VPN with DD-WRT (Server mode with Static Key)

Message Topic Search Topic Options Post Reply Create New Topic Printable Version

Server mode with Static Key
Note: with DD-WRT v23 S2 vpn this
allows only 1 client connection!! [1] (http://forum.bsr-clan.de/ftopic5111-0-asc-45.html
 ). See the following link for multiple
connections.  

SSH to Router
SSH to your
DD-WRT Router and run the following command:

openvpn
--genkey --secret static.key
From the shell prompt type the following vi /tmp/static.key and copy the entire key contents then paste it to a *.txt file on your desktop you will need this for the OpenVPN client setup

Desktop Setup

Download
and Install OpenVPN http://www.openvpn.se

Start >
OpenVPN -> Generate a static OpenVPN key

It
will show up in the C:\Program Files\OpenVPN\config
This
will create a key.txt file, you will want to rename it to static.key
Open
the static.key file with a text editor and paste in key that you created on
your DD-WRT router through the SSH session.

Example:

-----BEGIN OpenVPN Static key V1-----

...INSERT YOUR OWN KEY HERE...

-----END OpenVPN Static key V1-----

Web GUI on your Router

Paste the
below command into Administration > Commands > Commands text box and
click "Save firewall" (replacing the "443"
with the port you are going to use): 

iptables -I INPUT 1 -p tcp --dport 443 -j ACCEPT

Paste the
below command into Administration > Commands > Commands text box, make
sure to change the Port and Key to the one you created in your static.key file.  Click "Save Startup"

openvpn --mktun --dev tap0
brctl addif br0 tap0
ifconfig tap0 0.0.0.0 promisc up
echo "

-----BEGIN OpenVPN Static key V1-----

...INSERT YOUR OWN KEY HERE... 

-----END OpenVPN Static key V1-----

" > /tmp/static.key
ln -s /usr/sbin/openvpn /tmp/myvpn
/tmp/myvpn --dev tap0 --secret /tmp/static.key --comp-lzo --port 443 --proto tcp-server --verb 3 --daemon

Reboot your
router.
Login with ssh and check that "myvpn" is running (ps | grep
vpn) 
You can
also paste the "ps | grep vpn" command into the Administration >
Commands box to see if it is running 

Final Desktop Setup

Create an
openvpn config file on your Desktop use the example below.  Open a text file and copy the information below
and name it Home.ovpn and choose save. 
Right mouse click on the Home.ovpn file and choose Start OpenVPN on this
config file this will begin the VPN tunnel and it will verify that your
certificate matches the one on the server once connected you should be able to
ping every host by IP Address and DNS name.

# Snippet
Example Home.ovpn
 # Use the following for simple connections:
remote IP ADDRESS
port 443
dev tap
secret static.key
proto tcp-client
comp-lzo

 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Note: I have had problems with TCP.
My connection would frequently drop. Eventually, I seem to have solved the
problems by switching my VPN to UDP. 
See here: http://www.dd-wrt.com/phpBB2/viewtopic.php?p=54741

I copied
the information above from this wiki link:
http://dd-wrt.com/wiki/index.php/OpenVPN#Server_mode_with_Static_Key

Edited by lodogg - 14 March 2007 at 7:33pm