Netgear R7000p Openvpn for an Ethenet port

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Goto page 1, 2  Next
Author Message
ccorrea
DD-WRT Novice


Joined: 30 Aug 2024
Posts: 8

PostPosted: Fri Aug 30, 2024 21:09    Post subject: Netgear R7000p Openvpn for an Ethenet port Reply with quote
Hi guys need your help regading the following:

Netgear R7000p
Firmware: DD-WRT v3.0-r58163 std (08/25/24)

I need your help for creating iptables or anything that allow me to have only one dedicated ethernet port for Openvpn (Cyberghost) and if the VPN is down, shut down the internet access for that Ethernet port.
Sponsor
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 9354

PostPosted: Fri Aug 30, 2024 23:01    Post subject: Reply with quote
You just need to use the GUI to create a new unbridged VLAN (e.g., vlan3) w/ a dedicated port assignment (move it from vlan1 to your new VLAN) and assign it a new IP network (e.g., 192.168.2.1/24). Then using PBR (policy based routing) w/ the OpenVPN client to only route that traffic over the VPN, while enabling the kill switch option.
_________________
ddwrt-bind-static-routes-to-wan.sh (UPDATED! 11/12/24) * ddwrt-blacklist-domains.sh * ddwrt-dns-monitor.sh * ddwrt-ovpn-client-backup.sh * ddwrt-ovpn-client-killswitch.sh * ddwrt-ovpn-client-watchdog.sh * ddwrt-ovpn-server-watchdog.sh * ddwrt-ovpn-split-advanced.sh * ddwrt-ovpn-split-basic.sh * ddwrt-mount-usb-drives.sh * ddwrt-wol-port-forward.sh


Last edited by eibgrad on Sat Aug 31, 2024 2:59; edited 2 times in total
ccorrea
DD-WRT Novice


Joined: 30 Aug 2024
Posts: 8

PostPosted: Fri Aug 30, 2024 23:28    Post subject: Reply with quote
How can I assign an ip network address to a vlan?
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 9354

PostPosted: Fri Aug 30, 2024 23:52    Post subject: Reply with quote
Once you create the VLAN, go to Setup->Networking->Interface Setup. You should see the new VLAN, and probably configured as Default. If you change it to Unbridged, it will reveal addition options which include IP assignment, NAT, etc. You can also add a DHCP server for the new VLAN at the bottom of that same page.

Note, when dealing w/ new VLANs and VAPs, you might have to reboot between changes before all options will appear or otherwise be configurable. IOW, the system doesn't always immediately recognize these types of changes appropriately w/o a reboot.

_________________
ddwrt-bind-static-routes-to-wan.sh (UPDATED! 11/12/24) * ddwrt-blacklist-domains.sh * ddwrt-dns-monitor.sh * ddwrt-ovpn-client-backup.sh * ddwrt-ovpn-client-killswitch.sh * ddwrt-ovpn-client-watchdog.sh * ddwrt-ovpn-server-watchdog.sh * ddwrt-ovpn-split-advanced.sh * ddwrt-ovpn-split-basic.sh * ddwrt-mount-usb-drives.sh * ddwrt-wol-port-forward.sh
ccorrea
DD-WRT Novice


Joined: 30 Aug 2024
Posts: 8

PostPosted: Sat Aug 31, 2024 2:20    Post subject: Reply with quote
So for so good, but how can I configure the killswitch?
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 9354

PostPosted: Sat Aug 31, 2024 2:26    Post subject: Reply with quote
The kill switch is just a checkbox on the VPN page.
_________________
ddwrt-bind-static-routes-to-wan.sh (UPDATED! 11/12/24) * ddwrt-blacklist-domains.sh * ddwrt-dns-monitor.sh * ddwrt-ovpn-client-backup.sh * ddwrt-ovpn-client-killswitch.sh * ddwrt-ovpn-client-watchdog.sh * ddwrt-ovpn-server-watchdog.sh * ddwrt-ovpn-split-advanced.sh * ddwrt-ovpn-split-basic.sh * ddwrt-mount-usb-drives.sh * ddwrt-wol-port-forward.sh
ccorrea
DD-WRT Novice


Joined: 30 Aug 2024
Posts: 8

PostPosted: Sat Aug 31, 2024 2:33    Post subject: Reply with quote
Thank you so much, how can I simulate the VPN is down just be sure any device is not accessing the Internet?
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 9354

PostPosted: Sat Aug 31, 2024 2:53    Post subject: Reply with quote
Using ssh or telnet, kill the running OpenVPN client process.

Code:
kill $(ps | grep [o]penvpncl | cut -d ' ' -f1)

_________________
ddwrt-bind-static-routes-to-wan.sh (UPDATED! 11/12/24) * ddwrt-blacklist-domains.sh * ddwrt-dns-monitor.sh * ddwrt-ovpn-client-backup.sh * ddwrt-ovpn-client-killswitch.sh * ddwrt-ovpn-client-watchdog.sh * ddwrt-ovpn-server-watchdog.sh * ddwrt-ovpn-split-advanced.sh * ddwrt-ovpn-split-basic.sh * ddwrt-mount-usb-drives.sh * ddwrt-wol-port-forward.sh
ccorrea
DD-WRT Novice


Joined: 30 Aug 2024
Posts: 8

PostPosted: Sat Aug 31, 2024 2:56    Post subject: Reply with quote
eibgrad, thank you so much for your help
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 13426
Location: Netherlands

PostPosted: Sat Aug 31, 2024 5:34    Post subject: Reply with quote
Questions about OpenVPN (PBR, Killswitch etc.) can be found in the OpenVPN guides a sticky (first few sticky threads) in this forum.
See: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327398

In your case you need the OpenVPN Client setup guide

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
ccorrea
DD-WRT Novice


Joined: 30 Aug 2024
Posts: 8

PostPosted: Sun Sep 01, 2024 23:05    Post subject: Reply with quote
Hi, I need your help again, after a night without using the VPN I see it is down, what can I do for always having the VPN up and running?
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 9354

PostPosted: Mon Sep 02, 2024 0:14    Post subject: Reply with quote
Enable the Watchdog option on the OpenVPN client.

As @egc indicated previously, a lot of this information is already provided in the OpenVPN Client Setup Guide.

_________________
ddwrt-bind-static-routes-to-wan.sh (UPDATED! 11/12/24) * ddwrt-blacklist-domains.sh * ddwrt-dns-monitor.sh * ddwrt-ovpn-client-backup.sh * ddwrt-ovpn-client-killswitch.sh * ddwrt-ovpn-client-watchdog.sh * ddwrt-ovpn-server-watchdog.sh * ddwrt-ovpn-split-advanced.sh * ddwrt-ovpn-split-basic.sh * ddwrt-mount-usb-drives.sh * ddwrt-wol-port-forward.sh
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 9354

PostPosted: Mon Sep 02, 2024 11:40    Post subject: Reply with quote
P.S. I'm not sure if the OpenVPN Client Setup Guide mentions this directly (TLDR), but for maximum reliability, it's generally a good idea to specify *multiple* servers within the OpenVPN client configuration. Chances are the use of a domain name for the server will result in multiple possible IPs for the client to choose from should any fail to connect. But in the event this isn't the case, or the VPN provider only offers explicit IPs, it's best to specify at least three (3) servers in case any one goes down for an extended period of time (e.g., for maintenance). In such a situation, it's NOT going to matter if the watchdog is running if the one and only server available in the config remains unreachable.
_________________
ddwrt-bind-static-routes-to-wan.sh (UPDATED! 11/12/24) * ddwrt-blacklist-domains.sh * ddwrt-dns-monitor.sh * ddwrt-ovpn-client-backup.sh * ddwrt-ovpn-client-killswitch.sh * ddwrt-ovpn-client-watchdog.sh * ddwrt-ovpn-server-watchdog.sh * ddwrt-ovpn-split-advanced.sh * ddwrt-ovpn-split-basic.sh * ddwrt-mount-usb-drives.sh * ddwrt-wol-port-forward.sh
ccorrea
DD-WRT Novice


Joined: 30 Aug 2024
Posts: 8

PostPosted: Wed Sep 04, 2024 20:46    Post subject: Reply with quote
Hello Guys, I'm having another issue.

As you know I have the Netgear R7000p with a dedicated ethernet port for a VLAN that I'm only using for one PC for accesing thru the CyberGhost VPN (OpenVPN), so when I test its speed (using speedtest) it shos around 30 Mbps (too slow). But when I do the same test with the Cyberghost app using a port outside the VLAN I mensioned previusly (the one dedicated for OpenVPN), I have around 270 Mbps.

So, what can I do to increase speed on the VPN for the dedicated VLAN?
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 13426
Location: Netherlands

PostPosted: Wed Sep 04, 2024 21:19    Post subject: Reply with quote
Use WireGuard instead of OpenVPN, should give you three times the speed of openvpn, my R7000 does over 100 Mb on WireGuard.
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Goto page 1, 2  Next Display posts from previous:    Page 1 of 2
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum