v3ritas.TECH

FINALLY Got my OpenVPN Server Setup on My DD-WRT Router

· Sean P. McAdam

This took way longer than I would have liked, but at least it seems to be working right now.

After moving recently, I needed to purchase a new router, leaving my rooted Google WiFi AP’s behind. I decided to replace it with a D-LINK AC2600 EXO MU-MIMO Wi-Fi Router. After some more router related fun, I was able to get DD-WRT custom firmware running on the device. With that finally in place, my next project was to get the OpenVPN Server feature enabled. I had all the certificates & keys I needed, it was just a matter of getting the right config in the DD-WRT Admin GUI. Below is what I finally had in the “Additional Config” field that, that ended up working:

push “route 192.168.1.0 255.255.255.0” push “dhcp-option DNS 192.168.2.1” server 192.168.2.0 255.255.255.0 verb 5 dev tun0 proto udp4 keepalive 10 120 dh /tmp/openvpn/dh.pem ca /tmp/openvpn/ca.crt cert /tmp/openvpn/cert.pem key /tmp/openvpn/key.pem script-security 2 # Only use crl-verify if you are using the revoke list - otherwise leave it commented out # crl-verify /tmp/openvpn/ca.crl # management parameter allows DD-WRT’s OpenVPN Status web page to access the server’s management port # port must be 5001 for scripts embedded in firmware to work # management localhost 5001

Where 192.168.1.0 is my local subnet, & 192.168.2.0 is a subnet I’m assigning to VPN clients.

I haven’t started configuring clients yet, but don’t believe that will be anywhere near as difficult as getting the server running. For reference, below is a history of the commands I ran to get the certificates, keys, etc setup for the server:

v3ritas@Hostname:~/.openvpn/20190101$ history 2956 make-cadir 20190101 2957 cd 20190101/ 2958 ls 2959 nano vars 2960 source vars 2961 cp openssl-1.0.0.cnf openssl.cnf 2962 source vars 2963 ./clean-all 2964 ./build-ca 2965 ./build-key-server OpenVPN-Server 2966 ./clean-all 2967 nano vars 2968 ./build-ca 2969 source var 2970 ./build-ca 2971 ./build-key-server OpenVPN-Server 2972 ./build-dh 2973 ls keys 2974 openvpn –genkey –secret pfs.key 2975 ls keys 2976 cat keys/ca.crt 2977 cat OpenVPN-Server.crt 2978 cat keys/OpenVPN-Server.crt 2979 cat keys/OpenVPN-Server.key 2980 cat keys/dh4096.pem 2981 cat pfs.key 2982 md5 ~/Downloads/factory-to-ddwrt.bin 2983 md5 ~/Downloads/dlink-dir882-a1-webflash.bin 2984 ./build-key Client01 2985 ls keys 2986 cat keys/ca.crt 2987 cat keys/OpenVPN-Server.crt 2988 cat keys/OpenVPN-Server.key 2989 cat keys/dh4096.pem 2990 cat pfs.key

Just of dump of my command history.