amuck-landowner

Your own OpenVPN WLAN

wlanboy

Content Contributer
I do have some devices where I am not able to install an OpenVPN client. But I want to use an US IP for these devices. You might think that the only way to get an US IP is to root/patch the devices.

The more elegant way is to have a device that is doing the OpenVPN client job.

Therefore I bought a cheap second router (30$) and installed dd-wrt on it.

If you log into the web interface you can go to the section:

Services -> VPN -> OpenVPN Client

Enter Server IP, Port, Tunnel Protocol (UDP), Tunnel Device (TUN), Encryption Cipher (Blowfish CBC), Hash Algorithm (SHA1), Use LZO Compression (enabled) and NAT (enabled).

Afterwards you can enter (copy/paste):

  • CA Cert
  • Public Client Cert
  • Private Client Key
On some routers you have to add following command to enable masquerading:

Go to Administration -> Commands

enter:


iptables -t nat -A POSTROUTING -j MASQUERADE

and press the "Save firewall" button.


That's it. Restart the second router.

Now all internet traffic of this router is forwarded through the OpenVPN tunnel.

Every devices connected to this router (LAN  or WLAN) does not even know that it is using an OpenVPN tunnel. It is just using on US IP (depends on the localtion of your vps).

I plugged my second router right into the network of my first router.

This can be done through setting the connection type to "Automatic configuration - DHCP" on the submenu: Setup -> Basic Setup. This ensures that the second router is using the internet connection of the first router to establish his own OpenVPN connection.
 

drmike

100% Tier-1 Gogent
Seriously good how to here and it seems oh so simple.  This will help lots of people (censorship, monitoring, sensitive info, viewing Hulu, etc.)

You have my thanks!
 

HalfEatenPie

The Irrational One
Retired Staff
Yep, I have this for my home connection.  Works perfectly.  Unfortunately for my specific model it's mutually exclusive with IPv6.  So it's either get OpenVPN working on my router side or get IPv6.  
 
Top
amuck-landowner