TorGuard Account Area

Add to Favourites    Print this Article

How to setup OpenVPN on DD-WRT Manually (Newer DD-WRT Builds)

Setting up an OpenVPN connection manually on a DD-WRT Router with TorGuard is very easy and can be completed in just a few steps.

1.) Type the router's local IP address into your web browser's URL bar and login into your router. 

By default, this is typically 192.168.1.1 

Click the Services tab, then click the VPN tab.

Now make sure you enable the OpenVPN Server/Daemon so we can get some log status message in the event we have problems.

DDWRT VPN Router

2.) Now scroll down and enable the OpenVPN client to see all the options below:



Set the Server IP/name to the IP or hostname of the server you wish to connect to. Hostnames can be found here
Set the Port to 1912 (See specs page here for more ports you can use)
Set the Tunnel Device to TUN.
Set the Tunnel Protocol to UDP or TCP.
Set the Encryption Cipher to AES-128-CBC
Set the Hash Algorithm to SHA256
Set the "User Pass Authentication" to enable and enter your TorGuard VPN service username and password. If you are not sure about those then you can change those here
Set the Advanced Options to Enable.
Set TLS Cipher to TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
Set Use LZO Compression to Disabled
Set the NAT Option to Enable
Set Firewall Protection to Enable
Set Tunnel UDP MSS-fix to Enable

It should look exactly as below:

The Additional config box should contain the config lines:

persist-key
persist-tun 
sndbuf 393216
rcvbuf 393216

Visit the following page here and paste the TLS-AUTH Key into the TLS-AUTH Key box, copy the OpenVPN CA into the CA Cert box.

See below as to how it should look.

3) Click SAVE and reboot your router, give it around 3 mins at least and then check your IP here to verify you are connected to TorGuard VPN, you can also visit the OpenVPN status page under Status --> OpenVPN to see if it has connected successfully.

OPTIONAL Killswitch:

To prevent your IP leaking if the router disconnects for any reason, go to Administration >> Commands and enter the firewall rules below:

iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
iptables -I FORWARD -i br0 -o vlan2 -j DROP
iptables -I INPUT -i tun0 -j REJECT
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE

Then click "Save Firewall" (Some users may be tun1, best to check that first by running the command "ifconfig" under Administration >> Commands while VPN is running)



If you want to block individual IP's from leaking then you would use the rules below in place of the above:

iptables -I FORWARD -s 192.168.0.140 -o $(nvram get wan_iface) -j DROP
iptables -I FORWARD -s 192.168.0.141 -o $(nvram get wan_iface) -j DROP

Entering a new line for each IP (device) you want to prevent leaking, which is handy if using policy-based routing.

Policy-Based Routing:

If you want to route only certain devices through VPN you can do that by doing the following, add this additional line in the additional Config box under Services --> VPN --> OpenVPN Client

route-nopull

Then under the Policy Based Routing box, enter private IP's for your devices you want to go through VPN as in the below image (you will need to set static internal IP's for every device you want going through VPN):



IMPORTANT: Make sure Privoxy is disabled under services -->  adblocking to prevent leaks

Save and Reboot

To reboot the router visit Administration --> Management, scroll down to the very bottom and click reboot router



Also Read