Posted: Thu Nov 02, 2017 0:40 Post subject: DD-WRT OpenVPN guide for complete dummies
I have compiled an OpenVPN guide for complete dummies (like me), as a pdf.
The information is scattered around this website and others, but not a single guide I was able to dig up, had all of the information I needed to get my router (Linksys WRT-1900AC v2) up and running with OpenVPN.
I decided it was worth the time to compile the data I found into one easy to reference guide, that could be downloaded and shared.
Hopefully, this guide will save about a week of your life. That is how much time it took me to try and fail over and over to make OpenVPN work on my router.
I would really like feedback here. If you try this guide out, and you find any issues that prevent you from establishing an OpenVPN connection on your computer using the settings I have included in the guide, PLEASE let me know. I will amend the guide and put up a new revision.
As you will see in the guide, this method assumes that your DD-WRT router is secondary to your primary internet facing router. I do not go into detail on the methods for setting up a DD-WRT router as the primary WAN/DHCP router on your network. If this guide gets any traction, we can discuss those methods and amend the guide accordingly.
The idea here is to make it easy for people to find the information they need to get OpenVPN up and running without having to scour the internet for easter eggs.
If you run ovpn ser on the WAP there is no need for a DHCP forwarder.
DHCP should be disabled.
Also DNSMasq should be disabled ..unless you are running a guest network from it -- which has nothing to do with ovpn serv anyways
Only firewall needed on the WAP for the ovpn server to work is
that just opens the LAN to it... that's all you want and that'll get it to/from main router.
Works same on QCA or BRCM units
but....If what you have works then that's all that matters
EDIT: I see you are using a Marvell unit.
I don't know squat about them but all my atheros/QCA/BRCM units use tun2 for ovpn server ...
...not that it even matters running from a WAP
The idea with this setup was not necessarily to be exclusively WAP, but rather to use the router as a ovpn server, that would provide some level of protection (though encryption) for all clients, wired and wireless that are connected to it. I got this router brand new in the box a week ago and paid $80.00 for it, so it was a good investment for me.
mrjcd wrote:
If you run ovpn ser on the WAP there is no need for a DHCP forwarder.
DHCP should be disabled.
I do not see an option for completely disabling DHCP anywhere. In the "Network Address Server Settings (DHCP)" section of the "Setup/Basic Setup" tab, there is a drop down menu for DHCP and the only 2 choices are "DHCP Server" and DHCP Forwarder". Is there another option in the GUI somewhere that I am missing to completely turn off DHCP ?
mrjcd wrote:
Also DNSMasq should be disabled ..unless you are running a guest network from it -- which has nothing to do with ovpn serv anyways
If I am not running this router as a WAP exclusively, and will have other computers plugged into it directly, even tho it is NOT the primary router on my network, should DNSMasq still be disabled?
P.S. How did you know DNSMasq was enabled? I do not have a pic of the tab where DNSMasq is located in the guide?
mrjcd wrote:
Only firewall needed on the WAP for the ovpn server to work is
that just opens the LAN to it... that's all you want and that'll get it to/from main router.
Works same on QCA or BRCM units
but....If what you have works then that's all that matters
So far all of the computers/devices I have with an active VPN connection to this router are within my LAN, with the exception of my mobile device (Android) and all of them have internet access. That being said, when I was at work last and established a VPN connection on my work computer, I could wander around inside the (home) LAN but could not get internet access on the work computer. IS there something I am missing on the firewall that is preventing Windows clients from getting internet access from outside my home LAN?
mrjcd wrote:
I see you are using a Marvell unit.
I don't know squat about them but all my atheros/QCA/BRCM units use tun2 for ovpn server ...
...not that it even matters running from a WAP
Does this (tun2) perhaps have something to do with why I cannot get internet access through the VPN on clients outside the home LAN?
Thank you for the help here sir. The guide is a work in progress for sure, so any help is genuinely appreciated.
So it turns out that it probably would have worked all along.
On a whim, while at work yesterday, I decided to place a Linksys WRT300N router between my work computer and the work LAN/WAN, and give my work computer an IP in the 192.168.1.x range.
The work network is on a completely different subnet mask and subnet, which is 10.80.10.x with a subnet mask of 255.255.254.0, so when I fire up my work computer, I end up with an IP usually of 10.80.10.112.
So, anyway, once I did that, and confirmed that I was online, I initiated the VPN connection and BAM, I was connected to my home LAN, having been issued an IP from the AC1900v2 (VPN router) at home, and was immediately online. I confirmed that I was using the home WAN by doing a "whatismyip" check and confirmed it was my home WAN IP.
As I may have mentioned somewhere, I am completely green with regards to networking, so the only thing I can imagine I have succeeded in doing, is using the WRT300N router at work for NAT which allowed me to gain internet access through my VPN tunnel.
If you have any ideas on how to solve the problem at work that would allow me to delete the WRT300N router there, that would be great. I am not sure the IT guys at work are too keen on me using my own router in their network.
Hi guys
I have a question,
I complete the tutorial but i got a problem
I can't put in advanced routing other thing as gateway otherwhise i got no internet
Some Ideas?
Thank you
Jules13
It's ok my VPN work, i can connect to it but it has no internet
Here are the logs with the 2 errors all the pconnecting process is OK
Sun Nov 05 14:04:52 2017 NOTE: Release of DHCP-assigned IP address lease on TAP-Windows adapter failed: Le fichier spécifié est introuvable. (translation : specified folder is unfindable) (code=2)
Sun Nov 05 14:04:52 2017 SIGTERM[hard,] received, process exiting
It's ok my VPN work, i can connect to it but it has no internet
Here are the logs with the 2 errors all the pconnecting process is OK
Sun Nov 05 14:04:52 2017 NOTE: Release of DHCP-assigned IP address lease on TAP-Windows adapter failed: Le fichier spécifié est introuvable. (translation : specified folder is unfindable) (code=2)
Sun Nov 05 14:04:52 2017 SIGTERM[hard,] received, process exiting
Thank you for trying this and commenting. I am going to change the firewall image and instructions on the guide right now.
For you to get internet, go to the "Administration" tab, then click on the "Commands" tab, then scroll down to the Firewall window and click the edit button and add this to the commands window:
Make sure you leave the rest of the Firewall code in place and just add the above code BELOW the existing code. Then click "Save Firewall" and try again to see if you get internet.
It's ok my VPN work, i can connect to it but it has no internet
Here are the logs with the 2 errors all the pconnecting process is OK
Sun Nov 05 14:04:52 2017 NOTE: Release of DHCP-assigned IP address lease on TAP-Windows adapter failed: Le fichier spécifié est introuvable. (translation : specified folder is unfindable) (code=2)
Sun Nov 05 14:04:52 2017 SIGTERM[hard,] received, process exiting
Thank you for trying this and commenting. I am going to change the firewall image and instructions on the guide right now.
For you to get internet, go to the "Administration" tab, then click on the "Commands" tab, then scroll down to the Firewall window and click the edit button and add this to the commands window:
Make sure you leave the rest of the Firewall code in place and just add the above code BELOW the existing code. Then click "Save Firewall" and try again to see if you get internet.
Thank you it work perfectly.
Thanks a lot
Jules13
<3
Hi,
When setting up the OpenVPN server, should the server information appear in the TAB Status> OpenVPN?
I spent several hours yesterday trying to confirm and nothing appears in the TAB Status> Open VPN
Router WRT1900ACS V2
Build: 33607 10/25/2017
Yes (although there were versions which were empty because of a bug, but I do not think this is one of them), when it stays empty the server does not start indicating a serious error in your settings, the first thing to look at are the certificates
Thank you
I used this tutorial:
With the same version of openVPN.
I tried several other ways, but nothing appears in STATUS
Is it a bug in this version?
Good guide but a couple of questions:
Shouldn't you have to do some kind of port forwarding on your main router that the DD-WRT server router connects to?
Another question, does anyone have a guide for setting up a secondary DD-wrt as a client thus creating a site to site link? That's what i'm looking to accomplish. I'm using a wrt54gv2 and a wrt54gs1. I was able to configure most of the settings using a different guide but when I went to stats>openvpn the entries there were blank although I did not reboot the router so maybe that is why?