egc DD-WRT Guru
Joined: 18 Mar 2014 Posts: 12487 Location: Netherlands
|
Posted: Sat Dec 05, 2020 10:41 Post subject: OpenVPN guides and documentation |
|
OpenVPN Server Setup guide
Setup a DDWRT router as OpenVPN *server* including setting up of different clients like phone windows PC and DDWRT router as client.
Also with advanced section like site-to-site setup and much more
The third post has a VPN Troubleshooting guide:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1157344
OpenVPN Client setup guide
Instructions to setup a DDWRT router as OpenVPN *client*, including the use of a killswitch and Policy Based Routing.
Also included setup instructions for various providers:
https://forum.dd-wrt.com/phpBB2/download.php?id=48550
VPN and DNS guide
Advanced reading for DNS setup using VPN clients (WireGuard/OpenVPN) including DNS leaks, routing of DNS servers, adding extra DNS servers, Split DNS etc.:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=331017
How to run multiple OpenVPN Clients
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=328390
How to run multiple OpenVPN Servers
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=329027
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=332930
Static routing
If the Built-in PBR possibilities are not sufficient you can use Static Routing See:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327810
For questions or comments just open a thread in the Advanced Networking forum
Deprecated guides:
OpenVPN Policy Based Routing guide
Instructions for using Policy Based Routing, upgraded starting with build number 45420.
Also contains guides to handle DNS problems and leaks, Automatic kill script for PBR (second post) , Watchdog script for OpenVPN to restart the VPN or reboot the router when the connection is lost (third post):
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686
Built-in PBR
The Built-in PBR can be used in cases where you are using a VPN (Wireguard or OpenVPN) and want to "free" some ports or protocols from the VPN.
This can be useful if you want to port forward via the WAN to a client on your LAN which is using the VPN or use a server and client simultaneously and not wanting to use the standard PBR. See:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327810
Changelog
Build 47853
Note 1: If you use Policy Based Routings, check and adapt your settings when stepping up to this build or higher!
Note 2: For optimal DNS experience, disable "Query DNS in Strict Order" on Services page.
Changed DNS as strict-order does not seem to be reliable any more
Split DNS
If you enable Split DNS the IP addresses in the PBR field will use the first pushed DNS server or if you set your own DNS server(s) (dhcp-option DNS x.x.x.x) it will use the first you have set.
Note you have to manually set routing for the DNS servers you have added if you want that DNS servers to route via the tunnel (route x.x.x.x 255.255.255.255 vpn_gateway).
All other addresses will use the regular DNS servers
Reinstate scramble patch
Build 47900
Update to OpenVPN 2.5.5
OpenVPN Server:
Triple state radio button for pushing Default gateway, Servers subnet and off
https://svn.dd-wrt.com/ticket/5693#no3
OpenVPN Client:
change password box to display as password (hide when not entered)
Build 47904
Add block option for multicast when using TAP mode
Build 48098
OpenVPN server:
Add notification to reboot (for those who do not read manuals)
Restart firewall after changing
OpenVPN client:
Fix unwanted deleting of iprules after inactivity timeout and with killswitch disabled
Build 48297
Watchdog script
NAT rule for seamless LAN access
(thanks to @eibgrad for his help and advice)
Build 48514
Upgrade to OpenVPN 2.5.6: https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst
mtu-disc should be fixed (finally) so you can see if MTU 1500 is working again (see VPN troubleshooting guide)
Build 49185
Upgrade to OpenVPN 2.5.7: https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst
Build 49252
Openvpn Client: nvram setting to stop setting --nobind so that you can use --lport:
nvram set openvpncl_nobind=0
nvram commit
OpenVPN Client and OpenVPN server:
Make it possible to override the port of the management interface (standard for Client port 16, for Server port 14):
management 127.0.0.1 <portnumber>
Build 49671
OpenVPN Client: Increased max length for remote address to 128 characters
Build 49838
Import and parse client config files (by @eibgrad) see Client setup guide
Build 50437
Reworked GUI, and now it is easier to setup with a static key (Peer-to Peer setup)
Build 50755
OpenVPN Server: Export Client Configuration, DDWRT does not make Client keys/certs, you have to add those manually to the downloaded configuration file.
Check settings carefully.
Build 50817 Upgrade to OpenVPN 2.5.8, minor bugfixes.
Build 50975 Reverted back to OpenVPN 2.5.7 because of a user reporting stability problems of his OpenVPN server when using IPv6 only on his client: https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1276427#1276427
Build 51032 OpenVPN Server: tun interface is automatically added as listen interface in DNSMasq.
Build 51175 OpenVPN Server: Username and Password option added, client config utility instructions added, OpenVPN Server setup guide updated.
Build 51676
OpenVPN 2.6, still is rather buggy, DCO (Data Channel Off loading) is only for Kernel 5.x and 6.x but might be backported in the future.
Changes: https://github.com/OpenVPN/openvpn/blob/master/Changes.rst
Reference manual: https://openvpn.net/community-resources/reference-manual-for-openvpn-2-6/
Deprecated settings: https://community.openvpn.net/openvpn/wiki/DeprecatedOptions
When encountering problems update your settings to be at least 2.5 compatible as described in the docs and/or add in the Additional Configuration:
Build 51995/51996
Update to 2.6.1 bugfix
Build 52217
Update to 2.6.2 bugfix
Added inline username/password for import and creating of conf file
Clear persistent endpoint route from PBR table after soft restart of OpenVPN
Build 52369
Update to 2.6.3 bugfix
Build 53332
Add IPv6 to OpenVPN server
Build 53454
Upgrade to OpenVPN 2.6.6 bugfix
53787
DCO (Data Channel Offload) added. As it is a WIP it can cause connection problems so in case of problems (no connection or connection but hang or no traffic) disable it: add in the OpenVPN Additional config: disable-dco
T54039
OpenVPN 2.6.7 bug fixes
See also ]VPN troubleshooting guide _________________ Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Last edited by egc on Tue Nov 14, 2023 14:43; edited 88 times in total |
|
egc DD-WRT Guru
Joined: 18 Mar 2014 Posts: 12487 Location: Netherlands
|
|