Author Topic: Router Acting as VPN Client?  (Read 24325 times)

iwod

  • Calf
  • *
  • Posts: 11
Router Acting as VPN Client?
« on: August 02, 2010, 05:16:23 am »

Basically i want all the wirless / wired connection going into this router automically goes through my VPN connection without setting up a VPN on every devices individually.

 

Is this possible?


davo

  • Really Big Bull
  • VIP
  • *
  • Posts: 5955
Re: Router Acting as VPN Client?
« Reply #1 on: August 03, 2010, 06:27:46 am »

Thats fantastic, how about telling us what kind of router you have?!!?! Model number?

PM me for TFTP / Boot Images / Recovery files  LSRecovery.exe file.

iwod

  • Calf
  • *
  • Posts: 11
Re: Router Acting as VPN Client?
« Reply #2 on: August 19, 2010, 02:40:36 am »

I am currently using a Buffalo G300NH, which has PPTP VPN Server feature only.


odyssseus

  • Calf
  • *
  • Posts: 7
Re: Router Acting as VPN Client?
« Reply #3 on: August 01, 2011, 11:35:50 pm »

I have the same query.

 

Using G300NH with the user-friendly stock firmware. This has support for configuring VPN server. I need to setup VPN client. It will be helpful if you can help to guide for PPPTP/OpenVPN.

 

I tried using the DD-WRT versions (both Buffalo pro and DD_WRT). But they require quite complicated process to setup other features which are available easiely on stock firmware.

 

Thanks in advance.

 


irishtr

  • Calf
  • *
  • Posts: 12
Re: Router Acting as VPN Client?
« Reply #4 on: August 03, 2011, 12:50:14 am »

Here is how I got OpenVPN working with my current provider (Giganews/VyprVPN).  I am using DD-WRT 16785 build on WZR-HP-G300NH.  I had to build some manual scripts to achieve this as my VPN provider doesnt fully support OpenVPN inside DD-WRT but with some leg work I took info from Win7 OpenVPN scripts they provide and made it work.  You will need to have a descent understanding of your VPN provider info and how to configure a router in DD-WRT admin page.  Having PuTTY (program) for accessing the SSH side of the router is a major plus but also advanced.

 

First thing you will want to do is go inside to the Administration>Commands Tab.

You will have to do each one of these individually then save to their respective sections.  First we'll start with the startup script. the parts in BOLD/ITALICS you will need to change to match your Provider accordingly.  Do not change the formatting of anything just highlight, copy paste (obviously make the necessary changes to the bold italic sections though.  Easiest if you paste into notepad make changes then copy paste into router.)  After you do these reboot and it should connect after about a minute or 2.

 

STARTUP SCRIPT COPY & PASTE, MAKE NECESSARY CHANGES BELOW THEN SAVE AS STARTUP SCRIPT


mkdir /tmp/openvpn
echo "-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
"> /tmp/openvpn/ca.crt
echo "iptables -A POSTROUTING -t nat -o tun0 -j MASQUERADE"> /tmp/openvpn/route-up.sh
chmod +x /tmp/openvpn/route-up.sh
echo "iptables -D POSTROUTING -t nat -o tun0 -j MASQUERADE"> /tmp/openvpn/route-down.sh
chmod +x /tmp/openvpn/route-down.sh
echo "USERNAME GOES HERE
PASSWORD GOES HERE"> /tmp/openvpn/vpn.user
echo "client
dev tun
proto udp
remote VPN PROVIDER IP/HOSTNAME and PORT ex VPN.PROVIDER.COM 1194
resolv-retry infinite
nobind
persist-key
persist-tun
persist-remote-ip
ca ca.crt
tls-remote VPN PROVIDER IP/HOSTNAME and PORT ex VPN.PROVIDER.COM?
auth-user-pass vpn.user
comp-lzo
verb 3
auth SHA256
cipher AES-256-CBC
keysize 256
tls-cipher DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA"> /tmp/openvpn/myopenvpn.conf

sleep 60

openvpn --config /tmp/openvpn/myopenvpn.conf --route-up /tmp/openvpn/route-up.sh --down /tmp/openvpn/route-down.sh --daemon


FIREWALL SCRIPT REQUIRED COPY & PASTE THEN SAVE AS FIREWALL SCRIPT

iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE?

 

CUSTOM SCRIPT COPY & PASTE THEN SAVE AS CUSTOM SCRIPT

 

killall openvpn

openvpn --config /tmp/openvpn/myopenvpn.conf --route-up /tmp/openvpn/route-up.sh --down /tmp/openvpn/route-down.sh --daemon?

 

Next in the commands shell block type/copy paste the following sh /tmp/custom.sh then select run command (this should connect the VPN without needing to reboot or reconnect if having issues with your connection)

 

Finally you can goto www.whatsmyipadress.com verify you are routing through your VPN IP instead of your normal ISP IP.

 

Now there are some more advanced things that can be done from PuTTY interface that would need to be setup but I am not sure your ready for that just yet.  See how this goes and if you can get past this.


irishtr

  • Calf
  • *
  • Posts: 12
Re: Router Acting as VPN Client?
« Reply #5 on: August 03, 2011, 12:52:24 am »

On last thing as I mentioned the above works for Giganews/VyprVPN service.  If you are having trouble with configuring this let me know I may be able to just create the scripts if you provide me your settings (minus username/password of course).  But I would be glad to help others (returning the favor someone did for me).  As Buffalo, DDWRT and my VPN provider all couldn't figure out how to achieve this!


odyssseus

  • Calf
  • *
  • Posts: 7
Re: Router Acting as VPN Client?
« Reply #6 on: August 03, 2011, 02:50:12 am »

Thanks for the detailed response.

 

I am using hidemyass for VPN provider and the steps described by them are too simple as compared to this. But since that is not working i thought i might be missing some small part. But looks like I was missing quite a lot.

 

will update you once i try this.

 

steps provided by HMA - forum.hidemyass.com/showthread.php?tid=2700?

 

thanks.


irishtr

  • Calf
  • *
  • Posts: 12
Re: Router Acting as VPN Client?
« Reply #7 on: August 03, 2011, 03:16:56 am »

Ya I hear you.  My VPN provider doesnt even help with OpenVPN in DDWRT they only offer crappy PPTP (and even their simple how to for that didnt work!) go figure.

 

**bleep**ty we pay for service we have to manipulate on our own know how to get to work.  Your provider looks like they have many different settings that need tweaked with what I posted above.  I am actually trying to manipulate my setup to see if I can get it to work with the GUI configuration vs these manual scripting.

 

I see alot of support for DDWRT/OpenVPN and general help more from StrongVPN but since I get my service from Giganews included with my newsgroup service I didnt want to burden extra costs.  Not sure how good StrongVPN actually is so can't say on that just from what I see in their support forums.

 

As a speed reference how drastically the VPN connectiong changes.

 

I average about 45-60Mbps without VPN connection here in Seoul S.Korea and then when connected to US LA,CA location VPN it takes a big hit down to about 4Mbps but still good enough to allow me to stream video content funny thats about the average speeds in most homes in the US lol just wish I could get at least 1/2 of total bandwidth these guys provide here haha


irishtr

  • Calf
  • *
  • Posts: 12
Re: Router Acting as VPN Client?
« Reply #8 on: August 03, 2011, 03:43:48 am »

Well I managed to make the GUI work for my side of things but it too required some in depth manipulation I now have another avenue to research where I think this is a problem with OpenVPN Client inside the GUI generating a script.  Not sure if its my service throwing the rejection or OpenVPN in the router itself.  I believe it to be the latter atm but will need more expert advice where to go.

 

As of right now this is the error I get in logs for OpenVPN Client

 

Options error: Unrecognized option or missing parameter(s) in /tmp/openvpncl/openvpn.conf:22: mtu-test (2.1.3)
Use --help for more information.?

 

the file created by the GUI openvpn.conf line 22 adds that mtu-test cake in there and it causes the hole process to fail and not proceed thus not making the connection.  The minute I remove that line and manually kick off VPN Client connection within the terminal everything works great and I get a status in the GUI indicator too (bonus!)

 

I'll try to keep you aprised on my progess granted we will have conflicting issues due to our service variance.


odyssseus

  • Calf
  • *
  • Posts: 7
Re: Router Acting as VPN Client?
« Reply #9 on: August 03, 2011, 04:12:32 am »

While getting dd-wrt from the web site the max it allows me is build 14xxx. How and where can I get 16xxx.

 

thanks for the details scripts. i'll let you know once i try it.

 

from the look your mtu error looks like a scripting error, but can not be sure.

 


irishtr

  • Calf
  • *
  • Posts: 12
Re: Router Acting as VPN Client?
« Reply #10 on: August 03, 2011, 04:54:51 am »

Its from DD-WRT direct not from Buffalo.  A more up to date firmware from the community.

 

ftp://ftp.dd-wrt.com/others/eko/BrainSlayer-V24-preSP2/2011/06-14-11-r17201/buffalo_wzr-hp-g300nh/?

 

Make sure you research how to upgrade to this type and are aware of its responsibilities etc.

 

I found out the problem was I was on an old version that had a bug so I just upgraded to the latest release and viola... OpenVPN via the GUI now!

 

When you get ready to do this, if you would like some help I'd be willing to check some logs with you to see whats actually causing your problem to connect to your service.  Using their settings from the link you gave earlier shouldnt really have any issues so it may be a firmware problem from the way mine was mucking up and all I did was take your provider tutorial and modify the values to fit my provider. Funny my provider wouldn't support it yet I copy someone elses and boom...  Sigh companies and laziness I tell ya!

 

Anyhow lemme know bud


odyssseus

  • Calf
  • *
  • Posts: 7
Re: Router Acting as VPN Client?
« Reply #11 on: August 03, 2011, 07:32:03 am »

i am getting a very funny problem and could not figure out a workaround.

 

echo "username

password" > /tmp/openvpncl/user.conf?

 

is giving the below error.

 

/bin/sh: password > /tmp/openvpncl/user.conf?: not found?

 

I know a bit of linux, but no idea why echo is not picking up the whole thing in quotes.

 

please help.

 

 

 


irishtr

  • Calf
  • *
  • Posts: 12
Re: Router Acting as VPN Client?
« Reply #12 on: August 03, 2011, 03:22:23 pm »

I had that happening too, were you saving that as startup or just trying to run it?  Was happening for like 10mins, rebooted and all was normal.

 

Are you using Telnet/SSH by chance?  I've journeyed into a new cake pile of trying to route all VPN traffic for specific devices while the rest go thru ISP straight... I think I have a few strands of hair left trying to figure all this mess out as I think I dove in way over my head with this new project lol.

?


odyssseus

  • Calf
  • *
  • Posts: 7
Re: Router Acting as VPN Client?
« Reply #13 on: August 03, 2011, 09:17:39 pm »

after i could not get the vpn to work i was debugging all the steps and that'w when i figured out that thsi command is acting weird. I was earlier using the Buffalo pro version of dd-wrt. After this i updated to build 17012 and this part was ok..

 

I am now able to connect to vpn but the remote address part shows nothing. Not able to connect to internet over VPN. mailed the HMA support, they asked me to change the DNS settings to OpenDNS. But still does not work. Let me know if you have any idea on this problem. Attaching the logs also.

 

the new cake pile sounds interesting. I was under the impression that  this is directly possible by using 'policy based routing' box in openvpn client settings. on second thoughts, this is dd-wrt and everything is possible, but nothing is straight.. lol lol...


irishtr

  • Calf
  • *
  • Posts: 12
Re: Router Acting as VPN Client?
« Reply #14 on: August 03, 2011, 11:25:20 pm »

Ya so did I.  So Policy Based Routing, if its left blank "ALL" my traffic from "ALL" devices is pushed thru the VPN (that initial post before with the scripts not even being used) since I got the GUI working via 17201 build.  So now the GUI is responsible for generating all the Route UP/DOWN scripts etc.  Like I said it pushes everything if VPN connected and when disconnected back to normal.

 

What doesnt make sense is from what I can dig up on good ol internet about policy based routing, some sites say just input the ip in the box as 192.168.2.142/24  groovy sounds simple enough so I do and then bam that machine gets zero connectivity!  SIGH  Some other sites list some Firewall scripts, I use some of those and same results...  GAH...

 

Ok on to your problem I saw your logs, looks like the connection is happening but nothing being routed across is.  I assume you still have regular internet?  Was the Status>OpenVPN page showing connected and log info too?  I'm currently in Korean timezone (GMT+9) right now but if you wish to chat via Google instead of using this site as a back n forth, I'd be glad to try and help (I am no expert just a small fish in this big pond) and share ideas!