Difference between revisions of "OpenVPN dd-wrt"

Setup Instructions Method 1

Setup Instructions Method 2

1. Connect to http://192.168.1.1/
2. Click on Administration > Commands.
3. Copy the whole content of the ddwrt_btguard.txt file in the Command Shell. ZIP with both .txt files

• ddwrt_btguard.txt (Click below to select all)
  

#!/bin/sh USERNAME="replace with your username" PASSWORD="replace with your password" PROTOCOL="udp" REMOTE_SERVERS="remote vpn.btguard.com 1194" #### DO NOT CHANGE below this line #### CA_CRT='-----BEGIN CERTIFICATE----- MIIDQTCCAimgAwIBAgIJAJV9QqE+ZzsXMA0GCSqGSIb3DQEBCwUAMBoxGDAWBgNV BAMMD3Zwbi5idGd1YXJkLmNvbTAeFw0yMDA4MDUxMzUzNDhaFw00MTAyMTYxMzUz NDhaMBoxGDAWBgNVBAMMD3Zwbi5idGd1YXJkLmNvbTCCASIwDQYJKoZIhvcNAQEB BQADggEPADCCAQoCggEBAMxVmPrlfsHocRYR1D/kOj47ZRZDv2XG2Z5rkq1ode/a jMSV082EqKhhIE2o6f03abXhWe8VSoM2ZPoB0818x7WIYeoXzaHJQooZTyKjCpm2 8Fz/XDvyShZpyKUZPjuoo9UxNWDEhnMHJegtL9ccJGXWRrbgUjvrOsiyiiAolftu 8MjSYRTveuARxMyIlMNAXMaG2r3H2tM1QGoDdCn6FaMBYl4JOExXsOtofjGcRxcb MLQLYkORwTwx7TGTacQizsFxg9pSF7jNQwgHtIjZ5fY6SLgmFHEFOaP0mbuHTF9I 6e58ACbkJ4wuk4IVTXup80c8Zsr+yBFGM8pB5pqEBj0CAwEAAaOBiTCBhjAdBgNV HQ4EFgQUhHt2BX7StG7Op1OaZCosAicYJvMwSgYDVR0jBEMwQYAUhHt2BX7StG7O p1OaZCosAicYJvOhHqQcMBoxGDAWBgNVBAMMD3Zwbi5idGd1YXJkLmNvbYIJAJV9 QqE+ZzsXMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUA A4IBAQDB/OX+2GJB1Zql1DNVoQst1V/5y/AzKUclCpQb5VVpGU3hrXw1GD/HnVaU Mwq8e+C9+FgJNXh0LtpOuksr7YD0IMie4h0rXh1U8tLk1Zh5gLcq5RPee/CK44Qs E2X5BUdWfOyL4AkoBAvk2roy25plk4rlOLleUKsHl1qqXMB/o3n+o90pnRKsYZZ4 PAZGB39DDO9ANTX/CzRXC+GKpTnmEB5KiIJzuDCHI9HeEv9LTGMhZaCvSjJhPuA9 VuotY2nOSJ9jO/K7aa2Q9dXVbKXYWo29nq0EUGomo/WwzX8ABAP/RLyESDDIukFA T1Ip5RClcWgkxPlQdzCxhGJ5iEJ0 -----END CERTIFICATE-----' OPVPNENABLE=`nvram get openvpncl_enable | awk '$1 == "0" {print $1}'` if [ "$OPVPNENABLE" != 0 ] then nvram set openvpncl_enable=0 nvram commit fi sleep 30 mkdir /tmp/btguard; cd /tmp/btguard echo -e "$USERNAME\n$PASSWORD" > userpass.conf echo "$CA_CRT" > ca.crt echo "#!/bin/sh" > route-up.sh; echo -e "#!/bin/sh\nsleep 2" > route-down.sh echo "#!/bin/sh iptables -I FORWARD -i br0 -o tun0 -j ACCEPT iptables -I FORWARD -i tun0 -o br0 -j ACCEPT iptables -I INPUT -i tun0 -j REJECT iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE" > /tmp/.rc_firewall chmod 644 ca.crt; chmod 600 userpass.conf; chmod 700 route-up.sh route-down.sh chmod 700 /tmp/.rc_firewall sleep 30 echo "client dev tun proto $PROTOCOL script-security 2 hand-window 60 verb 3 mute 5 mtu-disc yes resolv-retry infinite nobind persist-key persist-tun keepalive 20 120 reneg-sec 0 log btguard.log ca ca.crt cipher AES-256-CBC auth SHA512 mute-replay-warnings daemon auth-user-pass userpass.conf $REMOTE_SERVERS" > openvpn.conf ln -s /tmp/btguard/btguard.log /tmp/btguard.log (killall openvpn; openvpn --config /tmp/btguard/openvpn.conf --route-up /tmp/btguard/route-up.sh --down-pre /tmp/btguard/route-down.sh) & exit 0

4. Type in your username and password.
Both username and password are case sensitive. Make sure not to add/forget Capital Letters.
If UDP doesn't work, please type tcp instead of udp.
5. Click on Save Startup.

6. Copy the whole content of the ddwrt_firewall.txt file in the Command Shell.
7. Click on Save Firewall

• ddwrt_firewall.txt (Click below to select all)
  

iptables -I FORWARD -i br0 -o tun0 -j ACCEPT iptables -I FORWARD -i tun0 -o br0 -j ACCEPT iptables -I INPUT -i tun0 -j REJECT iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
8. Now click on the Management tab, go to the bottom of the page and click on Reboot Router.

Setup Complete!

The router will reboot and it will take a couple minutes to finish setting everything up.

Setup Instructions Method 2

Setup Instructions Method 1

1. Connect to http://192.168.1.1/
2. Click on Services > VPN.
3. Enable OpenVPN Clientand fill in the following:

Server IP/Name: vpn.btguard.com
Port: 1194
Tunnel Device: TUN
Tunnel Protocol: UDP (switch to TCP if UDP doesn't work)
Encryption Cipher: AES-256-CBC
Hash Algorithm: SHA512 Leave nsCertType verification unchecked.
Advanced Options: Enable
TLS Cipher: None
LZO Compression: Disabled
NAT: Enable
Firewall Protection: Disable
Tunnel MTU setting: 1500
Tunnel UDP MSS-Fix: Disable
Additional Config:
auth-user-pass /tmp/openvpncl/user.conf
persist-key
persist-tun
CA Cert:
(Click below to select all)
-----BEGIN CERTIFICATE----- MIIDQTCCAimgAwIBAgIJAJV9QqE+ZzsXMA0GCSqGSIb3DQEBCwUAMBoxGDAWBgNV BAMMD3Zwbi5idGd1YXJkLmNvbTAeFw0yMDA4MDUxMzUzNDhaFw00MTAyMTYxMzUz NDhaMBoxGDAWBgNVBAMMD3Zwbi5idGd1YXJkLmNvbTCCASIwDQYJKoZIhvcNAQEB BQADggEPADCCAQoCggEBAMxVmPrlfsHocRYR1D/kOj47ZRZDv2XG2Z5rkq1ode/a jMSV082EqKhhIE2o6f03abXhWe8VSoM2ZPoB0818x7WIYeoXzaHJQooZTyKjCpm2 8Fz/XDvyShZpyKUZPjuoo9UxNWDEhnMHJegtL9ccJGXWRrbgUjvrOsiyiiAolftu 8MjSYRTveuARxMyIlMNAXMaG2r3H2tM1QGoDdCn6FaMBYl4JOExXsOtofjGcRxcb MLQLYkORwTwx7TGTacQizsFxg9pSF7jNQwgHtIjZ5fY6SLgmFHEFOaP0mbuHTF9I 6e58ACbkJ4wuk4IVTXup80c8Zsr+yBFGM8pB5pqEBj0CAwEAAaOBiTCBhjAdBgNV HQ4EFgQUhHt2BX7StG7Op1OaZCosAicYJvMwSgYDVR0jBEMwQYAUhHt2BX7StG7O p1OaZCosAicYJvOhHqQcMBoxGDAWBgNVBAMMD3Zwbi5idGd1YXJkLmNvbYIJAJV9 QqE+ZzsXMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUA A4IBAQDB/OX+2GJB1Zql1DNVoQst1V/5y/AzKUclCpQb5VVpGU3hrXw1GD/HnVaU Mwq8e+C9+FgJNXh0LtpOuksr7YD0IMie4h0rXh1U8tLk1Zh5gLcq5RPee/CK44Qs E2X5BUdWfOyL4AkoBAvk2roy25plk4rlOLleUKsHl1qqXMB/o3n+o90pnRKsYZZ4 PAZGB39DDO9ANTX/CzRXC+GKpTnmEB5KiIJzuDCHI9HeEv9LTGMhZaCvSjJhPuA9 VuotY2nOSJ9jO/K7aa2Q9dXVbKXYWo29nq0EUGomo/WwzX8ABAP/RLyESDDIukFA T1Ip5RClcWgkxPlQdzCxhGJ5iEJ0 -----END CERTIFICATE-----'

4. Hit Save.

5. Click on Administration > Commands.
6. Copy the following in the Commands window.
echo "Username Password" > /tmp/openvpncl/user.conf Replace Username and Password with yours.
Both username and password are case sensitive. Make sure not to add/forget Capital Letters.

7. Click on Save Startup.

8. Now click on the Management tab, go to the bottom of the page and click on Reboot Router.
The router will reboot and it will take a couple minutes to finish setting everything up.
9. Click on Status > OpenVPN to check if you're connected.