HOWTO configure a Router with DD-WRT Firmware for using it as VPNClient - for example with vpntunnel.se.

A) Router 1. Get the right firmware from www.dd-wrt.com. It must be the right one for your router (i.e. D-Link, Linksys, Ovislink. Airlink, Netgear). 2. Be sure the downloaded firmware includes support for openvpn. There are different versions available. 3. Flash your router with the firmware and reset it ro factory defaults. 4. Configure the router for your needs.

B) Encryption key Download the encryption server key for your openvpn provider. At vpntunnel.se you can download it after registration. The key is named ca.crt and is a normal textfile.

C) Configure your router

Open the file ca.crt with a text editor and copy the complete key (including ---Begin Certificate---) into the field for the public server cert. See all other parameters above.

Go Administration/Commands tab.

Enter the following and press the Save Startup button: sleep 30 echo "USERNAME PASSWORD" > /tmp/openvpncl/user.conf sleep 10 echo "client dev tun proto udp hand-window 30 port 1195 remote 95.211.83.10 #lisa.vpntunnel.se resolv-retry infinite nobind persist-key persist-tun ns-cert-type server cipher BF-CBC comp-lzo verb 3 reneg-sec 0 ca /tmp/openvpncl/ca.crt auth-user-pass /tmp/openvpncl/user.conf" > /tmp/openvpncl/vpn.conf ( sleep 10 ; killall openvpn ; /usr/sbin/openvpn --config /tmp/openvpncl/vpn.conf --auth-user-pass /tmp/openvpncl/user.conf --route-up /tmp/openvpncl/route-up.sh --down /tmp/openvpncl/route-down.sh --daemon ) &

You can copy and paste the commands from here to avoid any mistake. You MUST change USERNAME and PASSWORD in your username and password (i.e. Supersucker and mysecret123). Also it may be necessary to change the IP 95.211.83.10 into the right one. It is also possible to delete the ip and to use the name of the server (without the # - i.e. remote myserver.com). Enter the following commands and press the Save Firewall button: iptables -I FORWARD -i br0 -o tun0 -j ACCEPT iptables -I FORWARD -i tun0 -o br0 -j ACCEPT iptables -I INPUT -i tun0 -j REJECT iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE You can copy and paste this also from here.

Now you should see the following:

Now it is necessary to reboot the router. You can do this as follows. Go to the Administration Tab and select then the Management Tab. At the bottom you will find this selection:

Select the style brainslayer, press the button Preview and after that you can select the button Reboot on the left side:

You can also reboot the router by pressing the button directly on the router or you can reset it by getting it without power plug it off and on. 60-90 seconds after the reboot of your your router it will use the vpntunnel for ALL traffic from and to the internet. Be aware: some servers are blocking IPs from vpntunnel.se. You can check this whith: http://www.ip-adress.com/IP_adresse/ Compare it with the IP address shown in you router:

The IPs (the WAN IP from the router and the IP shown from the website) should be different. IF you change any configuration option in the router the vpn-connection will be lost. So after changing ANYTHING you must reboot yout router or go to the commands tab and enter: killall openvpn Press the Run commands button /usr/sbin/openvpn --config /tmp/openvpncl/vpn.conf --auth-user-pass /tmp/openvpncl/ user.conf Press the Run commands button again.

If it does not work: dd-wrt is an standard linux. So you can login with telnet or ssh (i.e. telnet 192.168.1.1) (root / password) and check what happens. ps shows all running processes. If you can not see openvpn there must be a failure to start it. So try to start it manually (/usr/sbin/openvpn --config /tmp/openvpncl/vpn.conf --auth-userpass /tmp/openvpncl/user.conf) and see what happens. D) Setting DNS Most of the users will have problems to access the internet because there are problems with the Domain name service using a vpntunnel. You have to set a DNS manual at your computer. For windows: start settings control panel select network connections select the right network connection and click with right mouse button select properties select Internet protocol (TCP/IP) press button properties enter the IPs for DNS (Use the following DNS server addresses:)

There are many servers available. I suggest to use 10.8.0.1 first and extra one of the following IPs: 217.237.150.188 / 194.97.109.1 / 212.7.148.65 / 130.149.4.20 194.25.2.130 / 165.76.16.2 / 193.193.158.10 / 204.152.184.76 Now it should work.