DD-WRT is a great router operating system. It’s one of the few that supports OpenVPN. So, you can configure your DD-WRT router to connect to your LiquidVPN account. Then, every device connected to your router is also connected to the VPN. That’s pretty awesome. Plus, it’s perfect for home networks with lots of streaming devices.
The process isn’t very complicated, thanks to the great tools provided by both LiquidVPN and DD-WRT. It’ll only take a few minutes, so get yourself ready to get started.
Generate Your OpenVPN Configuration
DD-WRT is obviously fairly specialized for working as a router. Because of that, there isn’t a client available for DD-WRT. Don’t worry, though. LiquidVPN fully supports the OpenVPN client that DD-WRT already has.
DD-WRT is based on Linux, so you have to look at setting up your router like you’re setting up a Linux client for OpenVPN. In the Knowledgebase, you’ll find an excellent guide for creating a configuration. It’s accessible from your LiquidVPN account.
Set Static DNS
With your OpenVPN configuration file ready, you can start setting up DD-WRT. First, you need to tell DD-WRT to stop routing Domain Name Service traffic through your ISP’s servers. A VPN doesn’t do you much good if your ISP is still seeing every site you visit.
Under the Setup tab, go to the Basic Setup sub tab.
In the Network Setup section, make sure that both your Gateway and Local DNS are set to all zeros.
Set Static DNS 1 in the section below to 10.10.10.10, Static DNS 2 220.127.116.11 and Static DNS 3 to 18.104.22.168 . If you know any other LiquidDNS addresses, feel free to plug them into the other slots.
Below that, check Use DNSMasq for DHCP, Use DNSMasq for DNS, and DHCP-Authoritative.
You can’t connect to the LiquidVPN servers unless the clock in DD-WRT is correct. The easiest way to make sure that it’s always right is NTP.
If you’re still in Basic Setup, great. If not, get back there. At the bottom of the page, you’ll find the NTP settings.
Make sure that NTP Client is enabled. Then find the time zone that matches your actual timezone. Finally, pick, and NTP server from the list below that matches your location.
North America – 0.north-america.pool.ntp.org
United States – 0.us.pool.ntp.org
Canada – 0.ca.pool.ntp.org
Europe – 0.europe.pool.ntp.org
Germany – de.pool.ntp.org
Netherlands – nl.pool.ntp.org
United Kingdom – uk.pool.ntp.org
Switzerland – swisstime.ethz.ch
Asia – 0.asia.pool.ntp.org
Save your changes. Then apply them.
There’s no reason to enable IPv6 right now, and it’s a potential security risk. Information about you and your connection can slip out through IPv6. It’s best to disable it entirely.
Under the Setup main tab, click the IPV6 sub-tab. There’s a good chance that it’s already disabled. If it isn’t, click the Disabled radio button. Apply your change.
Configure The OpenVPN Client
This is the bulk of the setup. Click on the Services main tab. Then, move to the VPN sub-tab.
There are a couple of options there. You’re looking for OpenVPN Client. Switch the radio button over to Enabled. A big listing of choices pops open.
Before you dive in, find “Advanced Options” near the bottom, and enable it.
It might look like there’s a lot there, but it’s not too bad. You’re going to be copying over the information from your configuration file. It’s easiest to open it up next to your browser window, so you can see them both at the same time.
Start off with the IP address. Just copy the address itself over from the file. The number after the address is the port number. Put that in the field below the IP.
The Tunnel Device will start with “dev” in the configuration. It will probably be TUN. You’ll find the protocol at the end of the IP address line. It will either be UDP or TCP.
LiquidVPN uses the latest and most secure encryption. Input the AES-256-CBC Encryption Cipher and the SHA512 Hash Algorithm.
Next, enable User Pass Authentication. The fields for your LiquidVPN username and password will appear. These are the same username and password that you’d use to sign in to any of the custom clients.
This part might sound counter-intuitive, but you have to set TLS Cipher to “None.” The LiquidVPN servers will handle that part.
Now, set LZO Compression to “Adaptive,” and enable both NAT and Firewall Protection.
The last option that you need is nsCertType verification. Check the box.
Finally, you have to give DD-WRT the CA key and the TLS key. They’re the big balls of junk at the bottom of your config file. Don’t worry if you don’t have a TLS one. Not all server configurations do.
Copy the whole TLS(if you have it) into the TLS Auth Key box, and copy the whole CA into the CA Cert box.
That’s it! Scroll to the bottom, save, and apply your changes.
Add Firewall Rules
It’s a good idea to add some firewall rules to guarantee that your traffic gets routed properly. Also, it’ll help protect from potential intruders. It’s not that hard to do, anyway.
Head over to the Administration main tab. Find and click on the Commands sub-tab. Enter the commands below into the command box. You can just copy and paste.
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT iptables -I FORWARD -i tun0 -o br0 -j ACCEPT iptables -I INPUT -i tun0 -j REJECT iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
At the bottom of the page, click “Save Firewall.”
Click on the Management sub-tab. At the bottom of the page, find the big red button to reboot the router and click it.
After your router finishes restarting, you can make sure that everything is working right. LiquidVPN provides a site you can use to make sure everything is running the way you want.
If you want to try someone else’s test too, check out DNS Leak Test.
Check that your connection passes the tests. It should display the information related to the VPN, not your ISP. Hopefully, all goes well, and all the devices on your network will be using LiquidVPN! If not open a ticket and let us help you get connected. If you are not a LiquidVPN user sign up today and be the first 100 users to use code Blog25 for 25% off your subscription.