Posted: Wed Jan 25, 2023 16:14 Post subject: VPN for all devices on network without any client config
Sorry for the post if it's a silly question or answered elsewhere - I HAVE spent time searching and trying to find an answer but wasn't able to hence posting. Please go easy on me - i'm a newbie and of novice experience with these things!
I'm looking into DD-WRT for a home router as i want a router that I can configure to use a VPN service (PIA specifically, that I subscribe to) and which will then use this VPN for all devices on my home network whether connected to it wired or wirelessly, and crucially WITHOUT needing to do anything on each individual device like install a software client or do any config. My usecase is that I have a number of 'dumb' devices on my network where I have no ability to do any sort of software install or config on them but they are internet connected and I want their traffic to go via VPN.
So apologies but I couldn't find an answer to this question in simple terms, just a LOT of detail about configs/talk about setting up DDWRT as VPN client or VPN server which i don't understand to know if this is telling me 'yes it will do what I want it to do'. Thanks in advance for any help to confirm, and pointers to where I can read HOW to do it on a router with DD-WRT appreciated!
PIA support ought to be able to supply additional info.
Depending on your internet connection, wire speed will require something like my router (sig), or better. Someday, PIA will publish a config for WireGuard, which is less CPU-intensive.
Other users may have more current intel? _________________ NetGear XR500 - FW Version: DD-WRT v3.0-r55819 std (04/17/24)
Linux 6.1.86 #130 SMP Wed Apr 17 05:48:30 +07 2024 armv7l
Updated from: DD-WRT v3.0-55779 std (04/12/24) via GUI (FF), NO reset
Gateway: SmartDNS, DDNS (FreeDNS), IPv4 DHCP, Static leases, SFE Disabled, QoS Disabled
AP: 2.4GHz NG-Mixed 40MHz, 5GHz AC/N-Mixed 80MHz, WPA2 w/ AES, MAC filtering, Isolated Guest VAP on wlan1, Vanilla FW
Services: USB Storage, NAS, Samba
Storage: Samsung Portable SSD T7 Shield USB 3.2 2TB, /jffs, /opt, /data (ext4)
Joined: 16 Nov 2015 Posts: 6446 Location: UK, London, just across the river..
Posted: Wed Jan 25, 2023 17:45 Post subject:
Yep, as egc noted above router model is vital...as not all DDWRT supported routers have VPN modules...as well for a decent VPN performance you'd need a capable router...as VPN is very router CPU intensive and will downgrade your current performance...so, what is your ISP speed(your plan)?
Once you clear those points and have what you'd need, than have a look at egc OpenVPN client guide...somewhere down there was a PIA settings..mentioned...
If you struggle with the VPN set up, give us a call..Im also using PIA, will be happy to share my setup _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Joined: 15 Aug 2016 Posts: 223 Location: Melbourne, Australia
Posted: Wed Jan 25, 2023 22:02 Post subject:
PIA has a 'Split-Tunnel' option.
This means you can specify which particular app/s bypassing the VPN tunnel, while the rest going through it, on the same PC. It is an excellent feature for me.
On my PC setup, certain web browser bypasses the tunnel, i.e. 'seen' as located locally for Australia-broadcast programs, while others are seen as located o/seas.
As if the twins shall never meet.
And you have the best of both worlds! _________________ Life is a journey; travel alone makes it less enjoyable and lonely.
Joined: 16 Nov 2015 Posts: 6446 Location: UK, London, just across the river..
Posted: Wed Jan 25, 2023 22:42 Post subject:
DWCruiser wrote:
PIA has a 'Split-Tunnel' option.
This means you can specify which particular app/s bypassing the VPN tunnel, while the rest going through it, on the same PC. It is an excellent feature for me.
On my PC setup, certain web browser bypasses the tunnel, i.e. 'seen' as located locally for Australia-broadcast programs, while others are seen as located o/seas.
As if the twins shall never meet.
And you have the best of both worlds!
Yep thanks to egc, eibgrad and BS.. DDWRT has a policy based routing...where you can route selected sources...IP, interface and ect. via VPN or WAN its never been easier... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Yep thanks to egc, eibgrad and BS.. DDWRT has a policy based routing...where you can route selected sources...IP, interface and ect. via VPN or WAN its never been easier...
As well as destination based routing which is a huge bonus.
Joined: 15 Aug 2016 Posts: 223 Location: Melbourne, Australia
Posted: Thu Jan 26, 2023 0:08 Post subject:
Hmm, i've been using DDWRT's features of PBR but on source IP and subnet. I was not aware of DDWRT being capable of split-tunneling based on destination IP and others.
Time for searching on relevant features for me.
Cheers _________________ Life is a journey; travel alone makes it less enjoyable and lonely.
Many thanks all for the help so far and offer of further assistance, a very friendly and helpful forum which is much appreciated.
I'm hoping to install on a Netgear EX6200 that I have laying around, so will start to research if this is compatible or not, has VPN module or not, and if not then I'll likely invest in a Netgear R7000 or similar. Cheers all.
Joined: 15 Aug 2016 Posts: 223 Location: Melbourne, Australia
Posted: Thu Jan 26, 2023 9:40 Post subject:
This is what i found.
Destination IP option is not effective under PBR of DDWRT when your destination happens to be, say, Amazon or YouTube. And in my case, Netflix, our local ABC iView and SBS OnDemand TV channels. Each of these destinations has multiple IP addresses that render destination IP option unworkable.
But, application-based option (such as offered by PIA's) can overcome this issue. By capturing my URL destination within the app (regardless of what actual IP maybe), it sends/receives traffic to/from that destination through the pre-determined route for that app.
So, simply choosing one web-browser (e.g Microsoft Edge) for VPN tunnel and the other (e.g. FireFox) for bypassing it, problems solved.
Likewise, other cloud-accessed/based Windows applications can also be applied here.
In short, it's an effective tool for dealing with routing of destination IP over VPN tunnel on a Windows machine. While PBR of DDWRT has a broader scope on network. They compliment each other. I'd say. _________________ Life is a journey; travel alone makes it less enjoyable and lonely.
Posted: Sat Feb 11, 2023 8:33 Post subject: VPN for all devices on network without any client config
Hi all, so since my original post I gave up on trying to install onto a device i already had and purchased a Netgear R8000 that already had DD-WRT installed, version is DD-WRT v3.0-r51617 std (02/09/23).
I have got it up and running, connecting via a LAN port to my modem/router. The modem/router is operating as DHCP server to my network, the IP of the R8000 is within the IP range of the modem/router. I have disabled Wireless on the modem/router and configred wireless on the R8000 so my wireless devices are going via the R8000 and as such when OpenVPN is working they will send all traffic via VPN.
My issue now is getting OpenVPN to work which is why i bought it in the first place! After literally 8 hours of trying it still isn't working which I'm concluding from the fact that the public IP address I'm seeing for my laptop (connected wirelessly to the R8000) is the same as the IP address I can see for the modem/router on its control page. Despite this, the status->OPENVPN page in DD-WRT shows status of connected-success.
My VPN service is PIA. I've looked at the guides on the forum, configured according to what they say to do, same thing; have downloaded opvn files from PIA website and used those, same thing. Tried it with their base config files, no changes, and tried it making changes that i have found in forum posts/guides but there is a lot of conflicting information around - some saying DO NOT put anything in additional config, some saying it wont work unless you put certain things in additional config.
Here's a post of my settings from the Services-VPN page, and just to note other R8000 settings that I have set:
WAN Connection - Disabled
Operating Mode - Gateway (initially was Router but guide said to change this)
IPv6 - Disabled
DHCP Server - Disabled
Gateway - set to IP address of modem/router
Local DNS - set to IP address of modem/router
Services-VPN settings:
Also log file from Status-VPN page in case it highlights some issues: