DD-WRT is a custom firmware for routers, it offers OpenVPN protocol support and is available on a wide variety of routers. You can check if your router supports DD-WRT firmware here. An article on how to install DD-WRT firmware on a router can be found here.
This is a tutorial on how to set up an OpenVPN connection on your DD-WRT router using the OpenVPN client UI.
It has been made using this configuration:
Firmware: DD-WRT v3.0-r27520M (07/17/15) kong
Hardware: Netgear WNR3500L v2
1. In the DD-WRT Administrative Interface, navigate to Setup > Basic Setup. Under Network Address Server Settings (DHCP), set these NordVPN DNS addresses:
Static DNS 1 = 18.104.22.168
Static DNS 2 = 22.214.171.124
Static DNS 3 = 0.0.0.0 (default)
Use DNSMasq for DHCP = Checked
Use DNSMasq for DNS = Checked
DHCP-Authoritative = Checked
Then, Save and Apply settings.
If you're setting up two routers, you should change the second router Local IP address to be different than the main router's. (In this case main router's IP is 192.168.1.1, while the one we're connecting to NordVPN server is accessible via 192.168.2.1)
2. Navigate to Setup > IPV6. Set IPv6 to Disable, then Save & Apply Settings.
(this is a recommended step to make sure you get no IP leaks)
3. Navigate to Service > VPN. Under OpenVPN Client, set Start OpenVPN Client = Enable, to see the options necessary for this configuration. Then set the following:
Server IP/Name = For the sake of the tutorial, we have used us936.nordvpn.com, but you should connect to a server suggested to you at https://nordvpn.com/servers/tools/ – click on the "Show available protocols" and download UDP or TCP configuration file which you will need to use later (steps 6-9). You can find the server hostname right under the server title.
Port = 1194 (or 443 for TCP)
Tunnel Device = TUN
Tunnel Protocol = UDP (or TCP)
Encryption Cipher = AES-256-CBC
Hash Algorithm = SHA-512
User Pass Authentication = Enable
Username, Password = Your NordVPN credentials
Note: If the Username and Password fields are missing, fill in the remaining fields and proceed to step 3.1
Advanced Options = Enable (this will enable additional options)
TLS Cipher = None
LZO Compression = Disable
NAT = Enable
The options not mentioned in this guide should be kept with default values.
3.1. (Optional, depending on step 3) If the Username and Password fields are missing, go to Administration > Commands, and enter this code:
echo "YOURUSERNAME YOURPASSWORD" > /tmp/openvpncl/user.conf /usr/bin/killall openvpn /usr/sbin/openvpn --config /tmp/openvpncl/openvpn.conf --route-up /tmp/openvpncl/route-up.sh --down-pre /tmp/openvpncl/route-down.sh --daemon
Replace YOURUSERNAME and YOURPASSWORD with your respective NordVPN account credentials. Click Save Startup, and return to the previous VPN tab.
4. In Additional Config box either enter or copy/paste these commands:
remote-cert-tls server remote-random nobind tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 persist-key persist-tun ping-timer-rem reneg-sec 0 #log /tmp/vpn.log #Delete `#` in the line below if your router does not have credentials fields and you followed the 3.1 step #auth-user-pass /tmp/openvpncl/user.conf
5. Open the OpenVPN configuration you have downloaded in Step 3 in any text editor file of your preference (preffered WordPad or Notepad++ as regular notepad does not have the correct formatting.
6. When you open the .ovpn file of the server you chose to use (in our case, us936_nordvpn_com.udp.ovpn) with a text editor, you should see the <ca> part of the file (do NOT copy the <ca> and </ca> tags):
7. Copy its contents into the CA Cert field. Be sure the entire text gets pasted in, including
—–BEGIN CERTIFICATE—– and —–END CERTIFICATE—– lines.
8. Now get back to the configuration file and scroll down to the <tls-auth> part. Copy the contents of the TLS Key:
9. Copy its contents into the TLS Auth Key field. Be sure the entire text gets pasted in, including
—–BEGIN OpenVPN Static key V1—– and —–END OpenVPN Static key V1—– lines.
10. After entering all this data, Save and Apply Settings.
11. To Verify the VPN is Working, Navigate to Status > OpenVPN
Under State, you should see the message: Client: CONNECTED SUCCESS.
Optional Kill Switch set up (for advanced users):
To create a kill-switch, you can go into Administration > Commands, and enter this script:
WAN_IF=`nvram get wan_iface` iptables -I FORWARD -i br0 -o $WAN_IF -j REJECT --reject-with icmp-host-prohibited iptables -I FORWARD -i br0 -p tcp -o $WAN_IF -j REJECT --reject-with tcp-reset iptables -I FORWARD -i br0 -p udp -o $WAN_IF -j REJECT --reject-with udp-reset
Then select Save Firewall, Go into Administration > Management > Reboot router.