SEARCH

How-To Geek

How to Setup a VPN Server Using a DD-WRT Router

We have previously covered how to set up a PPTP VPN Server using Debian Linux here on Sysadmin Geek, however if you are already utilizing a DD-WRT firmware based router in your network then you can easily configure your router to act as the PPTP VPN Server.

DD-WRT Configuration

Before setting up the VPN Server, you must first make sure your installed build of DD-WRT includes the PPTP VPN features. The DD-WRT feature list shows this as “PPTP / PPTP Client” on their chart. Check the installed version on your router (which you can see in the upper right corner on the configuration pages) against the chart. If the feature is not included in your build, you will need to flash your router with a DD-WRT version which does include the “PPTP / PPTP Client”.

image

To turn on the PPTP VPN Server, navigate to the Services tab and then the VPN sub-tab and select the option to enable the PPTP Server.

image

Once enabled, several previously hidden options will appear. Configure them as follows:

  • Server IP: Public IP address of the router
  • Client IP(s): List of local IP’s (respective to the VPN network) to use when assigning IP addresses to clients connecting through the VPN. In our example, we are setting aside 5 IP addresses (192.168.16.5, .6, .7, .8, .9) for use by the VPN clients.
  • CHAP-Secrets: User name and passwords for VPN authentication. The format is “user * password *” (user[space]*[space]password[space]*), with each entry on its own line. In our example, there is just a single accepted user name (jfaulkner) and password (SecretPassword1).

You can view detailed documentation on all of these options by clicking the “Help more…” link on this page on the right side of the DD-WRT configuration.

image

Once you are finished, click the Apply Settings button to push the configuration through to your DD-WRT router and you are finished.

image

Connecting to the PPTP VPN Server

Once you have your DD-WRT router configured, all that is left is to simply connect your client computers to the VPN. For our example, we will be showing how this is done using Windows 7 Professional.

In the Network and Sharing Center of the Control Panel, click the option to set up a new network connection.

image

Select the option to connect to a workplace VPN.

image

If you have existing connections, they will be displayed here. For our example, we want to create a new connection.

image

Select the option to use your Internet connection to connect to the VPN.

image

Enter the domain or IP address of your VPN Server (the public IP address of the DD-WRT router configured above) and give a title to the VPN connection.

image

Enter the credentials for your VPN login which was configured in the DD-WRT router settings. Click Connect.

image

After a few moments, if everything is configured correctly, you should be connected to the PPTP VPN Server on the DD-WRT router.

image

Running ‘ipconfig’ on the local machine should show you are connected to both the VPN and your existing internet connection.

image

Once connected, you can now access all the resources on the VPN as though you were connected to the network locally.

 

DD-WRT Build Features Diagram

Jason Faulkner is a developer and IT professional who never has a hot cup of coffee far away. Interact with him on Google+

  • Published 11/15/10

Comments (19)

  1. Raul

    Will it works with ios 4 ?

  2. charlie

    There may be issues getting this to work with iPhones and iPod Touches. In my case, I was required tweak the pptpd options, as on this page: http://www.dd-wrt.com/wiki/index.php/PPTP_Server_Configuration

    Specifically, I added this command to the DD-WRT startup commands:
    sed -i -e ‘s/mppe .*/mppe required,stateless/’ /tmp/pptpd/options.pptpd

  3. Jason Faulkner

    @Raul – as long as the guest OS supports VPN connections, it should.

  4. Cameron Gladman

    Has anyone got this to work with Win 7? I keep getting Error 807.

    1. ICS is disabled
    2. Windows Firewall is disabled
    3. IPv6 is turned off.
    4, Manually set the client protocol to PPTP.

    Don’t get it yet. DD-WRT is fine as far as I can tell.

  5. jasray

    Thanks! I was wondering what I was doing incorrectly. Is there a free portable VPN client which can be used rather than the Windows native client?

  6. XanALaOM00

    kk… I don’t mean to be-little this article… but Point-to-point tunneling protocol alone isn’t all that great anymore. a much better method would be to just run this through an IPSec Tunnel. infact that guide would be very welcomed by the veteran geeks out there. If the geek is willing to, he should make both an SSLVPN based tutorial and IPSec based using either Windows Server or a Linux variant.

  7. Aviad (a.k.a Hotfortech)

    Cameron Gladman@
    i’m using win7 on all of my machines since win7 became RTM and everything is fine… although admittedly i have been using the client settings as they are described in *my* guide:
    http://sysadmingeek.com/articles/setting-up-a-vpn-pptp-server-on-debian/

    all the things you have done seem to be correct, however you may want to try setting the “Data encryption” to “optional” and only use MS-CHAP v2.

    if you are still unable to connect, you will need to go back to the drawing board to figure out what is a miss.

  8. Robert

    First @XanALaOM00 & the “belittle” issue … the point of the article is how to do one of the VPN options on a wireless router that is running DD-WRT an open firmware replacement.. the point being this is just *one* way to do a VPN. Also note, that at the very beginning of the article the geek points out “..we have previously covered …on debian linux” ….soooo … this is just another way, and would be suggestive of *if* you have this hardware you can do “x” … running *any* other OS requires a machine … rather than a 50 dollar wireless router. (even the cheapest atom system is near 100 bucks, not expensive, but also requires a user to do way more than just turn on a few settings in what looks like a Linksys setup screen)

    Second … I’ve done this.. yes its only marginally better security than nothing at all … but if you don’t need serious security, or you don’t have the resources (spare computer, etc) this is a really good option.

    In doing this however… I’ve had problems (most notably) in getting to Google and its related and partner sites. To solve the problem on both XP and Vista, I had to modify values for MTU when using PPTP on the respective machine in the registry. Lowering the MTU solved my problems though, and at least (for free) I’ve now got a slightly more secure connection to the internet by VPN’ing back to home when I’m at a borders, or mcdonalds.. etc..

  9. Eric Yendall

    If I understand the concept and terminology correctly, this sets up a vpn access for calling in to your computer from an outside location. Correct?

    Do you have a tutorial, or can otherwise help me, set up permanently for accessing a commercial vpn server for surfing the internet? I want a persistent connection for my wifi network. I have my service’s configuration files.

    Thanks.

  10. Sam

    This article does what it says. I used verbatim on my Windows 7, buffalo router using DD-WRT and it worked fine.

    However, I am not sure if PPTP is the best way cause it does bring the connection speed down quite significantly. My non vpn download speed is about 20MB but with I do the vpn it drops down to about 10MB?

    Is there any way to speed this thing up?

    Thanks,
    Sam.

  11. Stefan

    Hi there,

    as beeing a newbee to VPN the point “Server IP: Public IP address of the router” confuses me, because another tutorials says “Server IP: a free IP in the LAN segment”. So what??? Would be very nice, if anyone could tell me.
    Thx a lot
    Wheely16

  12. Jason Faulkner

    @Stefan – The “Server IP” value the article is referring to must be your public IP because this is what external clients will use to contact the VPN server.
    This is what I have set in my configuration and it works with no issue.

  13. Stefan

    @Jason – Thx for your reply and I understand your argumentation. There has to be a public IP to acces the VPN, but maybe it’s also possible to use a private IP for the Server IP and do some port forwarding within the router to make that local IP accessible from outside. I think I read about port 1723 in conjunction with PPTP.

    Maybe you want to have a look at the site I refered (http://www.administrator.de/index.php?content=67666). It’s in German sorry. The part I refered says:

    … For the server IP write in a free LAN IP out of the local LAN interface of the router. These local LAN Server IP must not be within local DHCP area but has to be outside of √≠t. In addition these local IP must not be given to a static client …

    So it’s not only a writing mistake. Maybe they simply forgot the port forwarding term or I’m simply to blind to find it. What do you think about?

    lookiing forward to read you opinion

  14. Jason Faulkner

    @Stefan – I see what you are saying but I don’t quite see why you would want to set up a VPN inside of your LAN (because you don’t need a VPN to get to the LAN, you are already on it) and then make that accessible via a port forward. It seems like there is a lot of wasted movement here… why not just make the VPN publicly available instead of routing it through some other publicly available interface?

  15. Alison

    Well I used my router’s IP address (192.168.x.x) as Server IP and I was able to connect from a Windows based device from inside the network and from outside. The problem is I can’t seem to connect to my VPN server with my Touchpad. With MSCHAP, I get a notice saying “Connection Failure: Disconnected From VPN Server”. Oddly enough, I get a different error with MSCHAPv2 saying “Failed To Authenticate. Try Again.”

    And yet I was able to connect to with both MSCHAP and MSCHAPv2 from my Windows 7 laptop. I have tried CHAP, PAP, EAP and I get the “Disconnected from VPN Server” error.

    Any thoughts Jason?

  16. jeff

    I too would like to know how I could set up my router to tunnel out to another VPN in order to use my hulu and netflix out side of the US.

  17. niko theeyo

    i tried this before and was unable to get it to work.
    do you need a domain? and internet address

  18. greenmile67

    just an update, you need to put your Internal IP address in the “Server IP”, and not the public IP address. I tried it both ways and it is looking for the Internal address, I also had to open port 1723 to the internal IP address. once i did that, was an easy connection to my internal network.

  19. D.strange

    I hear a lot about pptp not being so secure, however does anyone know if its a structural issue with with pptp itself or because of weak passwords?

    from what I’ve read there are rainbow tables available, but if someone was using a long (multi non asci characters) password wouldn’t that mitigate the problems?

    thoughts? Not ideal of course vs openvpn, but good enough for some legacy devices

Enter Your Email Here to Get Access for Free:

Go check your email!