Open in app

Sign in

Write

Sign in

Setting up your own VPN server at home with DDWRT

Zoheb Sait
Zoheb Sait
Published in
2 min readNov 2, 2016

I have FIOS at home, and FIOS includes a mobile app for Android and iPhone that lets you watch live TV on your device as long as you are connected to your home Wi-Fi network with a FIOS router. Of course, if I am at home I can just watch stuff on my large screen TV, I was more interested in watching TV while away from home or while commuting.

So the obvious answer is to setup a VPN server at home, and connect-in. For this, I repurposed a old Asus Wifi Router I had lying around. I had Asus ML-520gU which is good enough to run DD-WRT with OpenVPN server.

Here’s some notes on how to setup OpenVPN on a second router that sits behind the main FIOS ActionTec router:

  1. Install DD-WRT on your router. Make sure you upgrade to the firmware with VPN support.
  2. Once you have installed DD-WRT, follow the instructions here to generate the keys and enable OpenVPN — http://www.dd-wrt.com/wiki/index.php/OpenVPN
  3. I had account for some differences in my network and changed the configuration to work for me. I wanted the DD-WRT router to behind my primary FIOS router with a public facing IP, so I put the router in “Access Point” mode — which just means disabling DHCP, and having the router act as a switch and assign IP addresses in the same subnet as the primary router. See http://www.dd-wrt.com/wiki/index.php/Wireless_Access_Point
  4. Here’s what my openvpn config looks like:
  • push "route 192.168.1.0 255.255.255.0" server 192.168.3.0 255.255.255.0 push "redirect-gateway def1" push "dhcp-option DNS 208.67.220.220" push "dhcp-option DNS 208.67.222.222" dev tun0 proto udp port 1194 keepalive 10 120 dh /tmp/openvpn/dh.pem ca /tmp/openvpn/ca.crt cert /tmp/openvpn/cert.pem key /tmp/openvpn/key.pem # Only use crl-verify if you are using the revoke list - otherwise leave it commented out # crl-verify /tmp/openvpn/ca.crl # management parameter allows DD-WRT's OpenVPN Status web page to access the server's management port # port must be 5001 for scripts embedded in firmware to work management localhost 5001

The first line (192.168.1.0/32) is my LAN network

The second line is the ip address range for the VPN clients

Third line routes all traffic through the VPN on the client, making this the default gateway. Without this line you will be able to reach the internal network, but all your internet traffic would get routed through your non-VPN connection.

For the client, create a OVPN file and include the certs in the same folder and distribute it to your client. Here’s how my oVPN files looks like:

# Zoheb VPN Client Configuration
client
dev tun
proto udp
remote 108.41.XX.XXX 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
ns-cert-type server
verb 3

Note that if you have “comp-lzo” in this client config, you need to enable it on the server as well or you will see compression related error messages.

It took me a bit of trial and error to get this working, so hope the notes above help others trying to setup OpenVPN on DD-WRT.

Ddwrt
VPN
Hacks

--

--

Zoheb Sait
Zoheb Sait

Written by Zoheb Sait

39 Followers
Editor for

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams