[timearnshaw]

Sorry for the post if it's a silly question or answered elsewhere - I HAVE spent time searching and trying to find an answer but wasn't able to hence posting. Please go easy on me - i'm a newbie and of novice experience with these things!

I'm looking into DD-WRT for a home router as i want a router that I can configure to use a VPN service (PIA specifically, that I subscribe to) and which will then use this VPN for all devices on my home network whether connected to it wired or wirelessly, and crucially WITHOUT needing to do anything on each individual device like install a software client or do any config. My usecase is that I have a number of 'dumb' devices on my network where I have no ability to do any sort of software install or config on them but they are internet connected and I want their traffic to go via VPN.

So apologies but I couldn't find an answer to this question in simple terms, just a LOT of detail about configs/talk about setting up DDWRT as VPN client or VPN server which i don't understand to know if this is telling me 'yes it will do what I want it to do'. Thanks in advance for any help to confirm, and pointers to where I can read HOW to do it on a router with DD-WRT appreciated!

[d00zah]

It's been a while since I used this setup & dd-wrt version numbers referenced are old, but look these over:

https://helpdesk.privateinternetaccess.com/guides/routers/dd-wrt2/dd-wrt-v40559-openvpn-setup

https://www.instructables.com/Configure-VPN-Settings-on-a-DD-WRT-Router-for-Priv/

PIA support ought to be able to supply additional info.

Depending on your internet connection, wire speed will require something like my router (sig), or better. Someday, PIA will publish a config for WireGuard, which is less CPU-intensive.

Other users may have more current intel?

[egc]

Most Providers have outdated and sometimes even wrong setup instructions.

You better stick to the DDWRT setup instructions.

Those are stickies (the first few threads) in this forum.

OpenVPN: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327398
(actually a few threads above this one)
You need the Client setup guide.

You forgot to tell which router and which build you are using, not all routers have OpenVPN and not all builds are suitable

[Alozaros]

Yep, as egc noted above router model is vital...as not all DDWRT supported routers have VPN modules...as well for a decent VPN performance you'd need a capable router...as VPN is very router CPU intensive and will downgrade your current performance...so, what is your ISP speed(your plan)?

Once you clear those points and have what you'd need, than have a look at egc OpenVPN client guide...somewhere down there was a PIA settings..mentioned...
If you struggle with the VPN set up, give us a call..Im also using PIA, will be happy to share my setup

[DWCruiser]

PIA has a 'Split-Tunnel' option.

This means you can specify which particular app/s bypassing the VPN tunnel, while the rest going through it, on the same PC. It is an excellent feature for me.

On my PC setup, certain web browser bypasses the tunnel, i.e. 'seen' as located locally for Australia-broadcast programs, while others are seen as located o/seas.

As if the twins shall never meet.

And you have the best of both worlds!

[Alozaros]

[bushant]

[DWCruiser]

Hmm, i've been using DDWRT's features of PBR but on source IP and subnet. I was not aware of DDWRT being capable of split-tunneling based on destination IP and others.

Time for searching on relevant features for me.

Cheers

[timearnshaw]

Many thanks all for the help so far and offer of further assistance, a very friendly and helpful forum which is much appreciated.

I'm hoping to install on a Netgear EX6200 that I have laying around, so will start to research if this is compatible or not, has VPN module or not, and if not then I'll likely invest in a Netgear R7000 or similar. Cheers all.

[egc]

The EX6200 is supported but has very little flash so I do not know if it has sufficient space for VPN

Also see: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320744&postdays=0&postorder=asc&start=30

[DWCruiser]

This is what i found.

Destination IP option is not effective under PBR of DDWRT when your destination happens to be, say, Amazon or YouTube. And in my case, Netflix, our local ABC iView and SBS OnDemand TV channels. Each of these destinations has multiple IP addresses that render destination IP option unworkable.

But, application-based option (such as offered by PIA's) can overcome this issue. By capturing my URL destination within the app (regardless of what actual IP maybe), it sends/receives traffic to/from that destination through the pre-determined route for that app.

So, simply choosing one web-browser (e.g Microsoft Edge) for VPN tunnel and the other (e.g. FireFox) for bypassing it, problems solved.

Likewise, other cloud-accessed/based Windows applications can also be applied here.

In short, it's an effective tool for dealing with routing of destination IP over VPN tunnel on a Windows machine. While PBR of DDWRT has a broader scope on network. They compliment each other. I'd say.

[egc]

On experimental builds which uses IPSET/DNSmasq for Destination routing it is working.

If you are adventurous and have some scripting skills you can make it yourself using the IPSET guide: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327261

[DWCruiser]

Thanks @egc. Will have a look.

But, no time for smelling the roses...

[egc]

[timearnshaw]

Hi all, so since my original post I gave up on trying to install onto a device i already had and purchased a Netgear R8000 that already had DD-WRT installed, version is DD-WRT v3.0-r51617 std (02/09/23).

I have got it up and running, connecting via a LAN port to my modem/router. The modem/router is operating as DHCP server to my network, the IP of the R8000 is within the IP range of the modem/router. I have disabled Wireless on the modem/router and configred wireless on the R8000 so my wireless devices are going via the R8000 and as such when OpenVPN is working they will send all traffic via VPN.

My issue now is getting OpenVPN to work which is why i bought it in the first place! After literally 8 hours of trying it still isn't working which I'm concluding from the fact that the public IP address I'm seeing for my laptop (connected wirelessly to the R8000) is the same as the IP address I can see for the modem/router on its control page. Despite this, the status->OPENVPN page in DD-WRT shows status of connected-success.

My VPN service is PIA. I've looked at the guides on the forum, configured according to what they say to do, same thing; have downloaded opvn files from PIA website and used those, same thing. Tried it with their base config files, no changes, and tried it making changes that i have found in forum posts/guides but there is a lot of conflicting information around - some saying DO NOT put anything in additional config, some saying it wont work unless you put certain things in additional config.

Here's a post of my settings from the Services-VPN page, and just to note other R8000 settings that I have set:
WAN Connection - Disabled
Operating Mode - Gateway (initially was Router but guide said to change this)
IPv6 - Disabled
DHCP Server - Disabled
Gateway - set to IP address of modem/router
Local DNS - set to IP address of modem/router

Services-VPN settings:

Also log file from Status-VPN page in case it highlights some issues:

Any help greatly appreciated!