[SOLVED] VPN with Dedicated IP (Edit /Port Forwarding)

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Goto page 1, 2  Next
Author Message
StillBlue
DD-WRT User


Joined: 11 Apr 2009
Posts: 257
Location: UK

PostPosted: Sat Mar 11, 2023 17:48    Post subject: [SOLVED] VPN with Dedicated IP (Edit /Port Forwarding) Reply with quote
I was sure there was a thread for setting up DD-WRT with PIA (privateinternetaccess.com) to have a static IP, but I cannot find it now.

Basically my situation is I currently use NordVPN which has been perfect, but now I am considering having a Static IP so that I can access my network remotely, maybe even host a simple website.

I would be interested to know peoples opinions of this and what the best options are now.

I am running DD-WRT on a R7800.

Many thanks


Last edited by StillBlue on Mon Mar 20, 2023 12:57; edited 1 time in total
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12839
Location: Netherlands

PostPosted: Sat Mar 11, 2023 18:13    Post subject: Reply with quote
What build are you running?

To connect via your vpn provider you do not need a static IP (although it does not hurt) but you need a VPN provider which supports port forwarding.

I would research a VPN provider which support WireGuard on the router and Portforwarding.

I use Mullvad which ticks all the boxes.

OpenVPN and WireGuard documentation are stickies in this forum.

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087


Last edited by egc on Sat Mar 11, 2023 18:24; edited 1 time in total
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6411
Location: UK, London, just across the river..

PostPosted: Sat Mar 11, 2023 18:14    Post subject: Reply with quote
i guess PIA static IP should be tied with your login details like user name...
nothing to do with ddwrt.. but if PIA supports port forwarding so you can use specific port from router side ..if im not wrong it used to but no idea now...there at PIA should be a guide for it...or check on their forums/blogs...what you can also do is use the ssh to connect back and use tunnel inside the tunnel to access your router...or run OpenVPN server or wireguard server on your router and call back...some extra port forwarding and iptables rules may be needed...

have a look here at those guides

https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327398

https://pastebin.com/gnxtZuqg

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
StillBlue
DD-WRT User


Joined: 11 Apr 2009
Posts: 257
Location: UK

PostPosted: Mon Mar 20, 2023 12:43    Post subject: Reply with quote
@egc, thank you for the reply. Sorry as always the moment I sit down to play with things, I suddenly get busy with life.

I guess if you don't have a static IP, you are using DDNS or the likes to be able to find the dynamic IP address from the outside? I do have a domain name with dynu.com, so could always use that to keep tabs on the routers IP.

At the moment I am set up with OpenVPN and it has ran faultlessly since I have been using it, but I will certainly have a read through the wireguard stuff, as the more resources freed up, the better.

I am liking the look of mullvad.net a lot, so will set up an account with them before my NordVPN subscription runs out and see how I get on.

I am sure I will have more questions.

Thank you
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12839
Location: Netherlands

PostPosted: Mon Mar 20, 2023 14:42    Post subject: Reply with quote
Exactly you can use DDNS to track a dynamic IP address Smile
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
StillBlue
DD-WRT User


Joined: 11 Apr 2009
Posts: 257
Location: UK

PostPosted: Mon Mar 20, 2023 15:58    Post subject: Reply with quote
Thank you. I will have a go and see what I end up with. Very Happy
StillBlue
DD-WRT User


Joined: 11 Apr 2009
Posts: 257
Location: UK

PostPosted: Mon Mar 20, 2023 17:11    Post subject: Reply with quote
Well swapping to Wireguard and setting up an account with mullvad.net and getting it up and running has gone easy enough.

Now just trying to understand the port forwarding side.

I do currently have a small website I have been hosting on the router to my internal network, which would be a great start to work with getting it available to the outside world.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12839
Location: Netherlands

PostPosted: Mon Mar 20, 2023 18:50    Post subject: Reply with quote
The WireGuard Client setup guide has a paragraph about port forwarding.

Mullvad also has instructions

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
StillBlue
DD-WRT User


Joined: 11 Apr 2009
Posts: 257
Location: UK

PostPosted: Mon Mar 20, 2023 18:55    Post subject: Reply with quote
Thank you. I am trying to work it out at the moment, but failing so far.....Will keep trying though.
StillBlue
DD-WRT User


Joined: 11 Apr 2009
Posts: 257
Location: UK

PostPosted: Tue Mar 21, 2023 9:41    Post subject: Reply with quote
I have to admit, I can't really seem to get too far with the guides.

What I have so far.

I have set up a forwarded port for the device on Mullvad: 55923

My tunnel is running on interface: oet1
IP address of that interface is: 10.64.150.15
The website hosted on my router using lighttpd which is accessible from my network: 10.0.0.1:8080

I have added the following to my routing.

iptables -I INPUT -i oet1 -p tcp --dport 55923 -j ACCEPT
iptables -I INPUT -i oet1 -p udp --dport 55923 -j ACCEPT
iptables -t nat -I PREROUTING -i oet1 -p tcp --dport 55923 -j DNAT --to 10.0.0.1:8080
iptables -t nat -I PREROUTING -i oet1 -p udp --dport 55923 -j DNAT --to 10.0.0.1:8080

I also tried:

iptables -I INPUT -d 10.64.150.15 -p tcp --dport 55923 -j ACCEPT
iptables -I INPUT -d 10.64.150.15 -p udp --dport 55923 -j ACCEPT
iptables -t nat -I PREROUTING -d 10.64.150.15 -p tcp --dport 55923 -j DNAT --to 10.0.0.1:8080
iptables -t nat -I PREROUTING -d 10.64.150.15 -p udp --dport 55923 -j DNAT --to 10.0.0.1:8080

Unfortunately neither seem to work and the port still appears closed when querying it from the exit IP address of the VPN server.


Last edited by StillBlue on Wed Mar 22, 2023 11:43; edited 3 times in total
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12839
Location: Netherlands

PostPosted: Tue Mar 21, 2023 14:48    Post subject: Reply with quote
You can see if your rules are hit with:
iptables -vnL INPUT
iptables -t nat -vnL

Note that the remote IP address you have to use is not the MV server address but the address you get with ipleak.net (or similar ip checkers)

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
StillBlue
DD-WRT User


Joined: 11 Apr 2009
Posts: 257
Location: UK

PostPosted: Tue Mar 21, 2023 16:30    Post subject: Reply with quote
Yes, it's definately hitting my rule for TCP. The Port checker knocks a couple of packets on every time you use it.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12839
Location: Netherlands

PostPosted: Wed Mar 22, 2023 7:42    Post subject: Reply with quote
What is it what should listening on port 8080?
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12839
Location: Netherlands

PostPosted: Wed Mar 22, 2023 11:14    Post subject: Reply with quote
Looking into it you probably want remote administration?

If so the router is listening on port 80, so the internal port is port 80 and you also have to allow port 80 on the INPUT chain.

I just did a quick test with Mullvad and it is working as advertised

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
StillBlue
DD-WRT User


Joined: 11 Apr 2009
Posts: 257
Location: UK

PostPosted: Wed Mar 22, 2023 11:17    Post subject: Reply with quote
I currently have lighttpd listening on 8080 serving a very basic website, and it is accessible to my LAN.
Goto page 1, 2  Next Display posts from previous:    Page 1 of 2
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum