TorGuard Account Area

Add to Favourites    Print this Article

How to setup OpenVPN on DD-WRT Manually (Newer DD-WRT Builds)

Setting up an OpenVPN connection manually on a DDWRT Router with TorGuard is very easy and can be completed in just a few steps.

1.) Type the router's local IP address into your web browser's URL bar and login into your router. 

By default, this is typically 192.168.1.1 

Click the Services tab, then click the VPN tab.

Now make sure you enable the OpnVPN Server/Daemon so we can get some log status message in the event we have problems.

DDWRT VPN Router

2.) Now scroll down and enable the openvpn client to see all the options below:



Set the Server IP/name to the IP or hostname of the server you wish to connect to. Hostnames can be found here
Set the Port to 443 (See specs page here for more ports you can use)
Set the Tunnel Device to TUN.
Set the Tunnel Protocol to UDP or TCP.
Set the Encryption Cipher to Blowfish CBC (Default). (See specs page here for more ciphers you can use, they need to match the connection port)
Set the Hash Algorithm to SHA1.
Set the "User Pass Authentication" to enable and enter your vpn service username and password.
Set the Advanced Options to Enable.
Set Use LZO Compression to Adaptive
Se the NAT Option to Enable
Set Tunnel UDP MSS-fix to Enable

It should look exactly as below:

The Additonal config box should contain the config lines below:

persist-key
persist-tun
tls-client
remote-cert-tls server

The CA Cert box should contain the following cert here

Copy and paste the certificate (all of it) into the CA Cert field as you can see below:

3) Click SAVE and reboot your router, give it around 3 mins atleast and then check your IP here to verify you are connected to TorGuard VPN.

OPTIONAL:

Killswitch:


To prevent your IP leaking if the router disconnects for any reason, go to Administration >> Commands and enter the firewall rules below:

iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
iptables -I FORWARD -i br0 -o vlan2 -j DROP
iptables -I INPUT -i tun0 -j REJECT
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE

Then click "Save Firewall" (Some users may be tun1, best to check that first by running the command "ifconfig" under Administration >> Commands)

If you want to block individual IP's from leaking then you would use the rules below in place of the above:

iptables -I FORWARD -s 192.168.0.140 -o $(nvram get wan_iface) -j DROP
iptables -I FORWARD -s 192.168.0.141 -o $(nvram get wan_iface) -j DROP

Entering a new line for each IP (device) you want to prevent leaking, which is handy if using policy based routing.

Policy Based Routing:

If you want to route only certain devices through VPN you can do that by doing the following, add this additonal line in the Additonal Config box under Services >> OpenVPN

route-nopull

Then under the Policy Based Routing box, enter private IP's for your devices you ant to go through VPN as in the below image (you will need to set static internal IP's for every device you want going through vpn):



IMPORTANT: Make sure Privoxy is disabled under services >  adblocking to prevent leaks

Save and Reboot:

That should be you good to go, if you have any problems please submit a support ticket and our support agents will help you get it going.



Also Read