[unskilled]

I have tried to understand this stuff for the past 2 weeks and everything I think i get somewhere, i go back to step 1.

I went into OpenVPN, enable server, start type is WAN up, and the default config is "Daemon" (not sure if thats what it needs to be?)

I entered in the CA, Public CA, Private Key, DH PEM.

under additional config, i have the following:

"push "route 192.168.20.0 255.255.255.0"
push "dhcp-option DNS 8.8.8.8"
server 10.8.0.1 255.255.255.0

dev tun0
proto udp
keepalive 10 120
dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem

# management parameter allows DD-WRT\s OpenVPN Status web page to access the server\s management port
# port must be 5001 for scripts embedded in firmware to work
management localhost 5001"



Is that correct? The "Push" Route 192.168.20.1 is my local IP Address. The dhcp-option, i just used googles 8.8.8.8 BUT i have no idea if thats correct or not? The Server 10.8.0.1 is just a made up number (i think i read thats what openvpn default it).

As for the hd, ca, cert, key...do i need to change any of those? When i had the server set up on my computer those were pointing to the folder on my computer. Now with this on the router, i am assuming that it is correct but i have no idea?

I didnt't change anything else on the router except for the firewall:

"#!/bin/sh
OVPN_SERVER="10.8.0.0/24"
OVPN_DEV="tun2"
OVPN_PROTO="udp"
OVPN_PORT="1194"

WAN_IF="$(ip route | awk '/^default/{print $NF}')"

# open the OpenVPN server port
iptables -I INPUT -i $WAN_IF -p $OVPN_PROTO --dport $OVPN_PORT -j ACCEPT

# allow OpenVPN clients to access the OpenVPN server
iptables -I INPUT -i $OVPN_DEV -m state --state NEW -j ACCEPT

# allow OpenVPN clients to access ALL other devices on the LAN
iptables -I FORWARD -i $OVPN_DEV -o -m state --state NEW -j ACCEPT

# nat OpenVPN clients over the local internet gateway
iptables -t nat -A POSTROUTING -s $OVPN_SERVER -o $WAN_IF -j MASQUERADE"


i didnt do anything with port forwarding, so i dont know if that needs to be done?

Anyways, when i look at the openvpn status, there is nothing under server, local address, remote address, etc.

What am i doing wrong? I appreciate your help!

[blaser]

I have all the certificates you mentioned + tls
my config is:
script-security 2
management 127.0.0.1 14
mode server
push "dhcp-option DNS 192.168.1.1"
daemon
persist-key
persist-tun
verb 3
ca /tmp/openvpn/ca.crt
dh /tmp/openvpn/dh.pem
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
tls-auth /tmp/openvpn/ta.key 0
port 1194
proto tcp-server
dev tap0
server-bridge 192.168.1.1 255.255.255.0 192.168.1.100 192.168.1.105
push "redirect-gateway def1"
cipher AES-128-CBC
comp-lzo
tls-server
keepalive 10 120
client-to-client

my startup configuration
openvpn --mktun --dev tap0
brctl addif br0 tap0
ifconfig tap0 0.0.0.0 promisc up

my firewall
iptables -t nat -I PREROUTING -p tcp --dport 1194 -d 192.168.1.1 -j ACCEPT
iptables -I INPUT -p tcp --dport 1194 -j ACCEPT
iptables -t nat -I PREROUTING -p tcp -d `nvram get wan_ipaddr` --dport 1194 -j ACCEPT

[unskilled]

Thanks for posting your config file. that is what i have been trying to do is copy people's config file in order to make mine work but still haven't had any luck. I would copy yours but it mentions bridging and i have mine set up as my main router. Do you know if this is correct?

push "route 192.168.20.0 255.255.255.0"
push "dhcp-option DNS 8.8.8.8"
server 10.8.0.1 255.255.255.0

When i had my stock firmware, there was a place to change the DNS, if need be. I cant find anywhere on the DD-WRT firmware where the DNS can be changed. The is the first time diving into DNS as well so i'm really not sure if that is correct or if it even matters?

My wireless is slower, dont know if its because of the DNS or could be something else...

[unskilled]

this website fixed the problem:

http://www.stj.me/2016/02/17/openvpn-ddwrt.html

[smapdi]

[smapdi]

So I found my answer in this post:

https://forums.openvpn.net/viewtopic.php?t=12708


Basically I added this line to my OpenVPN config