How to Set Up a VPN on DD-WRT and Tomato (Also, Why You Need a VPN)

Privacy on the Internet was killed off for many -- if not most -- people a very long time ago. Virtually everything one does online can be tracked... and track they do, whether they tell you or not.

This is becoming even more obvious with the imminent "six strikes" rule, coming soon to the good ol' US of A (the supposed land of the free.) The gist of the new program is that most major ISP's in the US will begin openly monitoring the internet activity of their users, as if they haven't already, and various punishments will be doled out to users deemed to be visiting sites that violate copyrights.

Supposedly, this will start with a e-mailed warning, then progress to being required to take an online "education" course that sounds much like attending what I refer to as "naughty driver's school" to mitigate the consequences of a traffic ticket. Of course, we all know what will really happen is that repeat offenders will find their favorite websites blocked and connections throttled or terminated entirely by their ISP's.

In a free and open Internet, this is completely unacceptable. I hope you will join me in fighting against this oppression by protecting yourself online with a VPN service. Essentially, VPN's allow you to encrypt and secure your online activities by hiding behind anonymous IP addresses worldwide, and works by tunneling your entire Internet connection. HMA has a great basic explanation of how this works, and Wikipedia has a much more technical explanation.

Enough With The Soapbox! Let's Set Up Our VPN.

There are dozens of VPN services worldwide, and there's virtually no way that one looking to set up a secure connection wouldn't find one that suits their needs. The aforementioned HMA! is a very popular and stable service. BTGuard is another popular service. A third is privateinternetaccess, who even accepts Bitcoin as payment!

Once you get an account, you'll be provided with a username and password for the VPN service, and most likely given access to an online dashboard. This dashboard will provide a list of servers to use, setup instructions, and other tools -- some of which we'll use for the setup.

This is Important!


IMPORTANT NOTE: Not all VPN's will use the same setup as demonstrated in the examples below. This article is to be used as a GENERAL INTRODUCTION for setting up a VPN connection, and is by no means guaranteed to work with your specific VPN service. Please consult your VPN's installation guides for specific settings to use before proceeding with any setup procedures.

ANOTHER IMPORTANT NOTE: OpenVPN can be set up on DD-WRT, and L2TP can be used on Tomato, depending on your firmware version. I just happened to be using the DD-WRT build for the R6300, which does not have OpenVPN built in. In addition, OpenVPN can often be installed on routers that have the proper firmware, but I'm not qualified to give a tutorial on that! That would be a good question for the forums.

FINAL IMPORTANT NOTE: In setting up a VPN on several different routers with different firmware builds, I've noticed that one setup DOES NOT FIT ALL. Sometimes L2TP will work with a build where OpenVPN will not, for no reason that I can pinpoint. As with many networking related projects, you will likely have to try different things to find what works best with your VPN provider and router.


Now that we got that out of the way, head to the next page to start getting things set up.


How to Set Up a VPN on Tomato Firmware Using OpenVPN

If you are choosing to use your VPN with a Tomato-based firmware, several flavors come with OpenVPN support built in; OpenVPN is believed by many to be the highest performing and most secure VPN option. One example of a Tomato build with OpenVPN is shibby's All-In-One firmware for the WNR3500Lv2. (If you're new to all this, check out our general firmware guide.)

Once you have your router up and running, the first step is to check if your VPN requires you to input any scripts into your router, which is likely. If so, paste the script into the screen at Administration -> Scripts and click "Save." Chances are, this will be the script where you input your VPN username and password, if you have to do this step.

The next step is the basic setup. Head to VPN Tunneling -> Client -> Basic and configure this screen based on your VPN provider's instructions. The "port" is where you input the server you want to use -- your VPN provider should have a list to choose from. Once these settings are filled out, click "Save."

Next, input the Advanced parameters by clicking to the Advanced tab in the same screen. Again, obtain these specific settings from your VPN provider, input them, and click "Save."

Finally, you will need to go to the "Keys" tab. There are several files that you will need to obtain from your VPN provider that will provide the data for these fields. Save them, open them in a text editor (like Notepad++) and paste the entire contents into these fields as instructed.

Now, head to the Status tab and click the "Start Now" button. If all is well, you should see a screen similar to the one above, although it won't be filled with data yet, of course. You may have to refresh a few times, but it worked on the first try for me.

It's now mandatory to go through the standard battery of tests, including checking to see if your applications work -- for example, I had a problem with the Steam service. Switching to an alternate server fixed the problem. Also, check your throughput with an online speed test. Finally, go to a "What Is My IP" type site to determine that, indeed, you are now showing up under an anonymous IP.

How to Set Up a VPN on DD-WRT Firmware Using L2TP

An alternate method to use when setting up a VPN if OpenVPN is not available is the L2TP tunneling protocol. L2TP is usually preferred over PPTP, which has known security vulnerabilities.

I found this setup to be very easy, and while potentially less secure and lower performing, might be a good place to start if you're new to configuring routers. It's all done in the Setup -> Basic Setup -> WAN Setup screen of DD-WRT. Simply select L2TP as the connection type and fill out the fields according to your VPN provider's instructions, A save, apply settings, and reboot later and you should be all set.

Conclusions and Next Steps

No matter how it's done, I think that in this new era of eroding privacy and invasive ISP practices, it's essential for EVERYONE to protect their online identity. The price is small compared to the massive benefit.

There's many more ways to set up a VPN in your home that described here -- for example, some VPN's offer software packages that can run on specific local machines. Others offer "router auto-configurators." For anyone looking to set up a VPN, good and thorough research is key to determine which service is the best fit, based on the router being used and the individual needs of the user.

However, no research is necessary to realize the benefits and necessity - of using a VPN. Remember -- Big Brother is definitely watching.