Set up the OpenVPN on the DD-WRT Router - Part 2

How to set up the OpenVPN on the DD-WRT Router, a great way to establish secure connections for your network with 'militants' on the road or to connect remote offices.

Network Administration - This is the second part of the series that includes two introductions to how to set up the OpenVPN on the DD-WRT Router. A great way to set up secure connections for your network with the 'warriors' on the road or to connect remote offices. This cost-effective solution can support dozens or two VPN users.

Set up the OpenVPN on the DD-WRT Router - Part 2 Picture 1 Set up the OpenVPN on the DD-WRT Router - Part 2 Picture 1 Set up the OpenVPN on the DD-WRT Router - Part 1

In part 1 of the series, we uploaded the DD-WRT software onto the router, changed the router's IP address and subnet for several reasons and created SSL certificates for the server and OpenVPN client.

Now we will continue by enabling OpenVPN server and copying in SSL certificates. We will also enter startup scripts and firewalls. It will then configure the client and finally test it.

Configure OpenVPN Server

We can start configuring the OpenVPN server on the DD-WRT router. Start by connecting to the router. Enter the new IP address (192.168.2.1) into the web browser. Then activate and configure the server:

Click Services > VPN .
In the OpenVPN Daemon area, enable Start OpenVPN .
With Start Type , select WAN Up .

With the boxes below, enter the contents of the certificate file specified below:

Public Server Cert: ca.crt
Certificate Revoke List: (left blank)
Public Client Cert: server.crt. Do not enter the first part of the file. Like other components, start with ----- BEGIN CERTIFICATE ----- and end with ----- END CERTIFICATE ----- .
Private Client Key: server.key
DH PEM: dh1024.pem
OpenVPN Config: (see below)
OpenVPN TLS Auth: (left blank)

Open each certificate file in Notepad to view the content. Some files you can right-click, select Open With and Notepad . Some of you may have to open and then choose Notepad as the program is opened.

With the OpenVPN Config box, enter the following configuration parameters:

 server mode

 proto udp

 port 1194

 dev tap0

 server-bridge 192.168.2.2 255.255.255.0 192.168.2.200 192.168.2.249

 keepalive 10 120

 daemon

 verb 5

 client-to-client

 dh /tmp/openvpn/dh.pem

 ca /tmp/openvpn/ca.crt

 /tmp/openvpn/cert.pem cert

 key /tmp/openvpn/key.pem

 management localhost 5001

When you're done entering all this information, click Apply Settings .

Set up the OpenVPN on the DD-WRT Router - Part 2 Picture 2 Set up the OpenVPN on the DD-WRT Router - Part 2 Picture 2

Startup configuration and Firewall

At this point you must enter the boot script so that the server can start during boot. Then you must enter the firewall script so that the VPN traffic can pass. On the DD-WRT control panel, click Administration> Commands .

Paste the following paragraph and click Save Startup :

 openvpn --mktun --dev tap0

 brctl addif br0 tap0

 ifconfig tap0 0.0.0.0 promisc up

 Paste the following and click Save Firewall:

 iptables -A INPUT -i tap0 -j ACCEPT

 iptables -I INPUT -p udp --dport 1194 -j ACCEPT

Restart the router

Now everything is set for the OpenVPN server on the router, restart it. You can do so by unplugging the router source for a few seconds or by going through the control panel by clicking the Administration tab and clicking the Reboot Router button at the bottom.

Configure the Windows client

Next, you must set up the clients, the computers you want to connect to the VPN server. Start by downloading and installing OpenVPN on each computer using Windows Installer.

Now open Notepad and paste into the following configuration parameters:

 remote XXX.XXX.XXX.XXX 1194

 client

 dev tap0

 proto udp

 resolv-retry infinite

 nobind

 persist-key

 persist-tun

 float

 ca.crt

 client1.crt cert

 client1.key key

 ns-cert-type server

Need to change the remote address in the preamble with the IP address of the WAN or the Internet. You can use a hostname, such as for a dynamic DNS service, if the Internet connection does not have a static IP. In addition, it is necessary to ensure the correct client certificate name and key.

Save the Notepad file with the .ovpn extension to the following location: C: Program FilesOpenVPNconfig. To save with another extension, you will have to change the Save as Type option on the Save from Text Files dialog box to All Files .

You must also copy the three lines below the line from the computer and the folder where you created the certificates (C: Program FilesOpenVPNeasy-rsakeys) to the client in the C: Program FilesOpenVPNconfig folder.

ca.crt
client1.crt
client1.key

It should be noted that the names of each client certificate and key may be different; Select the correct name for each client.

Configure additional DD-WRT routers

If you want to connect offices together, you can set up DD-WRT secondary routers at other locations. It can then use its OpenVPN client to connect back to the VPN server you just configured. Configuring the client is completely simple, this is how to configure them:

Click Services> VPN .
With OpenVPN Client, click Enable .
With the IP / Name Server , enter the WAN / Internet IP address or hostname of the DD-WRT router configuring OpenVPN Server.

With the boxes below, enter the contents of the certificate file specified below:

Public Server Cert: ca.crt
Public Client Cert: client1.crt. Do not enter the first part of the file. Like other components, start with ----- BEGIN CERTIFICATE ----- and end with ----- END CERTIFICATE ----- .
Private Client Key: client1.key

Kiểm TRA

After you have completed the above steps, you can connect. If the OpenVPN GUI has not been loaded into the system tray, the bottom right corner of Windows, launch the program right now. Click Start> All Programs> OpenVPN> OpenVPN GUI .

Right-click the OpenVPN GUI icon in the system tray and select Connect .

You can now access the DD-WRT router and shared components on the local network, where OpenVPN server is residing.

Remember that you are connecting to a WAN or Internet address so you should connect from outside the DD-WRT router's local area network, for example from another location on the Internet.

If you want to test the server without moving to another location, connect to the DD-WRT router from the WAN / Internet port to the Ethernet port on another network or other router. Ensure that the DD-WRT router has a WAN IP address; Use this address in the OpenVPN configuration file on the test client. You can then access the other network and connect to the OpenVPN server. This way will simulate a connection from the Internet. When you're done and want to use it via the Internet, cancel the DD-WRT router connection and plug it directly into the Internet modem.

We can view the OpenVPN status and connections in DD-WRT by clicking Status> OpenVPN.