Posted: Sat May 04, 2013 14:03 Post subject: Astrill OpenVPN with DIR 825 DD-WRT
Hi everybody
I case some extremely novice users of DD-WRT like me got stuck with OpenVPN on their flashed router, I wanted to share a few hints. I took me a couple of weeks going around to find something really working, so I am glad to share if it helps some of you (experts won't need this of course).
My router is a D-LINK DD-WRT 825 "B1", flashed with 21286 build (I haven't got a clue whether it works with other builds).
I use Astrill OpenVPN (Arethusa never worked for me), with a fixed IP adress (they charge it on top of the VPN but at least it works), with their own applet which must be installed on the flashed router. The connection must be launched in the new "TAB" created on the menu.
Now, the more important : the applet can't work properly with the other GUI menus. So you will have to disable all the NAT rules if any and use the "command" interface instead, save firewall rules and reboot the router.
It if works like it does for me, you will have access to any desired port and have a proper reroute on the right device
Ok, here we go for some more elements :
The applet can be installed very easily using the instructions on the Astrill site (just one line to be cut/pasted on the command menu, it downloads the code and install it on the flashed router). After reboot, the menu will display an additional tab named "My Page" :
From this tab, you access to the menu which enables OpenVPN to run on your router. Depending on your subscription, several servers are available. Just select and start, that's it. You can see how it looks when running :
now, the tricky part. I needed open ports to access from internet to different devices, including IP cameras. The Tab with "port forward" in Astrill Applet menu doesn't do NAT at all (in fact, it is a mere DMZ option, with one device possible, but in most cases, this is not what we are looking for). Unfortunately, the applet doesn't work with the native "NAT" interface of DD-WRT GUI
This is where the command interface of the GUI comes in handy. Go there and write the rules you want the firewall to include. In my case, I needed 2 open ports for HTTP. I used the following (in the grey area, you just put the IP Lan adress of the device with the forwarded port). Save Firewall, reboot router and that's it :
It still have work to do (there seems to be some problem when the VPN goes in "Wait" mode) but I now have accessible devices. I suggested Astrill support they should write a more detailed FAQ about port forwarding.
...
It still have work to do (there seems to be some problem when the VPN goes in "Wait" mode) but I now have accessible devices. I suggested Astrill support they should write a more detailed FAQ about port forwarding.
Hi everybody I update the post just to mention the only remaining pb is related to the stability of the connection. Basically, beyond 2hours and so, the tunnel status changes from "connected" to "wait". From this point, the only solution I have is a manual reconnection. In that case, I don't think the issue lies with DD-WRT build. Maybe something to do with the reneg-sec parameter but I am not quite sure. I will have to open a ticket with Astrill support to have a look.
Otherwise, the tunnel works fine, I tried some other features such as excluding a device, works OK.