Running a OpenVPN server on a Linksys WRT54G PDF Print E-mail
Wednesday, 07 June 2006

This howto describes how to run a OpenVPN server with certificate authentication on a Linksys WRT54G with the custom dd-wrt firmware .

First you need to install dd-wrt on your linksys router by just following this guide: http://wrt-wiki.bsr-clan.de/index.php?title=Installation

you need at least dd-wrt firmware: DD-WRT v23 SP1 Final (05/30/06) vpn or any newer vpn build...

after the installation of the dd-wrt firmware you can continue with the openvpn setup:

Basically this is what you need to do:

1) Create all the certificates an keys you need (should be done one a client with full openvpn installation): basically you follow this guide: http://openvpn.net/howto.html#pki

afterwards you should have the following files: 

ca.crt
ca.key
dh{n}.pem
server.crt
server.key
client1.crt
client1.key
client2.crt
client2.key


2) now the rc_startup script for dd-wrt: 

openvpn --mktun --dev tap0
brctl addif br0 tap0
ifconfig tap0 0.0.0.0 promisc up
echo "
-----BEGIN CERTIFICATE-----
...INSERT YOUR OWN CONTENT HERE...
-----END CERTIFICATE-----
" > /tmp/ca.crt
echo "
-----BEGIN RSA PRIVATE KEY-----
...INSERT YOUR OWN CONTENT HERE...
-----END RSA PRIVATE KEY-----
" > /tmp/server.key
chmod 600 /tmp/server.key
echo "
-----BEGIN CERTIFICATE-----
...INSERT YOUR OWN CONTENT HERE...
-----END CERTIFICATE-----
" > /tmp/server.crt
echo "
-----BEGIN DH PARAMETERS-----
...INSERT YOUR OWN CONTENT HERE...
-----END DH PARAMETERS-----
" > /tmp/dh1024.pem
ln -s /usr/sbin/openvpn /tmp/myvpn
sleep 5
/tmp/myvpn --dev tap0 --tls-server --ca /tmp/ca.crt --cert /tmp/server.crt
 --key /tmp/server.key --dh /tmp/dh1024.pem --comp-lzo --port 44044
 --proto tcp-server --mode server --client-to-client --keepalive 15 60 
 --verb 3 --daemon

the last four lines must be written in one line...

3) now add the following to your rc_firewall script for dd-wrt: 

/usr/sbin/iptables -I INPUT -p tcp --dport 44044 -j ACCEPT

this allows connections from the outside to the openvpn server

4) Change the "...INSERT YOUR OWN CONTENT HERE..." with the content from the files you created in step 1

5) Use the web method to set the rc_firewall and the rc_startup script on the router. See this: http://wrt-wiki.bsr-clan.de/index.php?title=Startup_Scripts

6) reboot your router. Login with ssh/telnet and check that "myvpn" is running (ps | grep vpn)

7) Create an openvpn config file on your client-computer with the content from below. You need to replace the "XXXX.dyndns.org" with your router's internet address (or a dynamic dns hostname pointing to that address). Code: 

tls-client
dev tap
proto tcp-client
remote XXXX.dyndns.org 44044
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
tls-auth ta.key 1
comp-lzo
verb 3

8) try to connect

That should do it. (i have tested this on Firmware: DD-WRT v23 SP1 Final (05/30/06) vpn)

If everything is ok you should get an IP address from your router when you connect and that IP address will be in your internal LAN so now you just connect to your home PC the same way you would do it from inside your LAN.

Last Updated ( Wednesday, 07 June 2006 )
 
Next >
© 1999 - 2009 Gerald Haider, Vienna . All trademarks and copyrights on this page are owned by their respective owners.