Loreas
Active Member
Introduction
2. Policy based routing
3. Additional notes + buying guide
1. OpenVPN setup:
1. Download the Config-Files for Android/iOS
2. Everything we need is in the .ovpn file. Choose your server.
3. Go to the dd-wrt Webinerface:
Setup
Save Settings
Go to
Administation
If you have tun0, you have to edit the firewall command down under.
In my case i have tun1.
Administration
Under the "Additional config" on the webinterface stands "Policy Based Routing"
View attachment 153
Here you have to put in your internal IP adresses you want to pass through (one IP per line)
Then you have to redo your firewall setting and put in those internal IPs again.
Don't forget to keep your Router up to date!
Here you'll get your updated firmware:
ftp://ftp.dd-wrt.com/betas/
If you want to buy a new router thisfor keep in mind that OpenVPN needs much CPU power. The faster the CPU the faster is your connection. A dualcore 1 GHz router like the Netgear R7000 or the Asus RT-AC87U does its work at 20-24 MBit/s
Please use this link ftp://ftp.dd-wrt.com/betas/ to check, if there is a newer dd-wrt version for your router.
Don't use the dd-wrt router database or the wiki, because they aren't state of the art.
1. OpenVPN setupDon't use the dd-wrt router database or the wiki, because they aren't state of the art.
2. Policy based routing
3. Additional notes + buying guide
1. OpenVPN setup:
1. Download the Config-Files for Android/iOS
2. Everything we need is in the .ovpn file. Choose your server.
3. Go to the dd-wrt Webinerface:
Setup
Basic Setup
SetupWAN-Connection Type
Automatic Setup - DHCP
Router IP
Lokal IP: 192.168.1.1
Network Mask: 255.255.255.0
Gateway: 0.0.0.0
Lokal DNS: 0.0.0.0
Network Address Server Settings (DHCP)
DHCP Type: DHCP Server
DHCP Server: activate
For static DNS 1/2/3 choose one of those DNS provided by OpenNIC https://www.opennicproject.org/
and put them in into Static DNS 1, 2 & 3
Not recommended but can be also a Google DNS 8.8.8.8 & 8.8.4.4
untick Use DNSMasq for DHC
untick Use DNSMasq for DNS
untick DHCP-Authoritative
Clock Setup
NTP-Client: activate
Time Zone: "your time zone"
Server-IP/Name: de.pool.ntp.org
and SaveAutomatic Setup - DHCP
Router IP
Lokal IP: 192.168.1.1
Network Mask: 255.255.255.0
Gateway: 0.0.0.0
Lokal DNS: 0.0.0.0
Network Address Server Settings (DHCP)
DHCP Type: DHCP Server
DHCP Server: activate
For static DNS 1/2/3 choose one of those DNS provided by OpenNIC https://www.opennicproject.org/
and put them in into Static DNS 1, 2 & 3
Not recommended but can be also a Google DNS 8.8.8.8 & 8.8.4.4
untick Use DNSMasq for DHC
untick Use DNSMasq for DNS
untick DHCP-Authoritative
Clock Setup
NTP-Client: activate
Time Zone: "your time zone"
Server-IP/Name: de.pool.ntp.org
IPv6
ServicesIPv6-Support
IPv6: enable
Radvd: enable
and SaveIPv6: enable
Radvd: enable
VPN
copy the content
OpenVPN-Client:
Start OpenVPN -> Enable
Server IP/Name: xxx.perfect-privacy.com
Port: 1149 (UDP)
Tunnel Device: TUN
Tunnel Protocol: UDP
Encryption Cipher: AES-256 CBC
Hash Algorithm: SHA512
User Pass Authentication -> Enable
Username: your username
Password: your password
Advanced Options -> Enable
TLS Cipher: None (will be edited in "Additional Config")
LZO Compression: Adaptive
NAT -> enable
MTU: 1500
UDP Fragment: 1300
Tunnel UDP MSS-Fix: Disable
nsCertType verification: enable
Open the .ovpn-File with a text-editorStart OpenVPN -> Enable
Server IP/Name: xxx.perfect-privacy.com
Port: 1149 (UDP)
Tunnel Device: TUN
Tunnel Protocol: UDP
Encryption Cipher: AES-256 CBC
Hash Algorithm: SHA512
User Pass Authentication -> Enable
Username: your username
Password: your password
Advanced Options -> Enable
TLS Cipher: None (will be edited in "Additional Config")
LZO Compression: Adaptive
NAT -> enable
MTU: 1500
UDP Fragment: 1300
Tunnel UDP MSS-Fix: Disable
nsCertType verification: enable
copy the content
TLS Auth Key (in the .ovpn-file: <tls-auth> )
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----
Additional Config:# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----
Code:
redirect-gateway def1
reneg-sec 86400
mssfix
float
persist-remote-ip
route-method exe
tls-cipher DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-AES128-SHA
route-delay 2
tls-timeout 5
hand-window 120
inactive 604800
ping 5
ping-restart 90
replay-window 512 60
mute-replay-warnings
CA Cert (in the .ovpn-file: <ca> )
copy from .ovpn-file
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
Public Client Cert (in the .ovpn-file: <cert> )-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
copy from .ovpn-file
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
Private Client Key (in the .ovpn-file: <key> )-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
copy from .ovpn-file
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
Go to
Administation
Commands
First of all run that command in the shell:
Code:
ifconfig
In my case i have tun1.
Paste this into your Command Shell:
Code:
iptables -P FORWARD DROP
iptables -I FORWARD -i br0 -o tun1 -j ACCEPT
iptables -I FORWARD -i tun1 -o br0 -j ACCEPT
iptables -I FORWARD -i br0 -o vlan2 -j DROP
iptables -I INPUT -i tun1 -j DROP
iptables -t nat -A POSTROUTING -o tun1 -j MASQUERADE
and press the "Save Firewall" button.
Paste this into your Command Shell:
Paste this into your Command Shell:
Code:
#!/bin/sh
/usr/sbin/openvpn --config /tmp/openvpncl/openvpn.conf --route-up /tmp/openvpncl/route-up.sh --down-pre /tmp/openvpncl/route-down.sh --daemon
and press the "Save Startup Script" button.
Finally go to:
Administration
Management
and press the "Reboot Router" button.
Finished...and press the "Reboot Router" button.
2. Policy based Routing:
Under the "Additional config" on the webinterface stands "Policy Based Routing"
View attachment 153
Here you have to put in your internal IP adresses you want to pass through (one IP per line)
Then you have to redo your firewall setting and put in those internal IPs again.
Code:
iptables -P FORWARD DROP
iptables -I FORWARD -i br0 -o tun1 -j ACCEPT
iptables -I FORWARD -i tun1 -o br0 -j ACCEPT
iptables -I FORWARD -i br0 -o vlan2 -j DROP
iptables -I FORWARD -i br0 -s 192.168.1.xyz -j ACCEPT
iptables -I FORWARD -o br0 -d 192.168.1.xyz -j ACCEPT
iptables -I INPUT -i tun1 -j DROP
iptables -t nat -A POSTROUTING -o tun1 -j MASQUERADE
3. Additional notes:
Don't forget to keep your Router up to date!
Here you'll get your updated firmware:
ftp://ftp.dd-wrt.com/betas/
If you want to buy a new router thisfor keep in mind that OpenVPN needs much CPU power. The faster the CPU the faster is your connection. A dualcore 1 GHz router like the Netgear R7000 or the Asus RT-AC87U does its work at 20-24 MBit/s
Last edited by a moderator: