Posted: Thu Dec 14, 2023 15:08 Post subject: ddwrt, ap+sta okay, but vpn client?
hello guys
years ago i was playing a bit with various routers and openwrt
few days ago i have been asked to put alternative firmware on old wrt54g v5.
i followed as :
https://wiki.dd-wrt.com/wiki/index.php/Linksys_WRT54G_v5.0_%26_5.1_%26_6.0
it took me about 1-2 hours but now, ddwrt is well here.
i was hoping so, to be able to do as two distinct things :
AP+sta, or sta (with another device doing AP)
this first step is made, as the device could be doing as kind of sta (and i can arrange an old device doing wifi AP)
it was a bit hard because the "wifi settings" part does not steps in to get connected to the AP, i had to go in the status>wan>dhcp renew to get able to join the specified AP (as wrt54g/ddwrt) as sta to be connected (where the wlan settings stucks on "tkip+aes", was looking for ccmp)
finally, sta mode worked (dont know if that device could "deal" both ap+sta on the same wifi hardware)
but the second thing, i'd really like to, is to get the wan connection being through a vpn. I'm using protonvpn free everyday on few devices, am pretty happy of that, and because i'd like to get this wrt54 router with ddwrt going on the internet with a third-part IP, for me proton could do the job. Problem : how could i get the vpn-client part working on that device?
for me protonvpn is a good choice, as im far of being an expert ; if you know a well/nice/correct free-of-charge better solution or most adapted to that hardware, without having to spend money...
i remember that some guys tried on old openwrt to make it working with openvpn, because wireguard is highly too-cutting-edge-and-recent to run on it.
problem, as somebody wrote, "I've skimmed it, and compared to the horrors that are OpenVPN and IPSec, it's a work of art."
does somebody was able to run protonvpn client on old ddwrt, using openvpn ?
i thank you vm for your precious help!
complementary information :
model of the beast : wrt54g v5 (the only model that can run only ddwrt, not openwrt)
System
Router Name
wrt54gv5
Router Model
Linksys WRT54G/GL/GS
Firmware Version
DD-WRT v24-sp2 (07/22/09) micro - build 12548M NEWD Eko
Current Time
Thu, 14 Dec 2023 16:05:29
Uptime 28 min
CPU
CPU Model
Broadcom BCM5352 chip rev 0
CPU Clock 200 MHz
Load Average 6% 0.03, 0.08, 0.08
Memory
Total Available
69% 5688 kB / 8192 kB
Free 6% 332 kB / 5688 kB
Used 94% 5356 kB / 5688 kB
Joined: 18 Mar 2014 Posts: 12923 Location: Netherlands
Posted: Thu Dec 14, 2023 15:21 Post subject:
I think this router has 2 MB flash so only supports micro build.
I highly doubt that those will have OpenVPN.
So get a better router, one with at least 16 MB flash but better 128 MB flash.
The free Proton OpenVPN is actually OK for a free OpenVPN (I sometimes use it for testing), but WireGuard is the way to go, three times as fast as OpenVPN and much easier to setup
I think this router has 2 MB flash so only supports micro build.
I highly doubt that those will have OpenVPN.
So get a better router, one with at least 16 MB flash but better 128 MB flash.
The free Proton OpenVPN is actually OK for a free OpenVPN (I sometimes use it for testing), but WireGuard is the way to go, three times as fast as OpenVPN and much easier to setup
Both OpenVPN and Wireguard docs are stickies (first few threads) in this forum.
then is there any other way to get this wrt54gv5 as client-connected through a vpn?
So get a better router, one with at least 16 MB flash but better 128 MB flash.
The free Proton OpenVPN is actually OK for a free OpenVPN (I sometimes use it for testing), but WireGuard is the way to go, three times as fast as OpenVPN and much easier to setup
Both OpenVPN and Wireguard docs are stickies (first few threads) in this forum.
x2 _________________ "The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost
"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio
Joined: 16 Nov 2015 Posts: 6447 Location: UK, London, just across the river..
Posted: Fri Dec 15, 2023 9:49 Post subject:
A question : Why do you need OpenVPN/Wiregard on old and outdated router...???
Moreover those 2 need a powerful CPU to be able to operate correctly...well Wireguard is less dependent, but still requires any better CPU than 200Mghz on those old routers of yours... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
A question : Why do you need OpenVPN/Wiregard on old and outdated router...???
Moreover those 2 need a powerful CPU to be able to operate correctly...well Wireguard is less dependent, but still requires any better CPU than 200Mghz on those old routers of yours...
A reply : ( )
the situation is as simple as complicated.
those oldies routers (that i have) are proposed to some people (disabled, old...) to bring them internet access
in that case it's because some accommodation are supposed to have fiber's connection from ISP, but few of them are unable to get it, even not adsl (they shutdown adsl for newer subscription than over a year, and current ones are supposed to be shutdowned in less than five years)
the accommodation is not in a correct 3/4/5G well reception
some accommodation are properly connected with fiber, few of them can't because of blocked pipe (you can put the fiber in, but you will never see it going out because it's blocked -here it's a very common problem around- ) under the floor, asking for expensive works to (maybe) unblock it, if they try.
so because of this people are doing "as they can" in a way to get internet.
not everybody is able to get 3/4/5G for lot of reasons : device, subscription, coverage.
mainly they just try to get a cable between two close-accommodation (eg 1 with fiber, not the other one), or using wifi sharing : they share their code, or they connect near opened as eg starbucks hotspots)
the idea is here that old wrt54g was unused since months, maybe years.
the person wanted internet acccess, was awaiting for over six months (no network/phone at all), until understood adsl/fiber was going very nasty as it's a specific residence/building.
with that router i arrived to put ddwrt on it, to get it as a wifi client/station
with another router resending the wifi signal as a new AP, linked to the wrt.
it's like a relay, i guess you understood. Well, the ddwrt is wireless-connected to another internet access (not directly, behind a nat of course), through few meters (one or two dozen), and can receive it through the window, and retransmit it to the accommodation, where the initial wifi signal just doesnt gets in : it's just corrected received at the window, absolutely not inside of the home.
that's why, i needed a ddwrt as a wireless receiver.
Thus, for the wireguard/vpn, it's obvious : it's about the person, in case of problem, might not share it's public IP with the person in charge of internet, mean the subscriber. That's why i added a wireguard vpn directly on the computer itself, to be sure to distinguish both connections (we never know..). I explained to the user.
i understood wireguard is highly too recent for a such device
i guess even openvpn (why not??) would be a bit hard (feasible?)
i prefered to do not let that person use the public/dedicated IP of the original subscriber, that's why the vpn. Currently directly on the computer (id prefer on the router, you guess)
i dont know if i did it badly,
for me it's better than nothing
the person will not stay 6 months longer without internet
where the fiber deployment is estimated as valid by the ISP, but the accommodation requests at least 10.000+USD(not in usd...) of works and preparation to unblock the pipe. Owners of that accommodation declined several times to do it, so because of bad cell/mobile coverage, only wifi remains a backup. And here it is.
not that sad of that work, it's good for the user (now with internet), for the router (now reused with a nicely ddwrt), etc.
Joined: 16 Nov 2015 Posts: 6447 Location: UK, London, just across the river..
Posted: Sat Jan 06, 2024 6:47 Post subject:
Gosh.. complicated set up with even old router, expecting wi-fi ap/client to work as intended, with probably different router vendors...this is a recipe for disaster...why don't try power line adapters..or any other wifi mesh systems...lots of those solutions on the market, even cheap options...available...something solid that will never break connection...
The router you spelled and wanna play with, it has a 200Mhz CPU that you want to force play with WG (VPN will kill it)..and encrypted WiFi (AES128), this will drain out its power quickly, but you decide...if you can make it work, it will deliver some very basic #Internet...
bear in mind WDS is very dependent on routers with the same chip/vendors WiFi client, repeater are nasty hacks, that may not work as intended and it if work, will be in duplex mode...so, speed will be "halfed"...no idea what will come out along with WG...
https://wiki.dd-wrt.com/wiki/index.php/Linking_Routers _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Gosh.. complicated set up with even old router, expecting wi-fi ap/client to work as intended, with probably different router vendors...this is a recipe for disaster...why don't try power line adapters..or any other wifi mesh systems...lots of those solutions on the market, even cheap options...available...something solid that will never break connection...
The router you spelled and wanna play with, it has a 200Mhz CPU that you want to force play with WG (VPN will kill it)..and encrypted WiFi (AES128), this will drain out its power quickly, but you decide...if you can make it work, it will deliver some very basic #Internet...
bear in mind WDS is very dependent on routers with the same chip/vendors WiFi client, repeater are nasty hacks, that may not work as intended and it if work, will be in duplex mode...so, speed will be "halfed"...no idea what will come out along with WG...
hi
firstly, thank you for your reply
secondly, yep, here some internet situations are not just fiber/4*5G, but very complicated, were adsl doesnt satisfy anyone anymore, and some wifi sharing could replace a 20m RJ45 wired cable
thirdly, im not intended to put wireguard on that router. I perfectly understood it's highly too low-sized regarding ram/flash/cpu, wherever just to add, im running well right now owrt 19 with WG working well on linksys x1000, where it's only a 320mhz : it works like a charm (obviously, im not demanding 50MB speedtest lol), im posting with it.
the thing i was thinking, was just about pptp or even openvpn client, to get the AP/wifi's IP on another public output than the subscriber's one, but even if it's a good wish : it's for the moment, probably for months or years, a kind of dépannage, bidouillage, to put it directly on phone/computer instead of the wrt itself.
but having that wrt54g as a wireless station (not mesh nor wds! just external wifi client) to give back internet for another AP's sharing internet in the accommodation, is a real kind of "trick", but anyway : the goal is that it's working !
)