Create your own VPN server with DD-WRT

By Wi-Fi Planet staff

May 31, 2010

Virtual private networks (VPNs) aren’t just for corporate networks. You can set up your own VPN server at home or in a small office using a wireless router and a free open source DD-WRT.

Virtual private networks (VPNs) aren’t just for corporate networks. You can set up your own VPN server at home or in your small office. Use it to securely connect to your network when you are away to access your network shares and computers. You may also find it useful when you are on public networks or Wi-Fi hotspots, to secure your traffic from local eavesdroppers.

One way to quickly set up a simple VPN server is to load DD-WRT on your router, if it is compatible. DD-WRT is a firmware replacement. It replaces the factory brain of your router, giving it a new control panel with more features, like a VPN server. You can check the compatibility of your router here.

In this article, we’ll walk through the process of setting up the DD-WRT Point-to-Point Tunneling Protocol (PPTP) VPN feature. It’s no secret that PPTP has vulnerabilities like many other computer protocols, but sometimes taking risks is okay. In addition to being easier to configure and manage, PPTP is already supported in Windows.

However, if you are dealing with customer data or other very sensitive information, you might want to go for a more secure VPN implementation. Maybe later in another tutorial we will see how to configure OpenVPN in DD-WRT, which is more secure but a little more complicated to configure. Additionally, users need to download and configure a client utility to connect.

Flash the router

A good place to start is the router database. Type in your vendor or model number and hopefully it spits out a list of compatible firmware versions and variants. In order not to “brick” your router (make it useless), be sure to follow all installation instructions carefully.

The most recent stable version of DD-WRT at the time of writing is v24 SP1 (Build 10020), which we are using for this tutorial. These instructions should also work with v24 SP2 as we tested beta 13064.

Remember, you don’t have to use the VPN variant if you just want to use the PPTP VPN server or client; they are included in all variants except Mini. The special VPN variant gives you the most secure OpenVPN server and client, so use it if you plan to try later.

Enable PPTP VPN Server

Related Articles

To get started, log into the web-based control panel. Type the default IP address 192.168.1.1 in a web browser. The first time you access the router, you will be prompted to create a username and password.

Click it Services tab and choose the PPTP sub-tab. In the PPTP server area, select To allow. Then enter the router IP address (192.168.1.1) for the server IP.

For the client’s IP address (es), enter a single address if you are the only user. If there are multiple users, you can specify a range. You must choose an address or range that does not conflict with the router’s IP address and client IP addresses (192.168.1.100 – 192.168.1.149). An acceptable range could be 192.168.1.2-99 (which is 192.168.1.2 – 192.168.1.99) or even 192.168.1.200-249 (which is 192.168.1.200 – 192.168.1.249). Be sure to specify the ranges with the shortest format; do not include the entire address for the ending IP.

The CHAP-Secrets text box is where you specify usernames and passwords. Make sure you enter them in the special format: username, space, asterisk, space, password, space, and asterisk. Here is an example :

joe * joespassword *

jane * janepassword *

If you are running a RADIUS / AAA server, you can optionally authenticate VPN users against it by enabling RADIUS and entering your server details.

When you’re done, click Apply Settings, which will save and then apply the changes.

Test it out

Now you should have a working VPN server, so let’s test it on the local network first:

In Windows XP, click Start> Connect To> Show All Connections. Then on the window, double-click New connection wizard. In the wizard, click Next. Click on Connect to the network at my workplace and tap Next. To select Connection to the virtual private network and click Next. Type a name for the company name and click Next. Enter the router’s local IP address (192.168.1.1), click Next, and then click Finish. The login dialog should appear where you can enter a username and password that you created on the server. Then click on Connect and it should work.

In Windows 7, display the Network and sharing center and click Set up a new connection or network. In the wizard, select Connect to a workplace and click Next. Click on Use my Internet connection (VPN). On the next page, enter the router’s local IP address (192.168.1.1) for the Internet address, enter a destination name, and click Next. You should be prompted to enter your username and password. Enter the one you defined earlier when configuring the server and click Connect. Give him a minute, and if all is successful he should say You is connected.

Create a hostname for your dynamic IP

If the DD-WRT router is connected to an Internet connection with a dynamic or changing IP address, you will probably want to configure a hostname (subdomain). This gives you an Internet address (for example, myhomenet.getmyip.com) which always points to the current Internet IP address of your router. This allows you to connect to your VPN server when you are away without worrying about the change of IP address. Otherwise, if that changed, someone would have to physically check the router and give you the new IP address.

No-IP and Afraid.org are two free dynamic DNS services that you can consider. Once you have signed up for a service, you will have a host name, account name, and password. Display the DD-WRT Control Panel, click Configuration> DDNS, and enter this information. Then your router will keep the service and hostname up to date with your current IP.

Now, don’t forget to use your hostname instead of your Internet IP when configuring your VPN client settings.

Configure it for remote access

To connect to your VPN server from the Internet when you are away, Windows must be configured with your Internet IP address (or hostname, if you have created one), not the local IP address (192.168.1.1) . If you have followed the instructions previously and have already created a connection from the local network, you can simply change the IP address:

In Windows XP, click Start> Connect To> Show All Connections. Then right-click on the VPN connection and select Properties.

In Windows 7, click the network icon, right-click the VPN connection in the list, and select Properties.

Start logging in

Now you should have everything ready to go. The next time you need to access your network while you are away or secure your traffic on a public network, you can use your own VPN server. Remember that the remote router and network must also allow VPN connections. However, this is usually not a problem.


Eric Geier is the founder and CEO of No wires Safety, which helps businesses easily protect their Wi-Fi with enterprise-level encryption by offering an outsourced RADIUS / 802.1X authentication service. He is also the author of numerous books on networking and computing, for brands such as For Dummies and Cisco Press.

Latest posts by Eric Sandler (see everything)


Source link

Comments are closed.