Add to Favourites    Print this Article

How to Setup the OpenVPN client on DD-WRT Manually (2015/2018 DD-WRT Builds)

Setting up an OpenVPN connection manually on a DD-WRT Router with TorGuard is very easy and can be completed in just a few steps.

STEP 1) Type the router's local IP address into your web browser's URL bar and login into your router. 

By default, this is typically 192.168.1.1 

STEP 2) Click the Services tab, then click the VPN tab - if this is your first access it may prompt you to enter your router username and password.

Now make sure you enable the OpenVPN Server/Daemon so we can get some log status message in the event we have problems.

DDWRT VPN Router

STEP 3) Now scroll down and enable the OpenVPN client to see all the options below:



- Set the Server IP/name to the IP or hostname of the server you wish to connect to. Hostnames can be found here
- Set the Port to 1912 (See specs page here for more ports you can use) - you may want to set up a Dedicated IP or Port forward - use the port and settings from your activation email here instead, this is an example setup.
- Set the Tunnel Device to TUN.
- Set the Tunnel Protocol to UDP or TCP - UDP can be faster but may not connect on some networks that TCP will.
- Set the Encryption Cipher to AES-128-CBC
- Set the Hash Algorithm to SHA256 - Be sure to set the correct Hash Algorithm for the port you select, you can view this info on our specs page
- Set the "User Pass Authentication" to enable and enter your TorGuard VPN service username and password.
- Set the Advanced Options to Enable.
- Set TLS Cipher to TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
- Set Use LZO Compression to Disabled
- Set the NAT Option to Enable
- Set Firewall Protection to Enable

- Set Tunnel UDP MSS-fix to Enable

It should look exactly as below - the hostname may vary, use the hostnames found on our network page.


STEP 4) The Additional config box should contain the config lines:

persist-key
persist-tun 
sndbuf 393216
rcvbuf 393216

Visit the following page here and paste the TLS-AUTH Key into the TLS-Auth Key box, copy the OpenVPN CA into the CA Cert box as per the below image:

STEP 5) Click SAVE and reboot your router, give it around 3 mins at least and then check your IP here to verify you are connected to TorGuard VPN, you can also visit the OpenVPN status page under Status --> OpenVPN to see if it has connected successfully.

OPTIONAL Killswitch:

To prevent your IP leaking if the router disconnects for any reason, go to Administration >> Commands and enter the firewall rules below:

iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
iptables -I FORWARD -i br0 -o vlan2 -j DROP
iptables -I INPUT -i tun0 -j REJECT
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE

Then click "Save Firewall" (Some users may be tun1, best to check that first by running the command "ifconfig" under Administration >> Commands while VPN is running)




Optional Policy-Based Routing:

If you want to route only certain devices through VPN you can do that by doing the following, add this additional line in the additional Config box under Services --> VPN --> OpenVPN Client

route-nopull

Then under the Policy Based Routing box, enter private IP's for your devices you want to go through VPN as in the below image (you will need to set static internal IP's for every device you want going through VPN):



IMPORTANT: Make sure Privoxy is disabled under services -->  adblocking to prevent leaks then save and reboot under --> Administration --> Management, scroll down to the very bottom and click reboot router

There are many reasons why a DD-WRT connection may fail to connect correctly. The most common issues are down to little errors like using the wrong TG Service login username or password and server details, even having the incorrect time and date can impact on the connections.

TROUBLESHOOTING DD-WRT

Here is a checklist of common causes and fixes.

1. Try setting 'Use DNSMasq for DNCP', 'Use DNSMasq for DNS' and 'DHCP-Authoritative' to enabled as well as disabled.

2. Ensure the IP of the DD-WRT router is not conflicting with your main router. If your main router is currently 192.168.1.1 DD-WRT has to be in the same subnet, an example of this is: 192.168.1.51

3. Ensure the DD-WRT is connected to any other router from its WAN port.

4. You could also try setting the DD-WRT router to a 'Static' connection from the 'Basic Setup' page.

5. Go to your LAN settings and manually change your IP Address, Subnet Mask and Gateway so its pointing to the DD-WRT router. You may also need to change the DNS servers if you do not want to use your ISPs DNS you can use Cloudflare DNS for example 1.1.1.1 and 1.0.0.1

6. Try disabling the firewalls on your routers or modems, these can quite often cause connection issues. Once it's determined that a firewall is not causing the problem it can always be re-enabled.

7. MTU settings can quite often cause problems, you could try lowering the MTU settings by adding this command on a new line (below verb 3) on your OpenVPN configuration file: tun-mtu 1100

8. It's very important that your router has the correct time and date.

OpenVPN LOGS:


If you are running an OpenVPN Connection you can create a Log which may enable you to see the problem - so you can open a support ticket and send us the details.

1. Add the following after 'verb 3' in your OpenVPN Config startup script:

log /tmp/openvpn.log

2. Reboot your router, wait for about 5 minutes and then run the following command (Run Command) from the command text area in administration (same place as the OpenVPN config file):

ln -s /tmp/openvpn.log /tmp/www/openvpnlog.html

3. Go to the DD-WRT index page and add: /user/openvpnlog.html to it so it looks something like: http://192.168.x.x/user/openvpnlog.html

If you still have any problems please open a support ticket and we will be able to assist you.



Also Read