How to Set Up a VPN On NETGEAR R6300 with OpenVPN and DD-WRT

This is a fact: everyone's Internet freedom and privacy are at risk. Through SOPA to PIPA to the "six strikes" rule and frivolous lawsuits, the government, ISP's, the MPAA, the RIAA (and the list goes on) have shown that they definitely want to track your every move online. I support a free and open Internet, but in a world where ISP's can't be trusted, one has to take matters into their own hands. One simple way to do this is with a personal VPN service -- an inexpensive and simple method to protect your privacy online.

I talk a little bit about exactly what a VPN is in a previous article, along with some basic instructions for setting one up through a home router using either Tomato or DD-WRT firmware. The L2TP instructions found in that article should work for most providers with the R6300.

However, many users will likely prefer to use OpenVPN, as it generally offers the best performance and is the industry standard for VPN security. IVPN has an excellent guide comparing the benefits of OpenVPN versus the other two methods (although I personally feel L2TP is fine also).

So, if you have an R6300, we're ready to get started!

Step 1: Sign Up for VPN Service

For purposes of this article, I used Private Internet Access, a popular and well known VPN service that I have found to be reliable and a good value. In my testing, I found that another well known provider's instructions would not work on the R6300, basically bricking the router. Several others don't offer DD-WRT based installation or instructions for OpenVPN. Even the instructions for Private Internet Access, clearly provided on their website, did not work as outlined -- resulting in many hours of digging and searching for settings that could help things work.

Fortunately, Private Internet Access offers a low-cost monthly sign up for users to try out the service on their router. I recommend that if you want to follow the steps in this guide, that you select that plan to see if it works out for you before committing to a longer length of service.

Note that neither I nor MyOpenRouter are affiliated with Private Internet Access in any way, nor was I provided free service for purposes of writing this article. I am simply a normal user who is happy with their service, and I feel comfortable recommending them to our members.

Also note that other providers, no doubt, will work with OpenVPN on the R6300. It's simply not possible for me to test every one! My aim is to provide a simple way that an average user like me can get this up and running quickly; this can be done without knowing any code, compiling any software, and so on. I would love to see tutorials from other users who use other services!

Step 2: Perform a 30-30-30 Reset on the R6300

This will clear the NVRAM of the device and set it up for a clean implementation of the following instructions. Do not skip this. Here are some instructions (they are the same for any NETGEAR router on which this method is supported.)

Step 3: Install the Latest Build of DD-WRT for the R6300

The latest build of DD-WRT for the R6300 will need to be installed, as it contains OpenVPN functionality. We have a guide on installing DD-WRT; it's simple, so don't worry!

[Latest Build of DD-WRT for NETGEAR R6300 -- Download Here]

Step 4: Repeat Step 1

Yes, do another 30-30-30 and another reboot... it's crucial for ensuring a clean setup to work with.

Step 5: Set the Time to Match the VPN Server and Add an NTP Server

Now, log in to DD-WRT's web interface and, after setting up the new admin username and password, head to Setup -> Basic Setup and scroll to the bottom. Input the proper time to correspond with the VPN server you're choosing, and also enter an NTP time server address in the appropriate field. (More info on NTP plus some pool addresses here.)

Step 6: Change Your DNS Servers

This is the step (after completing setup originally and failing) that finally triggered OpenVPN to work for me on this router -- so I'm guessing it was necessary! I always use an alternate DNS provider anyway, but to reproduce my setup exactly, you'll want to use OpenDNS.

Step 7: Set up Custom Firewall Commands

I used the following firewall commands on the R6300 as part of the setup that would eventually work. I have not tested whether the connection will work without these settings or not; but a user on the DD-WRT forums provided it in an existing thread as a "recommended" setup.

iptables -N VPN
iptables -F VPN
iptables -I INPUT -i tun0 -j VPN
iptables -I FORWARD -i tun0 -j VPN
iptables -A VPN -i tun0 -o br0 -j ACCEPT
iptables -I POSTROUTING -t nat -o tun0 -j RETURN

This code should be added in Administration -> Commands. Type it into the command text field and click "Save Firewall."

Step 8: Add Startup Commands

This code, provided by Private Internet Access on their startup page, will run when the router restarts. It puts the VPN username and password into a text file stored on the router, which the OpenVPN client will access later. It also kills the existing OpenVPN process and restarts it, in the event the password isn't properly stored.

echo your_username >> /tmp/password.txt
echo your_password >> /tmp/password.txt
/usr/bin/killall openvpn
/usr/sbin/openvpn --config /tmp/openvpncl/openvpn.conf --comp-lzo yes --route-up /tmp/openvpncl/route-up.sh --down-pre
/tmp/openvpncl/route-down.sh --daemon

Put this code into the same field as you did in Step 7, and click "Save Startup."

It's important to note that you do not put your username or password in quotes. Finally, I made one small change to the startup script, to overcome a bug in this DD-WRT release that prevents you from selecting the LZO Compression method in the next step.

Step 9: Configure the OpenVPN Client

Almost there. Head to Services -> VPN and enable the OpenVPN Client.

Then, enter the following settings:

  • Server: Input your server of choice here
  • Port: 1194
  • Tunnel Device: TUN
  • Tunnel Protocol: UDP
  • Encryption Cipher: Blowfish CBC
  • Hash Algorithm: SHA1
  • Advanced Options: Enable
  • TLS Cipher: None
  • LZO Compression: DON'T TOUCH THIS, leave it at disabled
  • NAT: Enable

Now, in the Additional Config box that will pop up after you enable Advanced Options, enter this:

comp-lzo yes
auth-user-pass /tmp/password.txt
persist-key
persist-tun
tls-client
remote-cert-tls server

Finally, in the last step, enter the contents of the ca.crt file that you download from Private Internet Access into the "CA Cert" field. Save and apply the settings.

Step 10: Reboot and Wait

At this point, all of the settings have been configured -- so all that's left is to reboot the router. It may take a few minutes upon reboot for the OpenVPN client to establish the tunnel, but it should work relatively quickly. If it does not, reboot again, and possibly restart your modem or Internet connection, which may help.

If everything is working correctly, your WAN IP will still show the IP of your modem or regular connection, but if you visit an IP checking site (e.g. WhatIsMyIP.com) it will show the address of the VPN server you are using rather than your actual IP.

Conclusions

I'm very happy with this firmware, and the fact that it does indeed support OpenVPN. Discovering the correct settings was no small feat and took some sleuthing, but was worth it. Overall, the OpenVPN connection is very stable and is slightly faster than what I was able to achieve on the same service/servers with an L2TP connection (~12-13 Mbps compared to ~9-10 Mbps) While this is certainly a big step down from my full bandwidth (~35 Mbps sustained) it's a worthy tradeoff. Plus, the VPN can be easily disabled from the DD-WRT GUI.

If you try this tutorial, please post a comment and let me know how it's working for you or if you have trouble.

Additionally, I'd love to hear from our community members if they have gotten OpenVPN working on the R6300 with any other provider, and if so, how it was done!

 

 

Tags: 

RobertL
RobertL's picture
I dont have the option to

I dont have the option to configure OpenVPN as stated in step 8. Under "Services>VPN", I only have PPTP Server and PPTP Client (ie. no "enable the OpenVPN Client")

I have installed dd-wrt.v24-K26_R6300_19-10-2012.chk.

thanks for your help,

Robert

John Zimm
John Zimm's picture
I am about to buy a pre

I am about to buy a pre-configured PIA router from flash routers... But if I could configure it myself I could save 100 bucks... Or spend the same and get a better router. But I don't know how to set up the kill switch feature... Do you use this feature?

free_trojans
free_trojans's picture
I am also wondering if it is

I am also wondering if it is possible to remotely login with vpn service running?

calima174
calima174's picture
It works perfectly here on a

It works perfectly here on a R6300v1.

One issue though: I have a fiber connection 500/500 up/down.

Without VPN i got around 100/100 up/down, but after installing vpn on my router i onlt get around 10-15Mbit down...

Another thing: I can't get 5ghz runningafter upgrading to dd-wrt.
I found out i'm not alone in this, but can't gigure out what's wrong.

I Have another AC router though, so no big deal

I just hope I can get the speed up to around 100/100...
All ideas are welcome!

mrdrew
mrdrew's picture
I suggest modifying the title

I suggest modifying the title of this article to specify "VPN client" rather than just VPN.

Pages