Using RT-N16 as a 4 port openVPN Router (via VPN provider)

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Goto page Previous  1, 2
Author Message
hereagn
DD-WRT Novice


Joined: 14 Oct 2010
Posts: 4

PostPosted: Tue Nov 02, 2010 23:12    Post subject: Reply with quote
It has been awhile. I was having little luck and a friend said he'd try his way around if he time. He brought it back as time is something he has little of.

I had tried the redirect-gateway def1 in a few configs without the desired result. In going through some behavior I'd noticed in my attempts I am thinking I may want to look at running from jffs on a flash as I kept noticing the added data I would save via telnet/ssh would be easily lost. Also I am thinking this avenue may be worth a try as the providers config is for a tls-client and the webgui does not allow adding that key info, which could be complicating the process I'm looking to accomplish.

Something else that came to light in my reviewing info again is that I had disabled the firewall, thinking this would allow the openvpn connection/route to be created unhindered. I believe I am a little unclear now. Will a properly configured openvpn.conf file allow this router the ability to establish the necessary routes or should I be sure the firewall is enabled with the appropriate iptables? I am thinking the iptables end of this statement is the correct way.

Appreciate everyone who is dedicated to this effort/project and special thanks to those who offer their time and knowledge to noobs like me.
Sponsor
UCSD5
DD-WRT Novice


Joined: 01 Dec 2010
Posts: 1

PostPosted: Wed Dec 01, 2010 20:47    Post subject: Reply with quote
phuzi0n wrote:
phuzi0n wrote:
Use the redirect-gateway option to make the tunnel become your main route. It's in many of the wiki's example configs (there's like 5 guides) and you can read more about it in the openvpn documentation if want.


Here's the documentation I used, just to make life a bit easier:
http://openvpn.net/index.php/open-source/documentation/howto.html
DD-WRT N3WBORN
DD-WRT Novice


Joined: 02 Feb 2011
Posts: 12

PostPosted: Fri Feb 18, 2011 5:10    Post subject: PS3 - NETFLIX - WRT160N v3 -SUCCESS!! Reply with quote
@ jalanmac

It doesn't get any simpler than this. I'm typing on the PC and watching my Netflix via PS3 at the same time. If anyone can't seem to manage it per the screenshot, use the alternate setup here:

http://wiki.witopia.net/wiki/Cloakbox_using_TCP

In my case, it was two certificates and (what I figured out later) one registry key that REQUIRED to be applied in the three fields. Cut, paste and reboot:}


Hardware: WRT160N V3 (CSE51)
Firmware: DD-WRT v24-sp2 (01/02/10) vpn-small
(SVN revision 13575M NEWD-2 K2.6 Eko)

**Note** Drag-N-Drop to Notepad
pavesk8
DD-WRT Novice


Joined: 23 Feb 2011
Posts: 4

PostPosted: Wed Feb 23, 2011 2:12    Post subject: Reply with quote
Managed to get Witopia SSL VPN working a few days ago after much trial and error. I have an ASUS RT-N16 with mega build 14896. I did not enable Openvpn Client on the GUI. I'm just using Startup and Firewall commands under the Administration / Commands tab.

HERE IS THE STARTUP CONFIG:
-------------------------------
cd /tmp
ln -s /usr/sbin/openvpn /tmp/myvpn
./myvpn --mktun --dev tap0
brctl addif br0 tap0
ifconfig tap0 0.0.0.0 promisc up
sleep 5

echo "
client
daemon
dev tun
proto udp
remote vpn.us.witopia.net 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
ns-cert-type server
cipher bf-cbc
comp-lzo
verb 3
mute 20
mssfix 1450

" > /tmp/client.conf

echo "
-----BEGIN CERTIFICATE-----
INSERT CA.CRT HERE
-----END CERTIFICATE-----
" > /tmp/ca.crt

echo "
-----BEGIN RSA PRIVATE KEY-----
INSERT YOUR NAME.KEY HERE
-----END RSA PRIVATE KEY-----
" > /tmp/client.key
chmod 600 /tmp/client.key

echo "
-----BEGIN CERTIFICATE-----
INSERT YOUR NAME.CRT HERE
-----END CERTIFICATE-----
" > /tmp/client.crt

./myvpn --config client.conf --float

route add -net 192.168.0.0/24 dev br0

--------------------------
***note the --float command may not be necessary but i'm using it since my DD-WRT is behind another router.

**** the last line "route add -net X.X.X.X/X dev br0" should reflect your own private network.


HERE IS THE FIREWALL CONFIG:
---------------------------------

iptables -A POSTROUTING -t nat -o tun0 -j MASQUERADE

----------------------------------

Also make sure your you have NTP running with a correct clock. I was using time.microsoft.com and it wasn't synching so I switched it to Canada's National Reaserch Council NTP at 132.246.168.148.


Hope this helps someone out there. Took me a while to read up and get it working.

If you are having problems enable System Log under Services/Services in the GUI, and you can check the log by telnet into the command line and using the command : cat /var/log/messages to try to determine why the vpn is failing. This helped me alot! It seems that there are many different people getting this working using different methods, this may just be one more to try, good luck.

Oh yeah if you doing this to access NETFLIX on an Apple TV 2 or an iPhone make sure to use your VPN providers DNS or an OPEN DNS server on the device. I was having a problem where steams wouldn't play, hard coded the DNS on the Apple TV 2 to Witopia's DNS and haven't had a problem since.
desibawaji
DD-WRT Novice


Joined: 07 Jun 2006
Posts: 7

PostPosted: Tue Mar 01, 2011 4:49    Post subject: Reply with quote
Hi,

Please can you confirm that the router you are using for VPN is connected directly to the ISP or is behind any other router. As I am looking for a similar solution where I have the router running VPN to sit be hid the router connecting to e ISP.

Your post has helped a lot but I am not able to connect the devices to the second router and pass through the VPN
bestvpn
DD-WRT Novice


Joined: 08 Mar 2011
Posts: 1

PostPosted: Tue Mar 08, 2011 8:34    Post subject: VPN Reply with quote
Hmm well Posts..
pavesk8
DD-WRT Novice


Joined: 23 Feb 2011
Posts: 4

PostPosted: Thu Mar 17, 2011 16:15    Post subject: Reply with quote
Yes the DD-WRT VPN Router is connected behind another router which is connected to my ISP.
thinkpadius
DD-WRT Novice


Joined: 07 May 2011
Posts: 10

PostPosted: Sun May 08, 2011 1:26    Post subject: Reply with quote
Just wanted to say thanks for the help Smile I'm pretty certain I got this to work.

I resolved my problem WITHOUT USING THE GUI.

I was really hoping I could avoid this, simply because I don't really know how I would ever troubleshoot this...

anyway on to my solution:

I used the script located above.

there are a couple of things that I needed to happen first, I just thought I'd put them down as instructions in case anyone else had issues:

1. Disable all VPN clients/servers in the VPN tab of the GUI

2. Insert the static DNS for your service eg Witopia, StrongVPN etc. eg; any DNS from this list should be good: http://www.wiki.personalvpn.net/wiki/DNS_Options

3. Enable the Keep Alive (administration-->keep alive-->watchdog)for your VPN provider's IP/address. eg; in my case, I want to exit through Witopia's LA gateway so I chose vpn.lax.witopia.net check your VPN service provider for a list of exit gateway IPs.

3a) remember that the keep alive address must be the same as the address you insert into the script later.

3b) set the keep alive port to 1194 (same as the script you use later)

4. save. and reboot from the admin tab.

NOW INSERT THE SCRIPT (administration--->Commands--->)

script worked fine. saved. MAKE SURE TO CHECK THAT EVERYTHING IS CORRECT.

1) your VPN provider's address
2) your keys and certs, are they spaced properly? (I heard it matters, no double return key, keep directly between the ---cert starts here--- and --cert ends here--)
3)Did you put in the correct local router IP?

save. reboot. grab a coke, return. reconnect to the wifi - my wifi now has a (2) at the end of its name.

check your ip with ipchicken or google ip "address locater" to make sure your IP puts you in a completely different place.

I hope that it's all fixed for me. one of my computers noted that it had the same IP as another one of my computers, but when I looked at all the PCs on my router, they each had a different local IP, so it may just be windows 7 complaining.

both computers told me they were in the new location.

The only thing now, how do I confirm that my traffic is encrypted?
smiler51
DD-WRT Novice


Joined: 05 May 2012
Posts: 5

PostPosted: Fri Sep 14, 2012 6:37    Post subject: Reply with quote
pavesk8 wrote:

....
./myvpn --config client.conf --float

route add -net 192.168.0.0/24 dev br0

--------------------------
***note the --float command may not be necessary but i'm using it since my DD-WRT is behind another router.

**** the last line "route add -net X.X.X.X/X dev br0" should reflect your own private network.



Hi Guys,

what does the 24 (route add -net 192.168.0.0/24 dev br0) stand for?
My routers address is 192.168.1.1 which i plugged in but don't know for what the "/24" stands?

Thanks

Smiler51
pavesk8
DD-WRT Novice


Joined: 23 Feb 2011
Posts: 4

PostPosted: Thu Jan 17, 2013 2:05    Post subject: Reply with quote
It just the shorthand notation of the network subnet mask. /24 = 255.255.255.0


smiler51 wrote:
pavesk8 wrote:

....
./myvpn --config client.conf --float

route add -net 192.168.0.0/24 dev br0

--------------------------
***note the --float command may not be necessary but i'm using it since my DD-WRT is behind another router.

**** the last line "route add -net X.X.X.X/X dev br0" should reflect your own private network.



Hi Guys,

what does the 24 (route add -net 192.168.0.0/24 dev br0) stand for?
My routers address is 192.168.1.1 which i plugged in but don't know for what the "/24" stands?

Thanks

Smiler51
Goto page Previous  1, 2 Display posts from previous:    Page 2 of 2
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum