Posts Tagged DD-WRT

Set up an encrypted VPN using DD-WRT

DD-WRT is feature-rich alternative firmware for a large number of home router models. It adds a wonderful array of new features, VPN being one of them. This walkthrough will show you how to quickly and easily configure a PPTP VPN server on your DD-WRT-powered router, so you can connect to your home network from afar, create a secure tunnel so you can safely use a public Wifi point with your laptop, or secure your iOS or Android device.

Setting up the VPN Server

So here’s how to get started. First, you’ll need a build of DD-WRT supported by your router which includes the VPN software. If you’re doing this on an Internet connection which has an IP address that changes periodically (i.e. residential), you’ll likely want a Free DynDNS hostname to point to your IP address. You’ll also need a basic familiarity of networking.

For the remainder of this guide, I will assume your router’s internal (LAN) IP address is 192.168.1.1.

Start by going to http://192.168.1.1 and login to your router’s administration panel.

Go to Services > VPN and set PPTP Server to enable. After doing that, a few new options will appear. The only ones you need to set are Server IP, Client IP(s), and CHAP Secrets. Set them as follows:

Server IP: You can set this to your router’s LAN IP, i.e. 192.168.1.1

Client IPs: Set this to an IP range OUTSIDE your DHCP range (See Setup > Basic Setup to figure your DHCP range) A good example value would be 192.168.1.200-250 for clients to receive addresses within that range.

CHAP Secrets: This is the username/password combinations for your VPN clients. Format is:
username*password*
Example:
myname * mypassword *

Neither the username nor password can contain spaces, and must be all-lowercase.

You’re done with this page; Click Apply Settings.

Now go to Security > VPN Passthrough and make sure PPTP is set to Enabled. Click Apply Settings if you had to change the setting.

You should now be able to connect to your VPN using your Windows, Mac, or Linux computer by setting up a PPTP connection to your public (WAN) IP or hostname.

Troubleshooting

Can’t get connected? First, try setting up your connection to the router itself, using the LAN IP (192.168.1.1). If that works, then the VPN server is set up correctly; the problem is likely on the WAN side. Keep reading for suggestions. If you weren’t able to get connected, go back to the top and double-check your settings.

iOS-Specific changes

You may need to make the following settings adjustment if you are having trouble connecting specifically from your iOS device running iOS 4.3 or above. Go to Administration > Commands and paste the following in the box. Click Save Startup.

#!/bin/sh
echo "nopcomp" >> /tmp/pptpd/options.pptpd
echo "noaccomp" >> /tmp/pptpd/options.pptpd
kill `ps | grep pptp | cut -d ' ' -f 1`
pptpd -c /tmp/pptpd/pptpd.conf -o /tmp/pptpd/options.pptpd

(Source: DD-WRT Wiki)

If you can connect from the LAN side, but are still having trouble connecting from the WAN side, it’s likely your ISP or your gateway device (modem) is blocking the needed GRE protocol or the needed PPTP port or traffic. Contact your ISP for further assistance.

Do you have any experience or tips to share regarding VPN connections to a DD-WRT-powered router, or any suggestions in addition to the above? Please feel free to share them in the comments below. Thank you!

Advertisements

, , , , , , , , , ,

Leave a comment

Intermittent wireless connection and disconnects with DD-WRT and Windows 7

If you’re using DD-WRT on your router you may find that certain wireless configurations cause the wireless clients to either be unable to connect or drop connection. This seems to be the most noticeable on Windows 7 systems, but likely happens on other systems as well. Note that I did not observe this at all on a Linux-based system and I’m completely unable to explain why. Perhaps a difference in the wireless stacks between Windows and Linux highlights this issue.

Issues related to this include not being able to connect to the wireless AP, instead receiving a message such as “The access point did not allow the connection” or something similar (Apologies, I don’t have the exact error message.), and losing wireless connection to the network or AP, even though it is still shown in the list of wireless networks.

This appears to be related to the wireless security settings, specifically the settings for security mode and WPA algorithm. See the following screenshot:

ddwrt_wpa_mixed

Having the security mode set to WPA2 Personal Mixed and the algorithm set to TKIP+AES appears to cause the problem.

According to the DD-WRT help:

WPA2 Mixed
This mode allows for mixing WPA2 and WPA clients. If only some of your clients support WPA2 mode, then you should choose WPA2 Mixed. For maximum interoperability, you should choose WPA2 Mixed/TKIP+AES.

So, according to this, it should work — but it doesn’t seem to work quite as advertised. Instead, this is the recommended setup as long as all your wireless clients support WPA2:

ddwrt_wpa

Security mode set to WPA2 Personal and algorithm set to AES only appeared to completely solve the problem.

For the curious, this is DD-WRT v24-sp2 (08/12/10) mega (SVN revision 14929), the current recommended build.

, ,

Leave a comment

Cooling the Linksys E3000

A short time back I was shopping around for a new router. After some comparison shopping I decided on the Linksys E3000. (UPDATE: Read more on this at Cooling the Linksys E3000 – Part 2 – Inside the box)

However, I was having issues with my Wii randomly dropping off the wireless network. I started troubleshooting and accidentally happened on something that bothered me: This router got HOT. By hot I mean I checked it with my infrared thermometer and I got a reading of 61C from the bottom of the router. That’s well above it’s operational temperature rating of 40C.

First, a note on my configuration:

  • DD-WRT v24-sp2 (12/19/10) big (e2k-e3k)
  • 2.4ghz  and 5ghz access points, both in use
  • A single gigabit device on the wired lan.

I had a good deal of network activity going at the time, so I took most of the devices off the network, powered off the router for about 5 minutes, turned it back in and checked again. No measurable difference in temperature after about a  minute of operation.

My concern was that the router was simply too hot to continue operating like this. I was afraid of chipset failure.

I started in on a mod idea, with a couple of points:

  • The router needed to be cooled quietly
  • The router needed to be cooled in a way that wouldn’t void the warranty in case I ended up RMAing it.

I initially thought of driving a fan from the DC-in connector, but the barrel shape made it difficult to come up with a clean mod, and at 12 volts, it could get a little noisier than I wanted it to be. I wasn’t using the USB port, and that’s an easy 5v supply to a fan, clean and easy.

So I started with a simple USB-to-fan cable. Pulling the 5v supply off the USB port and to a fan connector was easy, and after a quick check with the multimeter said it was good to go. It worked great, but I found out that unfortunately none of the fans I had lying around ran at 5v; they were all 12v fans. I would have to buy a fan for this.

I figured a 120mm fan would give me good air flow at a low noise rate, along with covering most of the bottom of the router. A quick search turned up a Coolerguys 120mm USB fan. A 5v fan with a USB connector to boot. Oh well, I still get to keep my cable for another project :)

So I ordered the fan. It arrived quickly (not quickly enough, I was impatient! ;) ), and I started in on making it look nice.

Removing the grill from the fan was the first step, and it came off easily with a #2 Philips screwdriver.

I had some adhesive foam feet lying around from something else, and cutting them in half and stacking three gave me a nice fit with the finished feet measuring 25x20x28mm.

I added some 4mm rubber feet to the bottom of the fan to give it intake room, and test fitted it. It couldn’t have worked out better. The fan fit neatly under the router and ran quietly — I could barely hear it even when the room was completely quiet. The 4mm rubber feet allowed enough intake room under the fan, even though the fan could have easily moved more air with more of an intake space.

The result? A reading of 30CThat’s a 31C drop in surface temperature! Of course, if you do this, make sure the fan is blowing up into the bottom of the router; not down.

The Wii? As it turns out, it was in a spot where it got terrible signal to begin with. A wired adapter fixed it’s issue.

My thought at the end of this was “Why didn’t Linksys consider something like this from the beginning?” followed by “How soon until our home networking equipment has to be fan cooled?

Here’s all the photos from the mod project:

Have a Linksys E3000? Have your own cooling mod idea to share? Please feel free to share your thoughts in the comments below!

, ,

Leave a comment