Joined: 18 Mar 2014
|Posted: Sat Dec 05, 2020 10:41 Post subject: OpenVPN guides and documentation
|OpenVPN Server Setup guide
Setup a DDWRT router as OpenVPN *server* including setting up of different clients like phone windows PC and DDWRT router as client.
Also with advanced section like site-to-site setup and much more
The third post has a VPN Troubleshooting guide:
OpenVPN Client setup guide
Instructions to setup a DDWRT router as OpenVPN *client*, including the use of a killswitch and Policy Based Routing.
Also included setup instructions for various providers:
VPN and DNS guide
Advanced reading for DNS setup using VPN clients (WireGuard/OpenVPN) including DNS leaks, routing of DNS servers, adding extra DNS servers, Split DNS etc.:
How to run multiple OpenVPN Clients
How to run multiple OpenVPN Servers
If the Built-in PBR possibilities are not sufficient you can use Static Routing See:
For questions or comments just open a thread in the Advanced Networking forum
OpenVPN Policy Based Routing guide
Instructions for using Policy Based Routing, upgraded starting with build number 45420.
Also contains guides to handle DNS problems and leaks, Automatic kill script for PBR (second post) , Watchdog script for OpenVPN to restart the VPN or reboot the router when the connection is lost (third post):
The Built-in PBR can be used in cases where you are using a VPN (Wireguard or OpenVPN) and want to "free" some ports or protocols from the VPN.
This can be useful if you want to port forward via the WAN to a client on your LAN which is using the VPN or use a server and client simultaneously and not wanting to use the standard PBR. See:
Note 1: If you use Policy Based Routings, check and adapt your settings when stepping up to this build or higher!
Note 2: For optimal DNS experience, disable "Query DNS in Strict Order" on Services page.
Changed DNS as strict-order does not seem to be reliable any more
If you enable Split DNS the IP addresses in the PBR field will use the first pushed DNS server or if you set your own DNS server(s) (dhcp-option DNS x.x.x.x) it will use the first you have set.
Note you have to manually set routing for the DNS servers you have added if you want that DNS servers to route via the tunnel (route x.x.x.x 255.255.255.255 vpn_gateway).
All other addresses will use the regular DNS servers
Reinstate scramble patch
Update to OpenVPN 2.5.5
Triple state radio button for pushing Default gateway, Servers subnet and off
change password box to display as password (hide when not entered)
Add block option for multicast when using TAP mode
Add notification to reboot (for those who do not read manuals)
Restart firewall after changing
Fix unwanted deleting of iprules after inactivity timeout and with killswitch disabled
NAT rule for seamless LAN access
(thanks to @eibgrad for his help and advice)
Upgrade to OpenVPN 2.5.6: https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst
mtu-disc should be fixed (finally) so you can see if MTU 1500 is working again (see VPN troubleshooting guide)
Upgrade to OpenVPN 2.5.7: https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst
Openvpn Client: nvram setting to stop setting --nobind so that you can use --lport:
nvram set openvpncl_nobind=0
OpenVPN Client and OpenVPN server:
Make it possible to override the port of the management interface (standard for Client port 16, for Server port 14):
management 127.0.0.1 <portnumber>
OpenVPN Client: Increased max length for remote address to 128 characters
Import and parse client config files (by @eibgrad) see Client setup guide
Reworked GUI, and now it is easier to setup with a static key (Peer-to Peer setup)
OpenVPN Server: Export Client Configuration, DDWRT does not make Client keys/certs, you have to add those manually to the downloaded configuration file.
Check settings carefully.
Build 50817 Upgrade to OpenVPN 2.5.8, minor bugfixes.
Build 50975 Reverted back to OpenVPN 2.5.7 because of a user reporting stability problems of his OpenVPN server when using IPv6 only on his client: https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1276427#1276427
Build 51032 OpenVPN Server: tun interface is automatically added as listen interface in DNSMasq.
Build 51175 OpenVPN Server: Username and Password option added, client config utility instructions added, OpenVPN Server setup guide updated.
OpenVPN 2.6, still is rather buggy, DCO (Data Channel Off loading) is only for Kernel 5.x and 6.x but might be backported in the future.
Reference manual: https://openvpn.net/community-resources/reference-manual-for-openvpn-2-6/
Deprecated settings: https://community.openvpn.net/openvpn/wiki/DeprecatedOptions
When encountering problems update your settings to be at least 2.5 compatible as described in the docs and/or add in the Additional Configuration:
Update to 2.6.1 bugfix
Update to 2.6.2 bugfix
Added inline username/password for import and creating of conf file
Clear persistent endpoint route from PBR table after soft restart of OpenVPN
Update to 2.6.3 bugfix
Add IPv6 to OpenVPN server
Upgrade to OpenVPN 2.6.6 bugfix
DCO (Data Channel Offload) added. As it is a WIP it can cause connection problems so in case of problems (no connection or connection but hang or no traffic) disable it: add in the OpenVPN Additional config: disable-dco
OpenVPN 2.6.7 bug fixes
See also ]VPN troubleshooting guide
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Last edited by egc on Tue Nov 14, 2023 14:43; edited 88 times in total
Joined: 18 Mar 2014