[EN] OpenVPN: DD-WRT (experimental)

How to setup Arethusa VPN on DD-WRT:

This document was written using DD-WRT v24-sp2 vpn (revision 13064), on a Linksys WRT54GL 1.1.

Install the most recent recommended version of DD-WRT for your router. Choose the VPN flavor. It must have openvpn 2.1.
Configure the router according to your needs, without the VPN for the moment. Make sure that the time and date are set correctly.

Go to Services -> VPN.
Enable OpenVPN Daemon (not client).
Choose Start type: Wan up.
Open "arethusa-ca.crt" with any text editor, select all the text and paste it in "Public Server Cert".
In "Private Client Key", enter the username for this tunnel on the first line, and the password on the second line.

Open "arethusa.ovpn" with any text editor, select all the text and paste it in "OpenVPN Config". You can remove all the commented lines to save some space.
Then, do the following modifications:

Replace the line: "ca arethusa-ca.crt" with:
ca /tmp/openvpn/ca.crt

Replace the line: "auth-user-pass" with:
auth-user-pass /tmp/openvpn/key.pem

Click on "Apply Settings".

Go to Administration -> Commands.

Enter these 3 lines in "Commands":
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
iptables -A POSTROUTING -t nat -o tun0 -j MASQUERADE

Click on "Save Firewall".

That's all ! All internet activity should go through the VPN now.

There are two major problems with this setup:

- DD-WRT automatically add a firewall rule to make its administration interface available through the VPN public IP. There is no option to disable this behavior. So make really sure to secure your admin interface, or add a few scripts to adjust the firewall.
- The CPU of this router can't crypt/decrypt faster than ~ 300 KB/s. This is a problem if your internet connection is faster than that.

This document is provided as-is, with no warranty and no support. Try this at your own risk.

