SEARCH

How-To Geek

How To Install and Configure OpenVPN On Your DD-WRT Router

We’ve already covered installing Tomato on your router and how to connect to your home network with OpenVPN and Tomato. Now we are going to cover installing OpenVPN on your DD-WRT enabled router for easy access to your home network from anywhere in the world!

What is OpenVPN?

A virtual private network (VPN) is a trusted, secure connection between one local area network (LAN) and another. Think of your router as the middle man between the networks that you’re connecting to. Both your computer and the OpenVPN server (your router in this case) “shake hands” using certificates that validate each other. Upon validation, both the client and server agree to trust each other and the client is then allowed access on the server’s network.

Typically, VPN software and hardware cost a lot of money to implement. If you haven’t guessed it already, OpenVPN is an open-source VPN solution that is (drum roll) free. DD-WRT, alongside OpenVPN, is a perfect solution for those who want a secured connection between two networks without having to open their wallet. Of course, OpenVPN won’t work right out of the box. It takes a little bit of tweaking and configuring to get it just right. Not to worry though; we’re here to make that process easier for you, so grab yourself a warm cup of coffee and let’s get started.

For more information about OpenVPN, visit the official What Is OpenVPN? page.

Prerequisites

This guide assumes that you are currently running Windows 7 on your PC and that you’re using an administrative account. If you’re a Mac or Linux user, this guide will give you an idea of how things work, however, you may have to do a little more research on your own to get things perfect.

This guide also assumes that you own a Linksys WRT54GL and have a general understanding of VPN technology. It should serve as a basis for DD-WRT installation, but be sure to check out our official DD-WRT installation guide for an additional supplement.

Installing DD-WRT

The team responsible for DD-WRT has done a great job making it easy for end users to discover router compatibility with their Router Database page. Start by typing in your router model (in our case WRT54GL) in the text field and watch search results appear instantly. Click your router once it’s found.

You’ll be brought to a new page that lists information about your model – including hardware specs and different builds of DD-WRT. Download both the Mini-Generic build and VPN Generic build of DD-WRT (dd-wrt.v24_mini_generic.bin and dd-wrt.v24_vpn_generic.bin). Save these files to your computer.

It’s a good idea to visit the DD-WRT Hardware-specific information page to look up detailed information about your router and DD-WRT. This page will explain exactly what you need to do before and after installing DD-WRT. For example, you must install the mini version of DD-WRT before installing DD-WRT VPN when upgrading from the stock Linksys firmware on a WRT54GL.

Also, be sure to do a hard reset (AKA a 30/30/30) before installing DD-WRT. Press the reset button on the back of your router for 30 seconds. Then, while still holding the reset button, unplug the power cable and leave it unplugged for 30 seconds. Finally, plug the power cable back in while still holding down the reset button for another 30 seconds. You should have held the power button for 90 seconds straight.

Now open up your browser and enter in your router’s IP address (default is 192.168.1.1). You’ll be prompted for a username and password. The defaults for a Linksys WRT54GL are “admin” and “admin”.

Click the Administration tab at the top. Next, click Firmware Upgrade as seen below.

Click the Browse button and navigate to the DD-WRT Mini Generic .bin file we downloaded earlier. Do not upload the DD-WRT VPN .bin file yet. Click the Upgrade button in the web interface. Your router will start installing DD-WRT Mini Generic, and should take less than a minute to complete.

Alas! Your first sighting of DD-WRT. Once again, do another 30/30/30 reset as we did above. Then click the Administration tab at the top. You will be prompted with a username and password. The default username and password is “root” and “admin” respectively. After you’ve logged in, click the Firmware Upgrade sub-tab and click Choose File. Browse for the DD-WRT VPN file we downloaded earlier and click Open. The VPN version of DD-WRT will now begin to upload; be patient as it could take 2-3 minutes.

Installing OpenVPN

Now let’s head over to OpenVPN’s Downloads page and download the OpenVPN Windows Installer. In this guide, we’ll be using the second latest version of OpenVPN called 2.1.4. The latest version (2.2.0) has a bug in it that would make this process even more complicated. The file we’re downloading will install the OpenVPN program that allows you to connect to your VPN network, so be sure to install this program on any other computers that you want to act as clients (as we’ll be seeing how to do that later). Save the openvpn-2.1.4-install .exe file to your computer.

Navigate to the OpenVPN file we just downloaded and double click it. This will begin the installation of OpenVPN on your computer. Run through the installer with all the defaults checked. During the installation, a dialog box will pop up asking to install a new virtual network adapter called TAP-Win32. Click the Install button.

Creating the Certificates and Keys

Now that you have OpenVPN installed on your computer, we have to start creating the certificates and keys to authenticate devices. Click the Windows Start button and navigate under Accessories. You’ll see the Command Prompt program. Right click on it and click Run as administrator.

In the command prompt, type cd c:\Program Files (x86)\OpenVPN\easy-rsa if you’re running 64-bit Windows 7 as seen below. Type cd c:\Program Files\OpenVPN\easy-rsa if you’re running 32-bit Windows 7. Then hit Enter.

Now type init-config and hit Enter to copy two files called vars.bat and openssl.cnf into the easy-rsa folder. Keep your command prompt up as we’ll be coming back to it shortly.

Navigate to C:\Program Files (x86)\OpenVPN\easy-rsa (or C:\Program Files\OpenVPN\easy-rsa on 32-bit Windows 7) and right click on the file called vars.bat. Click Edit to open it up in Notepad. Alternatively, we recommend opening this file with Notepad++ as it formats the text in the file much better. You can download Notepad++ from their homepage.

The bottom portion of the file is what we are concerned with. Starting at line 31, change the KEY_COUNTRY value, KEY_PROVINCE value, etc. to your country, province, etc. For example, we changed our province to “IL”, city to “Chicago”, org to “HowToGeek”, and email to our own email address. Also, if you’re running Windows 7 64-bit, change the HOME value in line 6 to %ProgramFiles (x86)%\OpenVPN\easy-rsa. Do not change this value if you’re running 32-bit Windows 7. Your file should look similar to ours below (with your respective values, of course). Save the file by overwriting it once you’re done editing.

Go back to your command prompt and type vars and hit Enter. Then type clean-all and hit Enter. Finally, type build-ca and hit Enter.

After executing the build-ca command, you will be prompted to enter in your Country Name, State, Locality, etc. Since we already set up these parameters in our vars.bat file, we can skip past these options by hitting Enter, but! Before you start slamming away at the Enter key, watch out for the Common Name parameter. You can enter anything in this parameter (i.e. your name). Just make sure you enter something. This command will output two files (a Root CA certificate and a Root CA key) in the easy-rsa/keys folder.

Now we’re going to build a key for a client. In the same command prompt type build-key client1. You can change “client1” to anything you’d like (i.e. Acer-Laptop). Just be sure to enter the same name as the Common Name when prompted. Run through all the defaults like the last step we did (except for Common Name, of course). However, at the end you will be asked to sign the certificate and to commit. Type “y” for both and click Enter.

Also, don’t worry if you received the “unable to write ‘random state’” error. We’ve noticed that your certificates still get made without a problem. This command will output two files (a Client1 Key and a Client1 Certificate) in the easy-rsa/keys folder. If you want to create another key for another client, repeat the previous step, but be sure to change the Common Name.

The last certificate we’ll be generating is the server key. In the same command prompt, type build-key-server server. You can replace “server” at the end of the command with anything you’d like (i.e. HowToGeek-Server). As always, be sure to enter the same name as the Common Name when prompted. Hit Enter and run through all the defaults except Common Name. At the end, type “y” to sign the certificate and commit. This command will output two files (a Server Key and a Server Certificate) in the easy-rsa/keys folder.

Now we have to generate the Diffie Hellman parameters. The Diffie Hellman protocol “allows two users to exchange a secret key over an insecure medium without any prior secrets”. You can read more about Diffie Hellman on RSA’s website.

In the same command prompt type build-dh. This command will output one file (dh1024.pem) in the easy-rsa/keys folder.

Creating the Configuration Files for the Client

Before we edit any configuration files, we should set up a dynamic DNS service. Use this service if your ISP issues you a dynamic external IP address every so often. If you have a static external IP address, skip down to the next step.

We suggest using DynDNS.com, a service that allows you to point a hostname (i.e. howtogeek.dyndns.org) to a dynamic IP address. It’s important for OpenVPN to always know your network’s public IP address, and by using DynDNS, OpenVPN will always know how to locate your network no matter what your public IP address is. Sign up for a free hostname and point it to your public IP address.

Now back to configuring OpenVPN. In Windows Explorer, navigate to C:\Program Files (x86)\OpenVPN\sample-config if you’re running 64-bit Windows 7 or C:\Program Files\OpenVPN\sample-config if you’re running 32-bit Windows 7. In this folder you will find three sample configuration files; we’re only concerned with the client.ovpn file.

Right click on client.ovpn and open it with Notepad or Notepad++. You’ll notice your file will look like the picture below:

However, we want our client.ovpn file to look similar to this picture below. Be sure to change the DynDNS hostname to your hostname in line 4 (or change it to your public IP address if you have a static one). Leave the port number to 1194 as it is the standard OpenVPN port. Also, be sure to change lines 11 and 12 to reflect the name of your client’s certificate file and key file. Save this as new file .ovpn file in the OpenVPN/config folder.

Configuring DD-WRT’s OpenVPN Daemon

The basic idea now is to copy the server certificates and keys we made earlier and paste them into the DD-WRT OpenVPN Daemon menus. Open up your browser again and navigate to your router. You should now have the DD-WRT VPN edition installed on your router. You will notice a new sub-tab under the Services tab called VPN. Click the Enable radio button under OpenVPN Daemon.

First, be sure to change Start type to “Wan Up” instead of the default “System”. Now we’re going to need our server keys and certificates we created earlier. In Windows Explorer, navigate to C:\Program Files (x86)\OpenVPN\easy-rsa\keys on 64-bit Windows 7 (or C:\Program Files\OpenVPN\easy-rsa\keys on 32-bit Windows 7). Open each corresponding file below (ca.crt, server.crt, server.key, and dh1024.pem) with Notepad or Notepad++ and copy the contents. Paste the contents in the corresponding boxes as seen below.

For the OpenVPN Config field, we will need to create a custom file. These settings will differ depending on how your LAN is set up. Open a separate browser window and type in your router’s IP address. Click the Setup tab and take note of what IP address you have configured under Router IP > Local IP Address. The default, which is what we are using in this example, is 192.168.1.1. Paste this subnet right after “route” in the first line to reflect your LAN setup. Copy this into the OpenVPN Config box and click Save.

push “route 192.168.1.0 255.255.255.0″
server 10.8.0.0 255.255.255.0

dev tun0
proto tcp
keepalive 10 120
dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem

# Only use crl-verify if you are using the revoke list – otherwise leave it commented out
# crl-verify /tmp/openvpn/ca.crl

# management parameter allows DD-WRT’s OpenVPN Status web page to access the server’s management port
# port must be 5001 for scripts embedded in firmware to work
management localhost 5001

Now we must configure the firewall to allow clients to connect to our OpenVPN server via the 1194 port. Go to the Administration tab and click the Commands sub-tab. In the Commands text box paste the following:

iptables -I INPUT 1 -p udp –dport 1194 -j ACCEPT
iptables -I FORWARD 1 –source 192.168.1.0/24 -j ACCEPT
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT

Be sure to change your LAN IP in the second line if it is different than the default. Then click the Save Firewall button below.

Finally, be sure to check your Time Settings under the Setup tab otherwise the OpenVPN daemon will deny all clients. We suggest going to TimeAndDate.com and searching for your city under Current Time. This website will give you all the information you need to fill in under Time Settings just like we did below. Also, check out the NTP Pool Project’s website for public NTP servers to use.

Setting Up an OpenVPN Client

In this example we will be using a Windows 7 laptop as our client on a separate network. The first thing you’ll want to do is install OpenVPN on your client like we did above in the first steps under Configuring OpenVPN. Then navigate to C:\Program Files\OpenVPN\config which is where we’ll be pasting our files.

Now we have to go back on our original computer and collect a total of four files to copy over to our client laptop. Navigate to C:\Program Files (x86)\OpenVPN\easy-rsa\keys again and copy ca.crt, client1.crt, and client1.key. Paste these files in the client’s config folder.

Finally, we need to copy one more file over. Navigate to C:\Program Files (x86)\OpenVPN\config and copy over the new client.ovpn file we created earlier. Paste this file in the client’s config folder also.

Testing the OpenVPN Client

On the client laptop, click the Windows Start button and navigate to All Programs > OpenVPN. Right click on the OpenVPN GUI file and click Run as administrator. Note that you must always run OpenVPN as an administrator in order for it to work properly. To permanently set the file to always run as administrator, right click the file and click Properties. Under the Compatibility tab check Run this program as an administrator.

The OpenVPN GUI icon will appear next to the clock in the taskbar. Right click the icon and click Connect. Since we only have one .ovpn file in our config folder, OpenVPN will connect to that network by default.

A dialog box will pop up displaying a connection log.

Once you’re connected to the VPN, the OpenVPN icon in the taskbar will turn green and will display your virtual IP address.

And that’s it! You now have a secured connection between your server and client’s network using OpenVPN and DD-WRT. To further test the connection, try opening a browser on the client laptop and navigating to your DD-WRT router on the server’s network.

On the south side of Chicago born and raised. On the computer is where I spent most of my days. Nerding out, haxing, maxing my CPU. And all writing some How-To's is now what I do.

  • Published 05/24/11

Comments (16)

  1. jim

    nice write up! really well done (better than most i’ve seen)

    thank you!

  2. bob

    i’ve been waiting to do this for long time, finally an easy looking guide, can’t wait to try it out. ty HTG

  3. jasray

    Beautiful tutorial–but I really don’t understand why I would want an OpenVPN server. It’s much easier to install an SSL-VPN server, and there may be some artificial, daily need for such a server; however, I still only find the process an excellent use of brainpower and learning more than anything else.

    I suppose some would say that it helps to keep one cyber-safe when surfing from an Internet Cafe or maybe even from work. At work, however, we can’t access the wireless from a private laptop, and there are plenty of free and much faster VPN services for the Cafe scenario.

    The annoyance for me with VPN is the need for a client side TAP device which isn’t and never will be portable or capable of being installed on a machine without administrative rights. A VPN setup can be achieved using the VMware Virtual Server; in that case, connection is first made via SSL. Even though possible, most folks don’t have the bandwidth on a home network to make the experience feasible.

    Nevertheless, needed or not, I am totally pleased with the detailed quality of the article.

  4. wes

    VPNs are new to me but I think I grasp the concept. It’s a secure connection to your home network. Based on comments it appears that you can surf over this VPN connection too. Where this gets confusing is the firewall issue. Does DD-WRT as a router/firewall redirect all VPN traffic destined for the internet that originates from the VPN client? Additionally, is that surfing session benefiting from NAT and SPI like a regular PC on your home network would? Thanks for the write up. It’s very thorough and well done.

  5. Honda

    Hey great job!
    But i had some problems with the iptables command, these had to be changed to work for me (added the = )

    iptables -I INPUT 1 -p udp -dport=1194 -j ACCEPT
    iptables -I FORWARD 1 -source=192.168.1.0/24 -j ACCEPT

  6. munanto

    helpfull

  7. Scott Ellis

    The pics of the DD-wrt interface don’t match with the updated verisons of the firmware. The firmware you download is from 2009.

  8. g725s

    Patrick’s OpenVPN for Tomato should have made your best of list too:

    http://www.howtogeek.com/60774/connect-to-your-home-network-from-anywhere-with-openvpn-and-tomato/

  9. Erick

    @Scott Ellis, make sure you have the VPN Generic version (dd-wrt.v24_vpn_generic.bin) installed in your Linksys, any other version will show different screen.

  10. TG2

    curious if the first iptables command is correct. If the server is set for “proto tcp” then should the port opened be -p tcp –dport 1194

    FYI the “=” issue … if you use –dport (the double – dash character) you don’t need to use the equals

  11. TG2

    follow up .. the double dash character is being modified by the content management/web server

    – that is a double dash this – is a single .. if you look back at the config that was copied .. the double dash is there in front of dport .. compare the size of the dash there, with the dash in the other command that shows -i …

    example: –i and -i look similar but the first –i is made with a double – character.

  12. Joe J

    Just curious, with this VPN setup (I’ve already got DD-WRT mega installed on my Linksys WRT610N, which supports every feature they can make. Including some that I’ll never need), I can access any computer on my home network securely, right? Not just browse the internet securely from a remote area by sending traffic through a secure tunnel to my router first, then out to the web? Would I have to do any special configuring on the home computer to make it work? I’ve got an old Pentium 3 desktop that I repurposed as a 1.5TB file server (Installed Xubuntu 11.04, use XFCE sessions to be lightweight), and I’d like to be able to access it remotely through this VPN, and I’m not sure which packages I need to install (if any) to make it work. Thanks!

  13. Joe J

    Okay, scratch that last question. Bit of a noob move on my part (hey, we were all noobs at some point ^_^ )

    However, there is something worth noting that I figured out the hard way. The current mega version of DD-WRT, despite having every feature that the DD-WRT team could stuff into it, has different VPN features/settings than the vpn-generic version does. Things in this tutorial and things in my router settings don’t match; some things are even missing or replaced by something else. Even the DD-WRT wiki page for setting up VPNs (which I can only assume is based on the latest vpn-generic build: http://www.dd-wrt.com/wiki/index.php/VPN_%28the_easy_way%29_v24%2B) has instructions that don’t follow the VPN settings in the mega builds. So just follow the directions, and stick with the VPN build and don’t go with the mega build, since for some reason it’s different than what’s needed here.

  14. James

    Great guide. I’m now running OpenVPN on Build 14929 Big. It might be worth pointing out though that before you go ahead and copy in the certificates and keys to the various textareas on the OpenVPN section you should check you router has enough NVRAM to actually carry out the save operation. You can do this by using SSH or Telnet and running

    nvram show | grep size

    This will tell you how much NVRAM you have free. You need to have around 5000 bytes free, though to be safe go with 6000-7000. If you have less than that DO NOT run save otherwise you will overfill your NVRAM area and its very possible this could brick your router.

  15. Don

    I still can’t make this work. I got all the certificates built and got past discovering that by cutting and pasting from this document and inserting the code into the dd-wrt panels turned the dashes (-) into &#-106; and that the double dash was not properly added in front of –dport and –source the font used by this article. This article does not go into detail about the contents of the certificates, i.e. in an older narrative in the wiki, they say to include the wrapper for the key in one of the fields:
    Public Server Cert
    Certificate of OpenVPN CA (not the server’s public cert) in pem form; only part between (and including) —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—– is necessary; as it is stored in nvram,
    (see http://www.dd-wrt.com/wiki/index.php/OpenVPN)
    This article does not go into that level of detail so I don’t know if or which fields require the BEGIN CERTIFICATE and END or if they do not.
    .
    I am also confused about a question that was not answered regarding what appears to be (from my limited knowledge) a discrepancy between UDP/TCP assignments of the protocols, UDP defined on the server firewall rule and TCP in the client.config file for the workstation.

    I have tried setting the firewall off in dd-wrt to capture any info and with syslog maybe I am doing something wrong but I can seem to get any record of the activity or errors when I hit the router from the network coming in while trying to access OPENVPN. My console log on the client shows this, which I think is an error but I am unsure of even this:
    hu Nov 03 12:00:46 2011 us=217000 Local Options hash (VER=V4): ‘bc07730e’
    Thu Nov 03 12:00:46 2011 us=217000 Expected Remote Options hash (VER=V4): ‘b695cb4a’

    I don’t know where to begin to debug this. I have followed the instructions here with the exception of changing the protocol from UDP to TCP in my client to match what I believe is set in the server.

    I have been trying to get OpenVPN working on my home router now for 6 or more years and I keep hoping that I will find a concise article like this one that will walk me through it. So far I am not having any luck. Any help would be appreciated. donphillipe @ @ hotmail.com Thanks!

  16. Don

    Wow: talk about a challenge! I finally got this to work but not after a near brain melt down. First of all,

    there are some issues and some mistakes here that I encountered but it must have been only me else I suppose

    more people would have complained, no?

    Hindsight is all that’s 20/20 so let me explain some of the issued I encountered along the way, starting at

    the beginning. Apparently uninstalling the newest version of OpenVPN to install the recommended 2.1.4 on my

    system left some files from the previous release, causing something to go wrong. Short story, be sure to

    completely wipe out OpenVPN from your system and manually delete the directory c:\Program Files\OpenVPN,

    reboot and then install OpenVPN 2.1.4 if you are installing over a previous release. Because of this problem

    I spent hours building and inserting the contents of my key files to a failed system.

    Now this was never made clear, but one should copy the entire contents of the files named (not just the data

    marked as keys) into the OpenVPN blocks under dd-wrt Services OpenVPN tab. Be sure to include all of the text

    in all files including the server key file that seems not key related. Also use generic Windows Notepad to

    open a file, copy and then paste into the browser. (You will have to use Open With by right clicking on the

    xxx.crt files because Windows by default will open them with the Certificate Viewer). If you have to edit a

    file such as VARS.bat, then use an editor like Notepad++ or ConText to do the editing (because *nix has a

    shorter CR hidden string than windows, making the *nix file seem all concatenated in Windows Notepad when in

    reality it has the line breaks but they are invisible to Notepad/). As a final step, open the file with

    Notepad to actually copy and paste it into the dd-wrt OpenVPN on the browser. Again, Notepad to copy from a

    file and one of the other 2 editors to edit/change a file.

    I also has an issue with being so preoccupied with trying to wade through this that I missed the malicious

    contorting of text when it is copied from this website to the dd-wrt OpenVPN configuration. In essence, what

    you have to do it seems is copy the examples here to Notepad, then carefully visually match what you paste

    there to what the test appears to be here (minus the HTML re-coding that happens) while also paying attention

    to the double dashes required in front of some of the config commands. I just used the alternate form with

    an equal sign as in this example:
    ——————————————–
    iptables -I INPUT 1 -p udp –dport 1194 -j ACCEPT
    iptables -I FORWARD 1 –-source 192.168.158.0/24 -j ACCEPT
    iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
    iptables -I FORWARD -i tun0 -o br0 -j ACCEPT

    ============SAME AS: ================

    iptables -I INPUT 1 -p udp -dport=1194 -j ACCEPT
    iptables -I FORWARD 1 –source=192.168.158.0/24 -j ACCEPT
    iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
    iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
    ——————————————–

    Next, realize that you will have to wait to test your setup until GMT reaches your local time, the time when

    GMT equals or exceeds the creation date of these keys (just trust me). You could always change the server

    time to the future time of current GMT, but the NTP client keeps resetting it. But do as you wish; it seems

    easier if you have extra time to just create the keys a day or more day before you want to test the setup and

    you won’t fall into this trap during debugging.

    In my test setup I am using an Asus 500Gp V2 router running firmware Firmware: DD-WRT v24-sp2 (08/07/10) mega

    and attempting to VPN into it from the WAN side with a Windows Vista laptop running the recommended 2.1.4

    OpenVPN firmware. My final configuration files that worked are as follows:
    Client config:
    ——————————————–
    client
    dev tun
    proto udp
    remote 192.168.0.160 1194
    resolv-retry infinite
    nobind
    persist-key
    persist-tun

    ca ca.crt
    cert client1.crt
    key client1.key
    ns-cert-type server

    comp-lzo
    verb 4
    ——————————————–

    Server config:
    ——————————————–
    push “route 192.168.158.0 255.255.255.0″
    server 10.8.0.0 255.255.255.0

    dev tun0
    proto udp
    keepalive 10 120

    comp-lzo

    dh /tmp/openvpn/dh.pem
    ca /tmp/openvpn/ca.crt
    cert /tmp/openvpn/cert.pem
    key /tmp/openvpn/key.pem

    verb 5

    management localhost 5001
    ——————————————–

    These configuration files are for a setup where the test OpenVPN router LAN IP address is 192.168.158.1 and

    where I will be able to see that same dd-wrt web address reflected via 10.8.0.1 after I connect via OpenPVN

    from the other side of the WAN port. The test router WAN port is on my home network NAT router LAN. I have

    set my normal (not test) router to give the WAN port of the test router a static DHCP IP of 192.168.0.160 for

    this test. My laptop on my regular home NAT network (192.168.0.101) then will eventually VPN into the WAN

    port of the Asus test router (192.168.0.160) and when the connection is complete, an additional virtual

    network of 10.8.0.x will be available which is a reflection of the LAN side of the router and 10.8.0.1, as

    well as the address scheme of 192.168.158.x which will also be addressable from the laptop now (same as if I

    were on the LAN side of the Asus router being tested). Note that once this router gets moved into production,

    the 192.168.0.160 from the client config file will have to be changed to a DyDNS ID (i.e. yomama.dydns.org)

    that has previously been configured at DyDNS and will continue to be maintained to the real relative IP by the

    router’s
    dd-wrt DDNS feature.

    For debugging it is highly recommended to set up a working console link to the router by installing and

    configuring PuTTY as well as the windows-like file directory management system, WinSCP (both of which talk to

    the SSH interface of dd-wrt, see
    http://www.dd-wrt.com/wiki/index.php/SSH

    How to use PuTTY and WinSCP to debug OpenPVN is the information from this link. This info can be used to

    diagnose first of all any dd-wrt OpenVNP failures on the server:
    http://www.dd-wrt.com/wiki/index.php/VPN_%28the_easy_way%29_v24%2B
    (dd-wrt wiki VPN the easy way)

    The only caveat I noticed in the above wiki link was never being able to see an OpenVPN process running on

    this router when I used the suggested “PA” command, even though everything else indicated OpenVPN was working.

    (Perhaps it is part of the Kernel now instead of a process?) Otherwise I found it most handy personally

    using WinSCP to constantly peek and refresh looking at the logs by opening and closing the file

    /var/log/messages. (Being a Windows guy and one who tired of DOS way too long ago, I prefer WinSCP over tail

    from a PuTty command line.)

    Well my client has been up with no errors since I began composing this, which unfortunately seems to be 2

    hours now. How the time flies!

    P.S. I changed the TCP protocol in this article to UDP due to finding references to it being faster. Enjoy!

Get Free Articles in Your Inbox!

Join 134,000 newsletter readers

Email:

Go check your email!