Skip to content
Home » DD-WRT OpenVPN Client

DD-WRT OpenVPN Client

  • by

Introduction to DD-WRT and OpenVPN

DD-WRT is an open source firmware that can be installed on many consumer-grade routers. It replaces the router’s factory firmware and offers advanced features and customization options not normally found on regular router firmware.

One popular DD-WRT add-on is OpenVPN support. OpenVPN allows users to create secure connections between networks over an untrusted network like the public internet. This enables secure remote access to a local home or office network from anywhere over the internet.

Some key benefits of using OpenVPN with DD-WRT include:

  • Secure encrypted tunnel for connecting over public networks
  • Remote access to local network resources like file shares
  • Bypasses geographic restrictions and censorship
  • Compatible with most devices like desktops, mobiles etc.

By combining the power of DD-WRT with OpenVPN, users can build feature-rich VPN servers right on supported router hardware. This saves costs compared to commercial VPN providers or hosted solutions.

Overall, DD-WRT plus OpenVPN offers a convenient way to enable remote workers or travellers to access local networked resources, while gaining state-of-the-art security and encryption when connecting over the internet.

Setting up OpenVPN on DD-WRT

First, users need to check if their router is compatible with installing DD-WRT firmware. The DD-WRT database provides a comprehensive list of supported routers from various manufacturers.

Once compatible router hardware is acquired, visit the DD-WRT website to download the correct firmware file. Installation steps vary by router model – refer to router-specific DD-WRT wiki for complete flashing instructions.

With DD-WRT installed, the router web interface will now have extra menus and settings for add-ons like OpenVPN. Navigate to the Services -> VPN page to set up the OpenVPN server:

Show Image

Under the “Start OpenVPN Server” section, choose the server mode (e.g. SSL/TLS with authentication) and the cryptographic settings like cipher and authentication digest to use.

Strong ciphers like AES-256 combined with SHA256 hashing is recommended. The ports and protocol can also be configured, but TCP 443 is fairly standard.

Next, generate the Certificate Authority (CA) and the server certificate+key by specifying details like country, state, name etc. and hitting the “Generate” button.

These credentials will be used later by the clients to authenticate and connect to the OpenVPN server.

Finally, add the client specifics by entering a username and Common Name. Generate the client certificate+key and download the client config pack for use later when setting up desktop/mobile apps or other router boxes.

Hit “Apply Settings” once complete. The server status will show as “Started” when fully enabled. Client configuration steps will vary based on OS or device.

Client Configuration

Desktop PCs

First download the OpenVPN client application for Windows or Mac computers that need remote access through the VPN tunnel.

After installing, import the .ovpn file from inside the client config pack previously downloaded from the DD-WRT interface. This will auto populate the client with the Critical Options like certificates and encryption protocol details.

Enter the server address in the connection window and save the client profile. Establishing a connection should display status as “Connected” with IP details once successfully authenticated to the OpenVPN server.

Network resources on the local network hosted behind the DD-WRT router should now be available as if connecting directly on the LAN.

Another DD-WRT Box

Users can add OpenVPN client connectivity to additional DD-WRT based routers to enable a site-to-site style direct network bridge between locations.

On the secondary router, repeat the steps to flash DD-WRT firmware if needed and navigate to Services -> VPN.

Instead of server setup, focus on the client tab and import the config pack downloaded earlier from the primary OpenVPN server.

Check that details like device name and certificates match what was defined on the server end previously.

Finally, enable the client status to “Started” and check that it displays “Connected” status once fired up. Traffic can now be routed from LAN devices behind router #2 into LAN devices on router #1.

Using OpenVPN Access Server

Popular tools like OpenVPN Access Server (AS) offer centralized management and user permissions on top of the base VPN functionality.

Creating and Downloading the Autologin Profile

OpenVPN AS has an admin interface allowing managers to create configuration profiles tied to user accounts or specific devices.

Navigate to the User Permissions panel and create a custom permission group. Next create a user account and assign it to this new group.

Under the My Settings panel, add a client device like a DD-WRT router by entering a unique name and optionally assigning static IP and subnets.

Finally, generate and download the auto-login profile for that device to use for quick no-credentials-needed connectivity to the Access Server VPN.

User Permissions

Group policies can be used to lock down permission levels and access rules. For example, users may be restricted to only Tunnelblick clients with certain fairly narrow policy constraints.

More trusted power users can utilize the auto-login style OpenVPN profile generated for DD-WRT routers to enjoy higher throughput and less restrictive filtering so they can access more sensitive company data.

Fine grained rights management per user, group or even connection type allows great flexibility.

Troubleshooting and Advanced Options

Troubleshooting

Some common issues faced during setup include:

  • Client not being able to connect at all: Verify protocols, ciphers and certificates match on both ends.
  • Slow speeds after connecting: Try toggling the MTU values or enabling compression. Offload encryption to router CPU.
  • Web interface access failing: Make sure remote clients are not overriding DNS improperly. Add routes instead of killswitch firewall rules.

Quick diagnosis can be done via SSH session directly on the DD-WRT box. Watch the OpenVPN log file under /tmp during connection attempts.

Also confirm Windows or desktop client firewalls are not blocking critical ports and protocols. TCP 443 outbound allowing domain name resolution is imperative for connectivity.

Advanced Options

Advanced users can further customize and optimize their DD-WRT OpenVPN performance by tweaking build options like:

  • MPPE + Bridged CP for efficiency
  • Data ciphers like AES-NI to enable GPU hardware acceleration
  • LZO Compression and other speed enhancement plugins
  • Pre-shard key exchange for faster handshakes

Adjust MTU values to tune bandwidth usage and latency. Plus tap adapter bindings instead of TUN help where needed.

Conclusion

Installing DD-WRT firmware on consumer routers opens up many possibilities for power users including building custom VPN servers. OpenVPN integration allows leveraging industry standard security and encryption protocols for remote access.

With customizable management via tools like OpenVPN Access Server and centralized administration dashboards, businesses can grant secure connectivity to remote workers and branch locations.

Performance fine-tuning through kernel builds and specialized network topology routing provides a very flexible foundation right on top of cost effective off the shelf routers. DD-WRT + OpenVPN offers a compelling networking solution for personal and commercial use cases alike.

Tags: