Tag Archives: openvpn

How to setup OpenVPN Client on DD-WRT with VPN.sh

VPN.sh is one of the most affordable and reliable VPN services out in the world of VPNs. Plans start at about £1/year, that’s dirt cheap. Now, most of us wants to be connected to the Internet via a VPN for various reasons. However, in today’s connected world, each person owns about 2-3 devices on average that always stay connected to the Internet in which case, you will have to setup a VPN client on each one of those and handle connections individually. It is ofcourse a pain in the ass. Hence the only solution is to connect the router itself to the VPN so that all the devices behind the router are sending out and receiving the traffic via the VPN automatically. This tutorial helps people looking forward to setup their DD-WRT router to connect to VPN.sh service.

Why VPN.sh? Why not my own OpenVPN on a VPS?

I have been playing around with OpenVPN on Low End VPS boxes for quite some time. So, I know what I’m saying. Here are the reasons why I prefer VPN.sh to my own setup of OpenVPN –

I frequently experiment with my VPS. So, more scope for service disruption. Although I can rebuild the complete VPN service in under 5 min, the sheer number of times I experiment and fail, thereby resulting in unavailability of VPN service leads to the feeling that I should obtain VPN services from a provider for a cost.

Having VPS boxes in multiple locations is going to be expensive. Because it is only you who use your service (or may be some family – who expects money from family for providing a no guarantee service?) paying for those boxes across various locations on the globe is very expensive. And as there are numerous customers like you using services like VPN.sh, it is fairly profitable for them to procure new locations.

A single Low End VPS would cost about $2/year on the minimum side. When a service provider like VPN.sh offers a fairly good deal for £1/year ($1.52/year), with guarantee of reliability and multiple locations, I would definitely go for it.

Now, the downside to this is that, the bandwidth is fairly limited. VPN.sh gives you about 150-250GB for this plan, while you may get upto a TB of bandwidth on a VPS for $2/year. But, who cares when all you need is to connect via a VPS to do some browsing stuff or make VoIP calls?

Why DD-WRT?

You are here, means that you know what you are upto. Hence, I don’t think I need to explain you the powerful features of DD-WRT. For the sake of this tutorial, let me say that it has got a OpenVPN client built in and it is fairly easy to connect to the VPN at router level.

A quick guide on how to setup DD-WRT on your router can be found here.

Setting up OpenVPN Client on DD-WRT

Now is the time to set that VPN connection on your router.

  1. Log in to the administrative interface of DD-WRT (usually http://192.168.1.1; Default Username: root; Default Password: admin)
  2. Setup your internet connection normally as you would on a router
  3. Go to Administration -> Commands
  4. Modify this script as mentioned in-line
  5. Paste the modified script into the Command textarea
  6. Save it as a Startup Script
  7. Reboot the router

This script is run at the time of router booting and a VPN connection is established with VPN.sh. Let me know if you have any troubles.

Creating your own VPN Server using OpenVPN

We all face the need for a proxy at one time or the other during our day-to-day Internet lives. To bypass the college firewall, access that websites which is not available in your country, to stream Netflix or other region specific streaming services and the list goes on. So, the question comes now is why should we create our own VPN service when you could buy from a service provider. The simple answer is it is economical to do it on your own if you wish to spend an 30 minutes of your weekend. You can also use the entire port speed of the server to yourself. Also, it feels good to have your own VPN server without having to depend on anyone else!

Let’s start by looking at what we need to implement this project. We would need a VPS with Ubuntu installed from a provider that allows private VPNs on their servers and Nyr’s OpenVPN auto-installer script for Debian based systems. This will get you started.

I recommend NanoVZ for various reasons. They offer 128MB (this is more than enough for our VPN server), 3GB HDD and a Gigabit link with 500GB bandwidth a month for just $3.80 (3 EUR) a year. Pretty cheap, isn’t it? Now, the reason why I prefer this to LowEndSpirit is because of the Gigabit port.

Go to NanoVZ Website and signup for this server.

NanoVZ.png

After successful payment, you will receive your order confirmation, payment receipt and server information. Look into the email carefully. You will see something like –

IPInfo.png

This service doesn’t come with a dedicated IPv4 address, one of the cost-cutting strategy, thereby keeping their operating costs minimum and offer you a VPS at such a low price. However, you will share an IPv4 address with many other clients on their server. You will get 20 ports of the public IPv4 address NAT’ed to your internal IP address and a port specifically mapped to your SSH port on internal IP.

Connecting to your VPS via SSH

In order to configure your server to run OpenVPN server, you first need to login into the server via SSH. Here comes the need of the SSH port on external IP that is mapped to your VPS. Download a program like PuTTY and login into [Public_IPv4]:[Mapped_Port]. In the above case, I will login into [Masked_Public_IP]:15100.

Enabling TUN/TAP

TUN and TAP are virtual network kernel devices in computer networking. For the OpenVPN server to work, we need to enable these for our server. To do this, you will have to login into your SolusVM panel, again, whose details are given in the email that you received with your order.

SolusVM_Details.png

TUN_TAP.png

Installing OpenVPN Server

This is a fairly simple task. I would first recommend updating your server to the latest packages before beginning with configuring your server for VPN.

Go ahead and run the update command –

apt-get update

Once that is done, you just need to run the Nyr’s auto-install script for OpenVPN.

wget git.io/vpn --no-check-certificate -O openvpn-install.sh; bash openvpn-install.sh

The installer will ask you for the IP on which OpenVPN has to listen to. Give your internal IP address here. Check the email for this IP.

Local_IP.png

Then it will ask you to furnish the port number. Make sure the port number you give here is in the range of ports NAT’ed for you. In my case it is 15101 to 15120.

Port.png

The installer will now ask if you would like to enable port 53 also. I would recommend this as a no because you will anyway not be able to use this port as it is not NAT’ed directly from the outside world.

Port_53.png

Now enter the client certificate name that you want to store it as. This is like the username you want to access the server with. If you plan to share this with friends and family members, name the certificates accordingly to be able to identify each user.

client_name.png

That’s all it needs. Just hit Return key to proceed. It takes a while to finish the installation and certificate generation. Get yourself a small break!

It then asks for the external IP and since we are NAT’ed, we need to give the external IP provided by NanoVZ in the email.

External_IP.png

That’s it. Your certificate will be available at /root/[certificate_name].ovpn. Download this certificate using any SFTP program like WinSCP and use it with your favorite OpenVPN Client. I will do a write-up on comparison between various OpenVPN clients soon.

Let me know how it goes!