Set up the OpenVPN on the DD-WRT Router - Part 1

Network administration - VPN connections allow you to access files remotely or connect remote offices to each other via secure channels on the Internet . They are even useful in protecting Internet connections or public Wi-Fi hotspots, which can hide Internet traffic from local snoopers.

If not many users use VPN, you can consider setting up your own VPN server using DD-WRT router software. If you have a compatible wireless router, you can load the software on it. This method allows you to get an OpenVPN server and guest and many other interesting features. You can set up remote access connections or site-to-site connections to connect offices together.

DD-WRT supports two other VPN protocols: Point-to-Point Tunneling Protocol (PPTP), very popular protocol but with vulnerability and OpenVPN , protocol using Secure Sockets Layer (SSL) and Transport Layer Security (TLS ) provide safer solutions. In this two-part tutorial, we will set up and use OpenVPN.

In the first part of this two-part series, we will show you how to use the router with DD-WRT software, change the router's IP address and subnet for many reasons, create certificates. SSL. In the second part, I will show you how to configure the OpenVPN server, create firewall scripts and start, configure the client, and then test it.

This tutorial is implemented using the VPn variant of DD-WRT v24-SP2. To create SSL certificates and clients, we used OpenVPN 2.1.1. Steps in using other software versions or OpenVPN may vary.

Set up the OpenVPN on the DD-WRT Router - Part 1 Picture 1

Use Router with VPN version of DD-WRT

First, make sure you're using a DD-WRT compatible wireless router and have enough NVRAM storage space. You can follow the instructions to use or upload the VPN version of DD-WRT for your router.

To check the availability of NVRAM, you must use Telnet or SSH with the router. PuTTY can be downloaded and used. Select Telnet as the Connection Type type and enter the router's IP address (192.168.1.1). Then, with DD-WRT Login, enter 'root'. If you created the password via the control panel on the web, use it; Otherwise, use the default login "admin".

When logging in via Telnet, enter the following command:

 nvram show | grep size 

If there are more than 5,200 bytes, this capacity is perfectly fine.

Change the IP and Subnet of the router

Remember, the VPN connection registers two or more networks. Therefore, it is necessary to ensure that the subnet of the network and IPs is not conflicted. So if you plan to use VPN connections from the Internet or public Wi-Fi hotspots, make sure your local network and VPN network are not set up the same subnet.

Since DD-WRT uses a general IP 192.168.1.1, we should change this IP:

Start by connecting to the router and invoking the web console by entering the IP address (192.168.1.1) into the browser. Then, click the Setup tab and in the Router IP area, change the Local IP Address to 192.168.2.1, and click Apply Settings .

At this point, you must use the new IP (192.168.2.1) to log in to the DD-WRT control panel.

Create server and client certificates

You must download and install OpenVPN on your computer by using Windows Installer. It is possible to use Linux computers to do this, but we will use Windows computers. Once installed, here's how to get started:

1. Open Command Prompt: click Start , type cmd , and press Enter .
2. Then switch to another folder by typing: cd C: Program FilesOpenVPNeasy-rsa
3. Run the .bat file to create configuration files by typing: init-config
4. To open the Command Prompt prompt window for future use.

Open the Computer window and browse to the folder C: Program FilesOpenVPNeasy-rsa . Right-click the vars.bat file and click Edit . You must then set up all the settings below:

1. KEY_COUNTRY
2. KEY_PROVINCE
3. KEY_CITY
4. KEY_ORG
5. KEY_EMAIL

You can change the default values, the value after the equal sign of each parameter. Need to save your changes when done.

Go back to the Command Prompt prompt and initialize the PKI by entering the following commands:

 vars 
 clean-all 
 build-ca 

After creating the final command, you will see a prompt for the parameters just set in the vars.bat file. Click Enter to accept those parameters. You can leave the Organizational Unit Name blank. However, you need to enter the Common Name section. A lot of things can work. We have used "OpenVPN-CA".

You can now create a certificate and private key for the server by entering the following command:

 build-key-server server 

When prompted about the parameters again. Accept the default values ​​for the things you set up in the vars.bat file. For Common Name, enter "server". Be sure to enter a secure password that you will remember or save in a secure location. When prompted to sign and commit to the certificate, enter "y".

You can now create certificates for the client or the computer will connect to the OpenVPN server on the DD-WRT router. You must create each certificate for each client. Just enter "build-key", followed by spaces and names. For example, with the following three clients:

 build-key client1 
 build-key client2 
 build-key client3 

Next, you will be prompted for the parameters. Choose a unique name. You can use certificate names, such as client1, client2 or client3.

Note : If you find that you have to create additional client certificates, return to the easy-rsa folder in the Command Prompt, and type "vars", then do the 'build-key' command, for example as build-key client2 .

Next, create Diffie Hellman parameters by typing:

 build-dh 

Finally, you will see all certificates in the following directory: C: Program FilesOpenVPNeasy-rsakeys

It should be noted that the CA, the server and all client keys need to be protected and private.