[rogueRenegade]

FUBAR. Things are rarely as simple as they appear. Let me start with my goal: A dedicated VPN (using nordVPN services) router connected via WAN <-> LAN of primary router.

https://i.stack.imgur.com/L5wqA.png

Primary Router: Netgear AC1900 R7000 (ip 192.168.1.1)

DD-WRT Router: Netgear AC1450 R6300v2 (ip 192.168.2.1)

I have successfully flashed the router and I am able to access the GUI interface. As practice, I completed the setup of a normal WAP using this guide (https://www.dd-wrt.com/wiki/index.php/Wireless_Access_Point). I proceeded to setup the VPN using this guide (https://nordvpn.com/tutorials/dd-wrt/openvpn-gui/), provided by nordVPN. After rebooting the router, I checked the status of the VPN using the GUI web interface. Status of Client: CONNECTED SUCCESS.

Unable to access internet via VPN router. The VPN router is linked to the primary router through the WAN port. But when I search the web browser, everything is still routed through the Primary (no VPN) router.

The WAN IPv4 address is 192.168.1.10 (top right corner of DD-WRT GUI). I thought once the VPN was active, the ip would change...? How do I get my VPN router to route all device activity to NordVPN Server?

I keep getting the following line of code from openVPN log, which seems to be a common problem among people. Most of the information I have found never seems to arrive at any resolution.

[rogueRenegade]

[egc]

Maybe you have things mixed up, either you daisy chain the routers and connect WAN of the secondary router to the LAN of the primary router and have them on different subnets or you set up the secondary router as a WAP and connect LAN to LAN and have them on the same subnet.

Both setups can use a VPN on the secondary/WAP router

[rogueRenegade]

@egc

Thanks for clarifying that a bit for me. It was never clearly stated in the DD-WRT WAP guide that if the second router is on a different subnet of the primary then it is no longer considered an access point. I've changed the wording of my original post accordingly.

Any ideas why the traffic for devices connected to VPN router isn't being routed to nordVPN server? It's all being directed to the primary router and ISP.

[egc]

Ok so you want to daisy chain your routers,e.g. connect LAN <> WAN, then you must not use the instructions for a WAP.
Basically do the following:
1. Reset the secondary router to default
2. connect to the secondary router and login
3. On Setup Basic/Setup, set the router IP to something different from the first router e.g. 192.168.2.1

Basically that is all there is, now you should have internet acces if connected to your secondary router.

If you have internet access then you can load the VPN on your secondary router and everything which is connected to your secondary router should be routed through your VPN.

Of course you can connect your subnets and if connected even route clients connected to your primary router via your secondary router and through the VPN, If you want that I can give you instructions how to do that but first get the basics right

[rogueRenegade]

I followed your steps precisely. I am able to get access to the internet after changing the IP of the second router however I'm unable to connect with the VPN service. I have verified that I've input valid credentials including the security keys we are to copy/paste. Before resetting the router, I was able to successfully connect to the VPN, but when I visited any site to verify if it was working properly, it always said I was "unprotected".

I used the steps here (https://nordvpn.com/tutorials/dd-wrt/openvpn-gui/) in order to setup the VPN. It appears there must be some firewall issue--a TLS error.

[egc]

Things you can check:
1. Is the NTP time right?
2. Nord uses different certificates for each server, be sure to use the right certificate
3. Altough I do not think it is a firewall issue with your secondary router, you can disable the SPI firewall on your secondary router, as the primary router already has a firewall.
4. Your ISP can block 1194, research Nord if you can use another port, I use TCP and port 443 because others are blocked by my ISP
5. Try an other build 30xxx has openVPN 2.3 newer builds have openVPN 2.4 (when using another build always reset/erase nvram and put settings in manually)

Nord can be difficult to setup see: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=309133&highlight=nord+vpn+tls&sid=b8e3daea4cebf9e252f46d8a77249711

Post your settings on the OpenVPN page so that we can have a look

[rogueRenegade]

I tried some of the changes you mentioned but it changed nothing. I've been doing some additional research and I'm wondering if I'm looking at all this in the wrong way. If I set up a second router that uses DD-WRT and is daisy-chained from our main router, can I connect via WIFI to the second router and router all traffic through the VPN servers? Will this bypass my ISP and maintain my anonymity?

I reached the point that I canceled the nordVPN service and I decided to try PIA. After resetting the router to default, I went through the steps provided by PIA but it's not even attempting a connection. The OpenVPN Status page is blank -- shows no errors/logs. I'm using DD-WRT Firmware v3.0-32170M (6/11/17).