Setting up your own VPN server at home with DDWRT
I have FIOS at home, and FIOS includes a mobile app for Android and iPhone that lets you watch live TV on your device as long as you are connected to your home Wi-Fi network with a FIOS router. Of course, if I am at home I can just watch stuff on my large screen TV, I was more interested in watching TV while away from home or while commuting.
So the obvious answer is to setup a VPN server at home, and connect-in. For this, I repurposed a old Asus Wifi Router I had lying around. I had Asus ML-520gU which is good enough to run DD-WRT with OpenVPN server.
Here's some notes on how to setup OpenVPN on a second router that sits behind the main FIOS ActionTec router:
Install DD-WRT on your router. Make sure you upgrade to the firmware with VPN support.
Once you have installed DD-WRT, follow the instructions here to generate the keys and enable OpenVPN - http://www.dd-wrt.com/wiki/index.php/OpenVPN
I had account for some differences in my network and changed the configuration to work for me. I wanted the DD-WRT router to behind my primary FIOS router with a public facing IP, so I put the router in "Access Point" mode - which just means disabling DHCP, and having the router act as a switch and assign IP addresses in the same subnet as the primary router. See http://www.dd-wrt.com/wiki/index.php/Wireless_Access_Point
-
Here's what my openvpn config looks like:
push "route 192.168.1.0 255.255.255.0" server 192.168.3.0 255.255.255.0 push "redirect-gateway def1" push "dhcp-option DNS 208.67.220.220" push "dhcp-option DNS 208.67.222.222" dev tun0 proto udp port 1194 keepalive 10 120 dh /tmp/openvpn/dh.pem ca /tmp/openvpn/ca.crt cert /tmp/openvpn/cert.pem key /tmp/openvpn/key.pem # Only use crl-verify if you are using the revoke list - otherwise leave it commented out # crl-verify /tmp/openvpn/ca.crl # management parameter allows DD-WRT's OpenVPN Status web page to access the server's management port # port must be 5001 for scripts embedded in firmware to work management localhost 5001
The first line (192.168.1.0/32) is my LAN network
The second line is the ip address range for the VPN clients
Third line routes all traffic through the VPN on the client, making this the default gateway. Without this line you will be able to reach the internal network, but all your internet traffic would get routed through your non-VPN connection.
For the client, create a OVPN file and include the certs in the same folder and distribute it to your client. Here's how my oVPN files looks like:
# Zoheb VPN Client Configuration
client
dev tun
proto udp
remote 108.41.XX.XXX 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
ns-cert-type server
verb 3
Note that if you have "comp-lzo" in this client config, you need to enable it on the server as well or you will see compression related error messages.
It took me a bit of trial and error to get this working, so hope the notes above help others trying to setup OpenVPN on DD-WRT.
Written by Zoheb Sait
Related protips
2 Responses
Hey there.. would you mind telling me if you added anything to Firewall in DDWRT. I hae exactly same setup as yours [Modem] 1->[Main Router] 2->[ddwrt router] 3(as switch)[acting as openVPN server]. The issue is , I am able to connect to the VPN server but not able to get connected to the internet or reach out any client machines hooked to my main router. My main router is set up to 192.168.X.Y and my DDwrt router IP is 192.168.X.Z and VPN server is 10.8.0.0 . Not sure what else I am missing . Note that I have firewall disabled on ddwrt as it was advised to do so from the link you provided to configure the router as a Switch
Hey there.. would you mind telling me if you added anything to Firewall in DDWRT. I hae exactly same setup as yours [Modem] 1->[Main Router] 2->[ddwrt router] 3(as switch)[acting as openVPN server]. My issue is , I am able to connect to the VPN server but not able to get internet or reach out any client machines hooked to my main router. My main router is set up to 192.168.X.Y and my DDwrt router IP is 192.168.X.Z and VPN server is 10.8.0.0 . Not sure what else I am missing . Note that I have my firewall disabled on ddwrt as it was advised to do from the link you provided to configure it as Switch