Set up the OpenVPN on the DD-WRT Router - Part 2

Network Administration - This is the second part of the series that includes two introductions to how to set up the OpenVPN on the DD-WRT Router. A great way to set up secure connections for your network with the 'warriors' on the road or to connect remote offices. This cost-effective solution can support dozens or two VPN users.

Set up the OpenVPN on the DD-WRT Router - Part 1

In part 1 of the series, we uploaded the DD-WRT software onto the router, changed the router's IP address and subnet for several reasons and created SSL certificates for the server and OpenVPN client.

Now we will continue by enabling OpenVPN server and copying in SSL certificates. We will also enter startup scripts and firewalls. It will then configure the client and finally test it.

Configure OpenVPN Server

We can start configuring the OpenVPN server on the DD-WRT router. Start by connecting to the router. Enter the new IP address (192.168.2.1) into the web browser. Then activate and configure the server:

1. Click Services > VPN .
2. In the OpenVPN Daemon area, enable Start OpenVPN .
3. With Start Type , select WAN Up .

With the boxes below, enter the contents of the certificate file specified below:

1. Public Server Cert: ca.crt
2. Certificate Revoke List: (left blank)
3. Public Client Cert: server.crt. Do not enter the first part of the file. Like other components, start with ----- BEGIN CERTIFICATE ----- and end with ----- END CERTIFICATE ----- .
4. Private Client Key: server.key
5. DH PEM: dh1024.pem
6. OpenVPN Config: (see below)
7. OpenVPN TLS Auth: (left blank)

Open each certificate file in Notepad to view the content. Some files you can right-click, select Open With and Notepad . Some of you may have to open and then choose Notepad as the program is opened.

With the OpenVPN Config box, enter the following configuration parameters:

 server mode 

 proto udp 

 port 1194 

 dev tap0 

 server-bridge 192.168.2.2 255.255.255.0 192.168.2.200 192.168.2.249 

 keepalive 10 120 

 daemon 

 verb 5 

 client-to-client 

 dh /tmp/openvpn/dh.pem 

 ca /tmp/openvpn/ca.crt 

 /tmp/openvpn/cert.pem cert 

 key /tmp/openvpn/key.pem 

 management localhost 5001 

When you're done entering all this information, click Apply Settings .

Startup configuration and Firewall

At this point you must enter the boot script so that the server can start during boot. Then you must enter the firewall script so that the VPN traffic can pass. On the DD-WRT control panel, click Administration> Commands .

Paste the following paragraph and click Save Startup :

 openvpn --mktun --dev tap0 

 brctl addif br0 tap0 

 ifconfig tap0 0.0.0.0 promisc up 

 Paste the following and click Save Firewall: 

 iptables -A INPUT -i tap0 -j ACCEPT 

 iptables -I INPUT -p udp --dport 1194 -j ACCEPT 

Restart the router

Now everything is set for the OpenVPN server on the router, restart it. You can do so by unplugging the router source for a few seconds or by going through the control panel by clicking the Administration tab and clicking the Reboot Router button at the bottom.

Configure the Windows client

Next, you must set up the clients, the computers you want to connect to the VPN server. Start by downloading and installing OpenVPN on each computer using Windows Installer.

Now open Notepad and paste into the following configuration parameters:

 remote XXX.XXX.XXX.XXX 1194 

 client 

 dev tap0 

 proto udp 

 resolv-retry infinite 

 nobind 

 persist-key 

 persist-tun 

 float 

 ca.crt 

 client1.crt cert 

 client1.key key 

 ns-cert-type server 

Need to change the remote address in the preamble with the IP address of the WAN or the Internet. You can use a hostname, such as for a dynamic DNS service, if the Internet connection does not have a static IP. In addition, it is necessary to ensure the correct client certificate name and key.

Save the Notepad file with the .ovpn extension to the following location: C: Program FilesOpenVPNconfig. To save with another extension, you will have to change the Save as Type option on the Save from Text Files dialog box to All Files .

You must also copy the three lines below the line from the computer and the folder where you created the certificates (C: Program FilesOpenVPNeasy-rsakeys) to the client in the C: Program FilesOpenVPNconfig folder.

1. ca.crt
2. client1.crt
3. client1.key

It should be noted that the names of each client certificate and key may be different; Select the correct name for each client.

Configure additional DD-WRT routers

If you want to connect offices together, you can set up DD-WRT secondary routers at other locations. It can then use its OpenVPN client to connect back to the VPN server you just configured. Configuring the client is completely simple, this is how to configure them:

1. Click Services> VPN .
2. With OpenVPN Client, click Enable .
3. With the IP / Name Server , enter the WAN / Internet IP address or hostname of the DD-WRT router configuring OpenVPN Server.

With the boxes below, enter the contents of the certificate file specified below:

1. Public Server Cert: ca.crt
2. Public Client Cert: client1.crt. Do not enter the first part of the file. Like other components, start with ----- BEGIN CERTIFICATE ----- and end with ----- END CERTIFICATE ----- .
3. Private Client Key: client1.key

Kiểm TRA

After you have completed the above steps, you can connect. If the OpenVPN GUI has not been loaded into the system tray, the bottom right corner of Windows, launch the program right now. Click Start> All Programs> OpenVPN> OpenVPN GUI .

Right-click the OpenVPN GUI icon in the system tray and select Connect .

You can now access the DD-WRT router and shared components on the local network, where OpenVPN server is residing.

Remember that you are connecting to a WAN or Internet address so you should connect from outside the DD-WRT router's local area network, for example from another location on the Internet.

If you want to test the server without moving to another location, connect to the DD-WRT router from the WAN / Internet port to the Ethernet port on another network or other router. Ensure that the DD-WRT router has a WAN IP address; Use this address in the OpenVPN configuration file on the test client. You can then access the other network and connect to the OpenVPN server. This way will simulate a connection from the Internet. When you're done and want to use it via the Internet, cancel the DD-WRT router connection and plug it directly into the Internet modem.

We can view the OpenVPN status and connections in DD-WRT by clicking Status> OpenVPN.