Posts Tagged DD-WRT
DD-WRT is feature-rich alternative firmware for a large number of home router models. It adds a wonderful array of new features, VPN being one of them. This walkthrough will show you how to quickly and easily configure a PPTP VPN server on your DD-WRT-powered router, so you can connect to your home network from afar, create a secure tunnel so you can safely use a public Wifi point with your laptop, or secure your iOS or Android device.
Setting up the VPN Server
So here’s how to get started. First, you’ll need a build of DD-WRT supported by your router which includes the VPN software. If you’re doing this on an Internet connection which has an IP address that changes periodically (i.e. residential), you’ll likely want a Free DynDNS hostname to point to your IP address. You’ll also need a basic familiarity of networking.
For the remainder of this guide, I will assume your router’s internal (LAN) IP address is 192.168.1.1.
Start by going to http://192.168.1.1 and login to your router’s administration panel.
Go to Services > VPN and set PPTP Server to enable. After doing that, a few new options will appear. The only ones you need to set are Server IP, Client IP(s), and CHAP Secrets. Set them as follows:
Server IP: You can set this to your router’s LAN IP, i.e.
Client IPs: Set this to an IP range OUTSIDE your DHCP range (See Setup > Basic Setup to figure your DHCP range) A good example value would be
192.168.1.200-250 for clients to receive addresses within that range.
CHAP Secrets: This is the username/password combinations for your VPN clients. Format is:
myname * mypassword *
Neither the username nor password can contain spaces, and must be all-lowercase.
You’re done with this page; Click Apply Settings.
Now go to Security > VPN Passthrough and make sure PPTP is set to Enabled. Click Apply Settings if you had to change the setting.
You should now be able to connect to your VPN using your Windows, Mac, or Linux computer by setting up a PPTP connection to your public (WAN) IP or hostname.
Can’t get connected? First, try setting up your connection to the router itself, using the LAN IP (192.168.1.1). If that works, then the VPN server is set up correctly; the problem is likely on the WAN side. Keep reading for suggestions. If you weren’t able to get connected, go back to the top and double-check your settings.
You may need to make the following settings adjustment if you are having trouble connecting specifically from your iOS device running iOS 4.3 or above. Go to Administration > Commands and paste the following in the box. Click Save Startup.
#!/bin/sh echo "nopcomp" >> /tmp/pptpd/options.pptpd echo "noaccomp" >> /tmp/pptpd/options.pptpd kill `ps | grep pptp | cut -d ' ' -f 1` pptpd -c /tmp/pptpd/pptpd.conf -o /tmp/pptpd/options.pptpd
(Source: DD-WRT Wiki)
If you can connect from the LAN side, but are still having trouble connecting from the WAN side, it’s likely your ISP or your gateway device (modem) is blocking the needed GRE protocol or the needed PPTP port or traffic. Contact your ISP for further assistance.
Do you have any experience or tips to share regarding VPN connections to a DD-WRT-powered router, or any suggestions in addition to the above? Please feel free to share them in the comments below. Thank you!
If you’re using DD-WRT on your router you may find that certain wireless configurations cause the wireless clients to either be unable to connect or drop connection. This seems to be the most noticeable on Windows 7 systems, but likely happens on other systems as well. Note that I did not observe this at all on a Linux-based system and I’m completely unable to explain why. Perhaps a difference in the wireless stacks between Windows and Linux highlights this issue.
Issues related to this include not being able to connect to the wireless AP, instead receiving a message such as “The access point did not allow the connection” or something similar (Apologies, I don’t have the exact error message.), and losing wireless connection to the network or AP, even though it is still shown in the list of wireless networks.
This appears to be related to the wireless security settings, specifically the settings for security mode and WPA algorithm. See the following screenshot:
Having the security mode set to WPA2 Personal Mixed and the algorithm set to TKIP+AES appears to cause the problem.
According to the DD-WRT help:
This mode allows for mixing WPA2 and WPA clients. If only some of your clients support WPA2 mode, then you should choose WPA2 Mixed. For maximum interoperability, you should choose WPA2 Mixed/TKIP+AES.
So, according to this, it should work — but it doesn’t seem to work quite as advertised. Instead, this is the recommended setup as long as all your wireless clients support WPA2:
Security mode set to WPA2 Personal and algorithm set to AES only appeared to completely solve the problem.
For the curious, this is DD-WRT v24-sp2 (08/12/10) mega (SVN revision 14929), the current recommended build.