OpenVPN client on a DD-WRT router using VPN.ht

Hello readers,

I’ve finally bit the bullet and actually decided to get a VPN tunnel to protect my privacy. Sucks that one must resort to doing so in today’s world, but it is what it is. In order to get it to work, it took me some time, but as I write this, my data is sent across to some random part of the world.

I’m using “DD-WRT v24-sp2 (12/22/14) std – build 25697” on a “TPLINK TL-WDR4300 v1”. So far I have no problems whatsoever with the router and DD-WRT. In fact I’ve even made an addition to the router so that you can monitor live who is on your network and how much bandwidth they are using. You can get it here on my github.

Let’s get on with the VPN configuration. You’ll need a file from their website. You can find it in their instructions for Linux->Ubuntu(OpenVPN) or here. In that ZIP file, you’ll only need the vpnht.opn file. On your DD-WRT router, on the Setup->Basic setup page, set:
Static DNS 1 = 4.2.2.1
Static DNS 2 = 4.2.2.2
Static DNS 3 = 4.2.2.3
Use DNSMasq for DHCP = No
Use DNSMasq for DNS = No
DHCP-Authoritative = No (it should get greyed out)

On the Services->Services page, set:
DHCP Server->Used Domain = LAN & WAN (Not 100% sure it’s necessary)
DNSMasq->DNSMasq = Enable
DNSMasq->Local DNS = Enable
DNSMasq->No DNS Rebind = Enable

Lastly on the Services->VPN tab, set:
OpenVPN Client->Start OpenVPN Client = Enable
OpenVPN Client->Server IP/Name = hub.vpn.ht
OpenVPN Client->Port = 1201
OpenVPN Client->Tunnel Device = TUN
OpenVPN Client->Tunnel Protocol = UDP
OpenVPN Client->Encryption Cipher = AES-128-CBC
OpenVPN Client->Hash Algorithm = SHA1
OpenVPN Client->User Pass Authentication = Enable
OpenVPN Client->Username = <Your Username at VPN.ht>
OpenVPN Client->Password = <Your Password>
OpenVPN Client->Advanced Options = Enable
OpenVPN Client->TLS Cipher = TLS-RSA-WITH-AES-128-CBC-SHA
OpenVPN Client->LZO Compression = Yes
OpenVPN Client->NAT = Enable
OpenVPN Client->Firewall Protection = Enable
OpenVPN Client->TLS Auth Key = <From the “TA” section of the vpnht.ovpn file they give you>
OpenVPN Client->CA Cert = <Form the “CA” section of the vpnht.ovpn file they give you>

The rest you can leave empty/default. Finally, click “Apply Settings” at the bottom of the page. On the Status->OpenVPN page, you should check to see if everything’s all set up properly. If you see a line that says “Initialization Sequence Completed” in the Log, and in the State it says “CONNECTED SUCCESS” then you should be good to go. Periodically it’s good to check myip.ht or whatismyip.com to make sure you’re still protected.

One funky thing that happened is that I no longer am able to SSH to my school computers. I’m able to SSH to other machines on the web, just not ones from my school while I’m on the VPN. It must be some configuration thing on their end. Hopefully I’ll get it sorted out. Turns out my school does port 22 filtering based on IP address. Who knew?

Update: If you have services that you want to work and ports forwarded through your firewall, you’ll have to make sure to set up Policy Based Routing. Basically it’s like this: any machine that you want going through the VPN, you’ll have to add their IP address to the Services->VPN->OpenVPN Client->Policy Based Routing list. I only have a couple ports open to a server or two. So I added every IP address on my subnet (yes all ~250 of them) to the list. I wrote a quick Perl script to generate them:
#!/usr/bin/perl -w
use strict;

for(my $i = 2; $i < 255; $i++) { print “192.168.0.$i\n”; }

That should save you some typing. Then save the output to a file, and remove any IP addresses of a server you want to forward ports to.

Hope this helps someone.

-András Fekete

Liked it? Take a second to support me on Patreon!

6 thoughts on “OpenVPN client on a DD-WRT router using VPN.ht

  1. Hey great tutorial but for some reason my dd-wrt openvpn client service section doesn’t provide a “User Pass Authentication” option. I’m using a Linksys E1000 v1.

      1. I’m using DD-WRT v24-sp2 (03/25/13) vpn-small, I’m think my router has a 4MB limitation. Just trying to figure out if there is an other way of connecting to my VPN provider (vpn.ht). I tried both command line and GUI…
        Thank you for the quick reply

        1. My suspicion then is in that particular version, they took out the VPN client feature since most people use the VPN server on their routers. Alternatively take a look at PPTP for connecting to VPN.ht.

          1. Thank you András, thats what i was going to try next. There site is under maintenance right now. Also I didn’t see anything specific to ddwrt pptp setups. Can you share a link if possible?

            Thanks again

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.