I have FIOS at home, and FIOS includes a mobile app for Android and iPhone that lets you watch live TV on your device as long as you are connected to your home Wi-Fi network with a FIOS router. Of course, if I am at home I can just watch stuff on my large screen TV, I was more interested in watching TV while away from home or while commuting.
So the obvious answer is to setup a VPN server at home, and connect-in. For this, I repurposed a old Asus Wifi Router I had lying around. I had Asus ML-520gU which is good enough to run DD-WRT with OpenVPN server.
Here's some notes on how to setup OpenVPN on a second router that sits behind the main FIOS ActionTec router:
Install DD-WRT on your router. Make sure you upgrade to the firmware with VPN support.
Once you have installed DD-WRT, follow the instructions here to generate the keys and enable OpenVPN - http://www.dd-wrt.com/wiki/index.php/OpenVPN
I had account for some differences in my network and changed the configuration to work for me. I wanted the DD-WRT router to behind my primary FIOS router with a public facing IP, so I put the router in "Access Point" mode - which just means disabling DHCP, and having the router act as a switch and assign IP addresses in the same subnet as the primary router. See http://www.dd-wrt.com/wiki/index.php/Wireless_Access_Point
Here's what my openvpn config looks like:
push "route 192.168.1.0 255.255.255.0" server 192.168.3.0 255.255.255.0 push "redirect-gateway def1" push "dhcp-option DNS 22.214.171.124" push "dhcp-option DNS 126.96.36.199" dev tun0 proto udp port 1194 keepalive 10 120 dh /tmp/openvpn/dh.pem ca /tmp/openvpn/ca.crt cert /tmp/openvpn/cert.pem key /tmp/openvpn/key.pem # Only use crl-verify if you are using the revoke list - otherwise leave it commented out # crl-verify /tmp/openvpn/ca.crl # management parameter allows DD-WRT's OpenVPN Status web page to access the server's management port # port must be 5001 for scripts embedded in firmware to work management localhost 5001
The first line (192.168.1.0/32) is my LAN network
The second line is the ip address range for the VPN clients
Third line routes all traffic through the VPN on the client, making this the default gateway. Without this line you will be able to reach the internal network, but all your internet traffic would get routed through your non-VPN connection.
For the client, create a OVPN file and include the certs in the same folder and distribute it to your client. Here's how my oVPN files looks like:
# Zoheb VPN Client Configuration client dev tun proto udp remote 108.41.XX.XXX 1194 resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert client1.crt key client1.key ns-cert-type server verb 3
Note that if you have "comp-lzo" in this client config, you need to enable it on the server as well or you will see compression related error messages.
It took me a bit of trial and error to get this working, so hope the notes above help others trying to setup OpenVPN on DD-WRT.