build 18777
1> This is good. However, the fact that VPN does not work above 18777 was the OP's assertion, not mine.
2> The link to the guide you posted has already been posted in the thread and used by many including me.
The thread is not about configuring HMA with DD-WRT which is why your post was off-topic especially since the info you provided has already been posted in said thread.
We are currently wrestling with 3 issues here :
1. How not to fill up the NVRAM of the router when adding all these custom routing entries to the VPN under "additional config".
2. Finding a way to make FQDN work for routing (perhaps via a proxy based solution on DD-WRT) so wide swaths of the internet don't need to be routed via the VPN.
3. Failing #2, adding to the list of ranges that need to routed via US VPN to get all US/English language content.
Any and all help on these 3 issues would be much appreciated.
Posted: Fri Nov 09, 2012 18:35 Post subject: Privoxy
Can you guide me on, how i can set this up? I have currently setup openvpn on my vps which works fine. But it becomes troublesome to find all the correct IPs.
goli wrote:
Hey there.
I started using privoxy as a transparent proxy on my dd-wrt box. And I use another HTTP proxy on the OpenVPN entpoint side. For me this is no problem because the remote endpoint is a VPS completely managed by myselfe.
This allows me to filter HTTP requests by very fine grained rules on my local side that aren't based on current IP addresses.
Especially when you start doing youtube through such a proxy, this becomes very importent because it's the only managable way to avoid doing all google traffic throug an oversea VPN.
Here's my current local privoxy configuration on my dd-wrt box. It's a useractions file.
This completely works without the iptables stuff targeting remote content providers. Instead, I pass all my HTTP traffic through my local privoxy instance that runs on my dd-wrt:
I would love to use the routing tables to selectively route/tunnel certain internet(wan) IP addresses (ie. Hulu, Vevo, CBS etc.) through the openVPN. I would like all other addresses unfiltered through my local ISP. I have tried the solution mentioned in the first post, but find when I add the following code to the "Additional Config" that OpenVPN fails to connect.
There are two hosts involved:
* A VPS in a data center
* My local dd-wrt
The VPS runs OpenVPN on 0.0.0.0:1194, which is completely default. Its internal IP could bei 192.168.50.1.
The VPS additinally runs Privoxy on 192.168.50.1:8118, so the Privoxy HTTP proxy is only available thorugh OpenVPN, not through the public interface of the VPS. We don't want to provide our very own http provxy open for public use.
The dd-wrt internally provides 192.168.0.1/24, just default.
The dd-wrt runs the OpenVPN client, connects to the VPS and gets the internal 192.168.50.2. We don't need any further routing, our local clients (of the dd-wrt subnet) don't have to reach the VPS internal interface directly.
The dd-wrt runs another Privoxy instance which listens to 192.168.0.1:8118. Here the provixy coniguration from above becomes important: All HTTP requests matching the obove rules are forwareded from the dd-wrt-Privoxy to the VPS-Privoxy. That's basically what my configuration description sais.
So, until here you can just type the 192.168.0.1:8118 as HTTP proxy in your browser. This should work just fine without any iptables magic.
Now iptabes on the dd-wrt becomes involved. We redirect all HTTP connections that target the internal dd-wrt interface (br0) and on port 80. This are HTTP requests from inside our network to the outside world. I've restricted this to 192.168.0.128/27, so that's the hosts from 192.168.0.128 to 192.168.0.159 -- my dhcp range. This is kind of important. You should, at least, exclude the 192.168.0.1 directly form being redirected.
Things that have to be set up and can be tested:
The dd-wrt should be able to ping the external VPS interface. That's usually no problem a s soon as the VPS is up and running.
The dd-wrt should be able to ping the internal VPS interface (192.168.50.1). Can be tested by connecting to the dd-wrt by telnet and just "ping".
The VPS should be able to ping back to 192.168.50.2. Test this by connecting to the VPS via SSH.
Using "netstat" on the VPS you should be able to see privoxy listening 192.168.50.1:8118.
Using "netstat" on the dd-wrt you shold be able to see privoxy listening on 192.168.0.1:8118.
Posted: Mon Dec 24, 2012 4:12 Post subject: Selective VPN
As well, there are some other VPN services today that offer Selective Routing, and it works on most devices. http://www.vpnselect.com seems to be interesting. The idea is that you can choose sites you want to access (or block), and use services from different countries at the same time - for example one watches Netflix UK on TV in leaving room, and other can watch Hulu US from Xbox connected to TV in his bedroom.
I'm using OPs routing table, which works great, thanks for that.
Now, I would also like Google Play (android market) through my VPN, how would I go about identifying the IPs? Or if anyone happens to have them, that would be much appreciated.
Thanks a lot. Followed your tutorial and It's working great for me. I'm not a network expert and want to add HBO GO to the list. Can anyone help me with that ?
Adding them is not hard. You can use tracert to find out where it is connecting to. so like tracert hbo.com. Look up hbo.com or the ip addresses ASN number.
Find a site such as http://bgp.he.net that translates the ASN into IP used. Add them to the list.
Also so other things i leaned along the way. DONOT add port forwards while connected to the openVPN. It kills the net. Disable the vpn, add the ports and reenable the VPN. It did this on 18x and 21x. Spent all day scratching my head on why it killed it, but it does.
Here is my list running on 21x has google play store IN ENGLISH youtube IN ENGLISH thank god. Stuff like vudu apps for my panasonic TV etc.
I got lazy on a couple of them like google. Them boys just have too many ips to add them one by one. So some other sites may end up going through the vpn also, but that is not really a problem.
You will also want a CIDR table to help with the subnets if you want to add any more.
# disney.go.com - WORKS
route 68.71.208.0 255.255.240.0 vpn_gateway
# Viacom i.e. nick.com and all that crap - WORKS
route 129.228.0.0 255.255.128.0 vpn_gateway
route 166.77.0.0 255.255.0.0 vpn_gateway
route 206.220.40.0 255.255.252.0 vpn_gateway
route 69.31.132.0 255.255.254.0 vpn_gateway
route 72.246.0.0 255.254.0.0 vpn_gateway
# CBS - WORKS
route 198.99.118.0 255.255.254.0 vpn_gateway
route 198.99.120.0 255.255.254.0 vpn_gateway
route 198.99.122.0 255.255.255.0 vpn_gateway
# NBC WORKS
route 66.77.124.0 255.255.255.0 vpn_gateway
# ABC & general Disney range works
route 199.181.129.0 255.255.255.0 vpn_gateway
route 199.181.130.0 255.255.254.0 vpn_gateway
route 199.181.132.0 255.255.252.0 vpn_gateway
Posted: Mon Dec 09, 2013 4:22 Post subject: This sounds exactly what I need!
I live in the Caribbean and bought a network enabled DVD player with netflix. It can't connect as it has the wrong IP, so I want to buy a router (e3200 or e4200) and set it up with my identity cloaker us IP address.
Once I have figured out which builds to use, how do I enter the code you show into the router, or can you point me to a step by step tutorial in this forum?
When I route 0.0.0.0 on my vpn I get american netflix.
When I route only the ips listed in this thread I get uk netflix and I am even using my american dns server for the dns lookups with no success, it only works when I route the entire internet via the vpn.
I know the ips are been rerouted as I can see they been rerouted on pings and traceroutes.
The answer seems when I auth to netflix I am doing so on a ip not listed. Because when I was already authed (restarted vpn whilst logged into netflix) I was still able to play american only media. But as soon as I logged out and back in again it was back to uk only.