DD-WRT Config confusion WRT3200ACM

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Goto page Previous  1, 2
Author Message
sue
DD-WRT Novice


Joined: 07 Apr 2021
Posts: 15

PostPosted: Fri Apr 09, 2021 14:46    Post subject: Reply with quote
Alozaros wrote:
sue wrote:
How does one learn every setting on DD-WRT, i mean, is there not a specific key reference idiots guide where it states the option, explains what the option is for and further lists situations when one should use it and why etc?


hmmm i learned them hard way, bit by bit, one bit at the time, google, forums, self-education...
im may case there was no "pour all da juice in ma brain at once, situation" it take patience time and understanding...and effort..


Yes, i hear you, thanks, i shall do the same, however that leaves me with my guest network config quest, i have now set up WLAN1 & WLAN1.1 the latter is the guest.(yet i need both to be fully VPN protected yet separate)
I put here my setting, please if someone could tell me if correct, the bridged and unbridged part in particular i confused and DHCPD.

THIS IS MY NORMAL BROADCAST
Physical Interface wlan1 - SSID
Wireless Mode = AP
TurboQAM (QAM256) support = DISABLED.

U-APSD (Automatic Power Save) = Disabled.
Disassoc Low Ack = Disabled.
Protection Mode = NONE.
RTS Threshold = Disabled.
Short Preamble = Disabled.
Short GI = Enabled.
AP Isolation = Enabled.
Beacon Interval = 100
DTIM Interval = 2
WMM Support = Enabled.
ScanList = DEFAULT.
Sensitivity Range (ACK Timing) = 500
Max Associated Clients = 256
------------------------------------------
Drop Clients with Low Signal
Minimum Signal for authenticate = -128
Minimum Signal for connection = -128
Poll Time for signal lookup = 10
Amount of allowed low signals = 3
-----------------------------------------
Multicast To Unicast = DISABLED.
Network Configuration = Bridged .

----------------------------------------------------
----------------------------------------------------
THIS IS MY VIRTUAL (GUEST) NETWORK WHICH SHOULD BE ISOLATED FROM MAIN NETWORK.
Virtual Interfaces wlan1.1 SSID
WIRELESS - BASIC SETTINGS
Wireless Mode = AP
RTS Threshold = Disabled.
WMM Support = Enabled.
U-APSD (Automatic Power Save) = Disabled.
AP Isolation Enabled.
Max Associated Clients = 256
DTIM Interval = 2.
--------------------------------------
Drop Clients with Low Signal
Minimum Signal for authenticate = -128
Minimum Signal for connection = 128.
Poll Time for signal lookup = 10.
Amount of allowed low signals = 3.
Network Configuration = Unbridged.
Multicast forwarding = Disabled.
Masquerade / NAT = Enabled.
Filter WAN NAT Redirection = Disabled.
Net Isolation = Enabled.
Forced DNS Redirection = Disabled.
(VPS)IP Address = 192.168.4.1/0
----------------------------------------
I also then after the above settings, i went into SETUP - NETWORKING - DHCPD
then i changed Multiple DHCP Server to WLAN1.1 then i saved & re-booted then went back & it just shows the said IP of the WLAN1.1 (VPS) being; 192.168.4.1/0 & No subnetmask or anything, not sure if i need a subnetmask on a VPN.

If all the above looks correct then i need a way to check that both WLAN & WLAN1.1 are completely separate in the real world which i cant think how i would do that test to be sure.

I also need to config 1 of the Ethernet ports on the VPN Router to work with WLAN1.1 and be separate from WLAN1 which i presume to be configured somehow in SETUP - NETWORKING - PORT SETUP yet idk for sure.
and then add a Kill switch somehow, not sure if the command someone kindly gave earlier in this post would be suffice with my config or not either.

_________________
Thanks, Sue
Sponsor
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 9157

PostPosted: Fri Apr 09, 2021 19:49    Post subject: Reply with quote
sue wrote:
not sure if the command someone kindly gave earlier in this post would be suffice with my config or not either.


The firewall script I suggested earlier ...

Code:
WAN_IF="$(ip route | awk '/^default/{print $NF}')"
iptables -I FORWARD -i br0 -o $WAN_IF -j REJECT


... assume the presence of only the default private network interface (br0). If you want something to cover *all* possible network interfaces, you can eliminate the input network interface option (-i).

Code:
WAN_IF="$(ip route | awk '/^default/{print $NF}')"
iptables -I FORWARD -o $WAN_IF -j REJECT


Make sure to reboot after adding the above to the firewall script.

If you want to test it, just disable the OpenVPN client and you'll find your LAN clients (private or guest network) will have NO internet access. Not until the VPN is activated again.

_________________
ddwrt-ovpn-split-basic.sh (UPDATED!) * ddwrt-ovpn-split-advanced.sh (UPDATED!) * ddwrt-ovpn-client-killswitch.sh * ddwrt-ovpn-client-watchdog.sh * ddwrt-ovpn-remote-access.sh * ddwrt-ovpn-client-backup.sh * ddwrt-mount-usb-drives.sh * ddwrt-blacklist-domains.sh * ddwrt-wol-port-forward.sh * ddwrt-dns-monitor.sh (NEW!)
SurprisedItWorks
DD-WRT Guru


Joined: 04 Aug 2018
Posts: 1446
Location: Appalachian mountains, USA

PostPosted: Fri Apr 09, 2021 23:32    Post subject: Reply with quote
Just to jump in quickly to answer one of your many earlier questions: @eibgrad is far more up-to-date and expert on setting up dd-wrt's OpenVPN client than ExpressVPN is. VPN providers almost always post instructions that are a few years old, so they have missed out on a great deal of evolution in dd-wrt and even in OpenVPN. VPN providers' instructions should always be considered suspect.
_________________
2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.
sue
DD-WRT Novice


Joined: 07 Apr 2021
Posts: 15

PostPosted: Sat Apr 10, 2021 10:50    Post subject: Reply with quote
eibgrad wrote:
sue wrote:
not sure if the command someone kindly gave earlier in this post would be suffice with my config or not either.


The firewall script I suggested earlier ...

Code:
WAN_IF="$(ip route | awk '/^default/{print $NF}')"
iptables -I FORWARD -i br0 -o $WAN_IF -j REJECT


... assume the presence of only the default private network interface (br0). If you want something to cover *all* possible network interfaces, you can eliminate the input network interface option (-i).

Code:
WAN_IF="$(ip route | awk '/^default/{print $NF}')"
iptables -I FORWARD -o $WAN_IF -j REJECT


Make sure to reboot after adding the above to the firewall script.

If you want to test it, just disable the OpenVPN client and you'll find your LAN clients (private or guest network) will have NO internet access. Not until the VPN is activated again.

Your response doesnt seem to answer my questions or i just dont really understand your response, please can you simplify your response more for me as i am a newbie?

_________________
Thanks, Sue
sue
DD-WRT Novice


Joined: 07 Apr 2021
Posts: 15

PostPosted: Sat Apr 10, 2021 11:34    Post subject: Reply with quote
SurprisedItWorks wrote:
Just to jump in quickly to answer one of your many earlier questions: @eibgrad is far more up-to-date and expert on setting up dd-wrt's OpenVPN client than ExpressVPN is. VPN providers almost always post instructions that are a few years old, so they have missed out on a great deal of evolution in dd-wrt and even in OpenVPN. VPN providers' instructions should always be considered suspect.

Yes, i could tell as their idiots guide was missing settings which i have in the DD-WRT software which has left me with outstanding questions on the settings which they didnt cover also but no one has answered here either so not sure if anyone here knows maybe.

_________________
Thanks, Sue
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Sat Apr 10, 2021 12:32    Post subject: Reply with quote
sue wrote:
SurprisedItWorks wrote:
Just to jump in quickly to answer one of your many earlier questions: @eibgrad is far more up-to-date and expert on setting up dd-wrt's OpenVPN client than ExpressVPN is. VPN providers almost always post instructions that are a few years old, so they have missed out on a great deal of evolution in dd-wrt and even in OpenVPN. VPN providers' instructions should always be considered suspect.

Yes, i could tell as their idiots guide was missing settings which i have in the DD-WRT software which has left me with outstanding questions on the settings which they didnt cover also but no one has answered here either so not sure if anyone here knows maybe.


That is only for the paid version, I think you did not pay anything for this software? Wink

Oh and @eibgrad (and others) knows everything about OpenVPN but as there are different providers and different needs there is no one size fits all and no we do not make house calls to set things up to your individual liking and giving you a master class of the ins and outs of all the settings.

But the information is available for free if you search the forum

The one you are paying is your provider so ask them instead of us for better support.

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
sue
DD-WRT Novice


Joined: 07 Apr 2021
Posts: 15

PostPosted: Sat Apr 10, 2021 13:25    Post subject: Reply with quote
egc wrote:
sue wrote:
SurprisedItWorks wrote:
Just to jump in quickly to answer one of your many earlier questions: @eibgrad is far more up-to-date and expert on setting up dd-wrt's OpenVPN client than ExpressVPN is. VPN providers almost always post instructions that are a few years old, so they have missed out on a great deal of evolution in dd-wrt and even in OpenVPN. VPN providers' instructions should always be considered suspect.

Yes, i could tell as their idiots guide was missing settings which i have in the DD-WRT software which has left me with outstanding questions on the settings which they didnt cover also but no one has answered here either so not sure if anyone here knows maybe.


That is only for the paid version, I think you did not pay anything for this software? Wink

Oh and @eibgrad (and others) knows everything about OpenVPN but as there are different providers and different needs there is no one size fits all and no we do not make house calls to set things up to your individual liking and giving you a master class of the ins and outs of all the settings.

But the information is available for free if you search the forum

The one you are paying is your provider so ask them instead of us for better support.

I understand even less from your last message unfortunately.

I have dd-wrt issues not VPN providing services issues hence thought dd-wrt was the most appropriate place to seek answers about dd-wrt settings being correct as i have issues.
I dont need any master class in anything, i just need to know how to get my dd-wrt thingy working which it doesn't seem to be.

I did read up on here a lot to layout as much info as possible for the best chance of good help, so i spent hours in doing so but dont feel that has achieved anything productive thus-far.

Not sure what you mean about payment, i pay for the Expressvpn subscription if thats what you mean.

_________________
Thanks, Sue
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6411
Location: UK, London, just across the river..

PostPosted: Sat Apr 10, 2021 17:41    Post subject: Reply with quote
https://forum.dd-wrt.com/wiki/index.php/Main_Page
https://forum.dd-wrt.com/wiki/index.php/Tutorials
https://forum.dd-wrt.com/wiki/index.php/Installation

as far those are up to date, lots of info how to...
the other helpful bit is forum search or google search and you add ddwrt at the end of your request...also, have a look at the help section on the router menu's, there is a small button/link help, it comes out with what router settings do mean... all the rest, you copy paste in google and read about what those settings do...that's how i started...
When look for help ...
1. expose your router model / current firmware
2. explain in details what you want to achieve, what you tried already...and show some pictures or details of your settings...
3. do not go messy and keep asking and complicate the things, as you will get lost...there is too much to learn...you can't just learn brain surgery in a one go...do you...just do one bit at the time...

clearly, if i read your first post, what do you want to achieve...to me is a slightly messy...if your goal is to set up express VPN on the router side/client...follow eibgrad advise...
Don't get lost with questions..he provides a pic of his settings and this is the best you can get...if its not working its up to something else...
as far as the standard set up, it most of the time it comes pre set up after reset it just needs some minor tweaks for a standard user...gateway/AP also your router is a Marvell based, so more help at https://forum.dd-wrt.com/phpBB2/viewforum.php?f=58

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Goto page Previous  1, 2 Display posts from previous:    Page 2 of 2
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum