Page 1 of 1

Help with DD-WRT

Posted: Tue May 02, 2017 9:50 am
by ddwrt-noob

I have an old Linksys WRT54Gv2 router running the latest beta of DD-WRT (build 31899, 4/24/2017). I'm trying to set this up as a dedicated VPN router. I have an ethernet cord connected to the Linksys' WAN port, running to a LAN port on my primary router. I changed the Router IP setting to put devices connected to the Linksys on a different subnet, but I'm not sure if this is correct or if there are also other settings I need to change for this setup.

I followed the DD-WRT howto (viewtopic.php?f=69&t=4298&hilit=dd+wrt) and am not having any luck connecting. When I visit the OpenVPN status page, everything is blank. Did I miss something? Or have some settings changed since this article was written?

Also, how do I know if I'm using the correct firewall settings?

Screenshots are attached, I'd appreciate any help! Thanks! :D

Re: Help with DD-WRT

Posted: Fri May 12, 2017 4:46 am
by uz-uz-uz
get ready for a lot of time wasted an no support.
or let me / us know how you did it.
I've had working configs stop working for no reason, spending hours after hours trying to figure out why.
after hoping to fix something by updating to the latest ddwrt i got the same empty status window that you got. that was using the exact same config, by the way.
sorry to be so discouraging...
Maybe there are no official config settings here, maybe I never found them or maybe CS don't care about ddwrt. I don't know, but it's a shame, since running CS on a router would just make so much sense...
Let's hope somebody throws out some official support for ddwrt one day - or presents a better alternative for a router-based logon.

Re: Help with DD-WRT

Posted: Sat Jul 01, 2017 11:03 pm
by cryptobob
Try switching LZO compression to disabled and using this in the config:

resolv-retry infinite
explicit-exit-notify 3
mssfix 1400
reneg-sec 0
hand-window 17
verb 4
mute 3
auth-user-pass /tmp/user.conf
ns-cert-type server
auth SHA512
cipher AES-256-CBC
key-method 2

Along with your choice of node, eg:

remote 443 udp
remote 443 udp
remote 443 udp
remote 443 udp

You could also try checking your token. If you see "has reached maximum number of sessions" you might want to grab another day/week token to check against, as I had a valid token working in the widget but not in dd-wrt.

Also, I would enter the DNS for your chosen node in all 3 DNS fields in the DNS settings and in your NIC settings if using windows with this router to avoid DNS leaks (Test with, or first to confirm you are using the VPN if you are paranoid)

This setup is currently working for me right now with the latest dd-wrt install for my router. If all else fails try a hard reset and reinstall the firmware and do another hard reset before changing settings. That has worked for me before also.

I will rescan through your settings and let you know if I spot anything else.

Re: Help with DD-WRT

Posted: Mon Jul 03, 2017 4:43 am
by Guest
Not sure which build you're using, but the kong build has been a bit buggy for several months- A blank status screen (or "wait" message) on the first attempt to turn on vpn, doesn't necessarily mean a bad config. Going back to service/vpn and hitting apply may fix things.

Another new thing that got screwed up in the last couple months is what appears to be an inconsistent race condition in startup- turn on logging and check for openvpn messages about user.conf or whatever you named you token/pass file, not existing. -if that's the case, you can fix by turning off the vpn, saving, rebooting, wait for full load, then turn the vpn back on. I think what's happening is that openvpn is running and asking for the user/pass file, before the start-up script actually creates it.

There's surely a way to make dd-wrt delay the openvpn startup- haven't taken the time to look into it myself.