OpenVPN guides and documentation

Post new topic   This topic is locked: you cannot edit posts or make replies.    DD-WRT Forum Index -> Advanced Networking
Author Message
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12812
Location: Netherlands

PostPosted: Sat Dec 05, 2020 10:41    Post subject: OpenVPN guides and documentation Reply with quote
OpenVPN Server Setup guide
Setup a DDWRT router as OpenVPN *server* including setting up of different clients like phone windows PC and DDWRT router as client.
Also with advanced section like site-to-site setup and much more
The third post has a VPN Troubleshooting guide:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1157344

OpenVPN Client setup guide
Instructions to setup a DDWRT router as OpenVPN *client*, including the use of a killswitch and Policy Based Routing.
Also included setup instructions for various providers:
https://forum.dd-wrt.com/phpBB2/download.php?id=48550

VPN and DNS guide
Advanced reading for DNS setup using VPN clients (WireGuard/OpenVPN) including DNS leaks, routing of DNS servers, adding extra DNS servers, Split DNS etc.:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=331017

How to run multiple OpenVPN Clients
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=328390

How to run multiple OpenVPN Servers
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=329027
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=332930

Static routing
If the Built-in PBR possibilities are not sufficient you can use Static Routing See:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327810

For questions or comments just open a thread in the Advanced Networking forum

Deprecated guides:
OpenVPN Policy Based Routing guide
Instructions for using Policy Based Routing, upgraded starting with build number 45420.
Also contains guides to handle DNS problems and leaks, Automatic kill script for PBR (second post) , Watchdog script for OpenVPN to restart the VPN or reboot the router when the connection is lost (third post):
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686
Built-in PBR
The Built-in PBR can be used in cases where you are using a VPN (Wireguard or OpenVPN) and want to "free" some ports or protocols from the VPN.
This can be useful if you want to port forward via the WAN to a client on your LAN which is using the VPN or use a server and client simultaneously and not wanting to use the standard PBR. See:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327810

Changelog
Build 47853
Note 1: If you use Policy Based Routings, check and adapt your settings when stepping up to this build or higher!
Note 2: For optimal DNS experience, disable "Query DNS in Strict Order" on Services page.
Changed DNS as strict-order does not seem to be reliable any more
Split DNS
If you enable Split DNS the IP addresses in the PBR field will use the first pushed DNS server or if you set your own DNS server(s) (dhcp-option DNS x.x.x.x) it will use the first you have set.
Note you have to manually set routing for the DNS servers you have added if you want that DNS servers to route via the tunnel (route x.x.x.x 255.255.255.255 vpn_gateway).
All other addresses will use the regular DNS servers
Reinstate scramble patch
Build 47900
Update to OpenVPN 2.5.5
OpenVPN Server:
Triple state radio button for pushing Default gateway, Servers subnet and off
https://svn.dd-wrt.com/ticket/5693#no3
OpenVPN Client:
change password box to display as password (hide when not entered)
Build 47904
Add block option for multicast when using TAP mode
Build 48098
OpenVPN server:
Add notification to reboot (for those who do not read manuals)
Restart firewall after changing
OpenVPN client:
Fix unwanted deleting of iprules after inactivity timeout and with killswitch disabled
Build 48297
Watchdog script
NAT rule for seamless LAN access
(thanks to @eibgrad for his help and advice)
Build 48514
Upgrade to OpenVPN 2.5.6: https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst
mtu-disc should be fixed (finally) so you can see if MTU 1500 is working again (see VPN troubleshooting guide)
Build 49185
Upgrade to OpenVPN 2.5.7: https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst
Build 49252
Openvpn Client: nvram setting to stop setting --nobind so that you can use --lport:
nvram set openvpncl_nobind=0
nvram commit
OpenVPN Client and OpenVPN server:
Make it possible to override the port of the management interface (standard for Client port 16, for Server port 14):
management 127.0.0.1 <portnumber>
Build 49671
OpenVPN Client: Increased max length for remote address to 128 characters
Build 49838
Import and parse client config files (by @eibgrad) see Client setup guide
Build 50437
Reworked GUI, and now it is easier to setup with a static key (Peer-to Peer setup)
Build 50755
OpenVPN Server: Export Client Configuration, DDWRT does not make Client keys/certs, you have to add those manually to the downloaded configuration file.
Check settings carefully.
Build 50817 Upgrade to OpenVPN 2.5.8, minor bugfixes.
Build 50975 Reverted back to OpenVPN 2.5.7 because of a user reporting stability problems of his OpenVPN server when using IPv6 only on his client: https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1276427#1276427
Build 51032 OpenVPN Server: tun interface is automatically added as listen interface in DNSMasq.
Build 51175 OpenVPN Server: Username and Password option added, client config utility instructions added, OpenVPN Server setup guide updated.
Build 51676
OpenVPN 2.6, still is rather buggy, DCO (Data Channel Off loading) is only for Kernel 5.x and 6.x but might be backported in the future.
Changes: https://github.com/OpenVPN/openvpn/blob/master/Changes.rst
Reference manual: https://openvpn.net/community-resources/reference-manual-for-openvpn-2-6/
Deprecated settings: https://community.openvpn.net/openvpn/wiki/DeprecatedOptions
When encountering problems update your settings to be at least 2.5 compatible as described in the docs and/or add in the Additional Configuration:
Quote:
compat-mode 2.5.7

Build 51995/51996
Update to 2.6.1 bugfix
Build 52217
Update to 2.6.2 bugfix
Added inline username/password for import and creating of conf file
Clear persistent endpoint route from PBR table after soft restart of OpenVPN
Build 52369
Update to 2.6.3 bugfix
Build 53332
Add IPv6 to OpenVPN server
Build 53454
Upgrade to OpenVPN 2.6.6 bugfix
53787
DCO (Data Channel Offload) added. As it is a WIP it can cause connection problems so in case of problems (no connection or connection but hang or no traffic) disable it: add in the OpenVPN Additional config: disable-dco
54039
OpenVPN 2.6.7 bug fixes
See also VPN troubleshooting guide
54448
OpenVPN 2.6.8 bug fixes
To come
OpenVPN 2.6.9 bug fixes

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087


Last edited by egc on Wed Feb 14, 2024 11:39; edited 94 times in total
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12812
Location: Netherlands

PostPosted: Fri Apr 09, 2021 10:57    Post subject: DDWRT OpenVPN Client Setup guide for various providers Reply with quote
DDWRT OpenVPN Client Setup guide

Overview of various OpenVPN client settings.

Also has specific instructions for various providers.

Note: you can only see and download the guide if you are logged in

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Display posts from previous:    Page 1 of 1
Post new topic   This topic is locked: you cannot edit posts or make replies.    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum