JaiZBlog

"If you have an apple and I have an apple and we exchange these apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas." ...GBS

Subscribe
19 April 2012

Site to Site OpenVPN using DD-WRT - Step by step

Posted by Jaisal Abdurrahman

A virtual private network (VPN) is a secure connection between one LAN and another. Think of your router as the middle man between the networks that you’re connecting to.Typically, VPN software and hardware cost a lot  to implement.

OpenVPN is an open-source VPN solution that is free. DD-WRT, with OpenVPN, is a perfect solution for those who want a secured connection between two networks.It is a great tool to connect branches  or easy access your home network from anywhere in the world.Using DD-WRT, you can  configure OpenVPN within minutes.

In newer DD-WRT build,there is no more start up scripts and firewall scripts like old DD-WRT builds.Its much easy to install and configure.Below is the step by step guide to configure OpenVPN over DD-WRT.

This Guide assumes that  you are already familiar with installing DD-WRT on a compatible router . i am not going through.

Here i have used Cisco E2000 with DD-WRT v24-sp2 (04/07/12) vpn - build 18946M as VPN router and Cisco E1000 with DD-WRT v24-sp2 (04/07/12) vpn-small - build 18946M as VPN client.
The reason to have vpn-small build on E1000 is that, its only support 4MB flash.

Network scenario in this guide as below:


Server Side Network:192.168.1.0/24
Client Side Network: 192.168.11.0/24 and 192.168.10.0/24 ( for software OpenVPN Client)
VPN Tunnel Network : 172.16.1.0
E2000 (VPN Server) IP address : 192.168.1.1
E1000 (VPN Client) IP address  : 192.168.11.1
VPN Sever Tunnel IP Address : 172.16.1.1

Firs of all we have to prepare Certificates and Keys using OpenVPN Software.You can download OpenVPN Windows GUI from here and follow this instruction to create Certificates and Keys.

Configuring VPN server Router:

This guide assumes that you have already updated firmware of E2000 to DD-WRT build 18946M.The basic idea now is to copy the server certificates and keys we made earlier and paste them into the DD-WRT OpenVPN Daemon menus. Open your browser and navigate to your router.Go to Servives -VPN and click the Enable radio button under OpenVPN Server/Daemon.


Configure as below.You may change your configuration as per your scenario.





Now we to need our server keys and certificates we created earlier. In Windows Explorer, navigate to C:\Program Files (x86)\OpenVPN\easy-rsa\keys on 64-bit Windows 7 (or C:\Program Files\OpenVPN\easy-rsa\keys on 32-bit Windows 7). Open each corresponding file below (ca.crt, server.crt, server.key, and dh1024.pem) with Notepad and paste the contents in the corresponding boxes as seen below.insert "Additional config" as below and leave all other boxes blank.

  
  
Save and Apply settings.Now go to Administration - Commands and save the below to Start up Script

mkdir -p /tmp/openvpn/ccd
echo "iroute 192.168.11.0 255.255.255.0" > /tmp/openvpn/ccd/"CN of Client1"
echo "iroute 192.168.10.0 255.255.255.0" > /tmp/openvpn/ccd/"CN of Client2"
 
Note that you must change "CN of Client1" and "CN of Client1" to your exact common name without quotes which you are used when creating certificates.

Enter below and Save Firewall 

iptables -t nat -A POSTROUTING -j MASQUERADE 

Setting UP OpenVPN Client.


This guide will continue soon  ........