Configure Ace SSL VPN on DD-WRT Flashed Router – Wireless Client mode

If you came to this page without reading the introduction please go back for a brief introduction, the advantages of this method and how it works.

Advantages

Connect following devices securely and anonymously to the Internet using the wireless link even if the devices does not support wireless connection.

  • Gaming consoles like Nintendo Wii, Microsoft Xbox, Sony Playstation, etc.
  • Digital media receivers or home entertainment device like Apple TV, Xbox 360, Mac Mini, Roku Netflix player, Western Digital TV Live Media Player, D-Link Media Lounge, Netgear Digital Entertainer HD
  • Any other devices, laptops, wi-fi phones, HTPC, media server etc. that connects to Internet using Ethernet or wireless adapter
  • Add wireless access to a wired peripheral or devices
  • Extend wireless network range

Requirements

DD-WRT Demo

Check out the demo of DD-WRT V24 SP2 to get a fair idea of the features available with dd-wrt flashed router.

Warning

  • This tutorial requires basic knowledge about routers and networks. If you have no prior knowledge we suggest you to familiarize about routers and networks before you continue
  • Flashing third party firmware can void your routers warranty
  • AceVPN.com is not responsible for any damage to the hardware, systems, or personal injury if you do attempt this!
  • Only attempt if you are confident in your skills!

Assumptions

  • Primary or host router will be referred as Router A
  • Secondary or client router will be referred as Router B
  • Router A internal IP is 192.168.1.1 and subnet is 255.255.255.0
  • Router A has wireless enabled
  • Router B settings has been reset to factory defaults

Router B: Configuration Steps

  • Connect a PC to the Lan port of the Router B
  • Using your browser, login to the admin page of Router B. By default this is available at http://192.168.1.1
  • Go to Setup > Basic Settings tab and set values as per below
    • Wireless Setup/ WAN Connection Type
    • Connection Type: Automatic Configuration - DHCP
    • STP: Enable
    • Optional Settings
    • Router Name: acevpnclient or some friendly name
    • Network Setup/ Router IP
    • Local IP Address: 192.168.2.1
    • Subnet Mask: 255.255.255.0
    • Gateway: 192.168.1.1
    • WAN Port
    • Assign WAN Port to Switch: Checked
    • Network Address Server Settings (DHCP)
    • DHCP Type: DHCP Server
    • DHCP Server: Enable
    • Start IP Address: 192.168.2.100
    • Optional: Enable NTP Client and set Time Zone and Summer Time (DST)
  • Click on Save Settings button. Notice that after this configuration, Router B has a different IP address for administration. So if you are not automatically redirected to the new IP, you may have to connect to the administration web page by typing 192.168.2.1. Also note that at this stage, you may not be able to connect to the new IP unless you are using a computer hooked up to one of the LAN ports of the Router B itself.

It would look like below screenshot when above steps are completed

  • Go to Wireless > Basic Settings tab and set values as per below
    • Physical Interface
    • Wireless Mode: Client
    • Wireless Network Name (SSID): Router A network name
    • Virtual Interfaces
    • Click Add and type below values
    • Wireless Network Name (SSID): www.acevpn.com/secure (or anything you like)
    • Protection Mode: None
    • Wireless Mode: AP
    • Network Configuration: Bridged
    • Hit the Save button

It would look like below screenshot when above steps are completed

  • Go to Wireless > Wireless Security tab and set values as per below
    • Physical Interface
    • Security Mode: Same as Router A
    • WPA Algorithms: Same as Router A
    • WPA Shared Key: Same as Router A
    • Virtual Interfaces
    • Security Mode: WPA Personal
    • WPA Algorithms: Choose any available algorithm
    • WPA Shared Key: Choose a secure key
    • Hit the Save button

It would look like below screenshot when above steps are completed

  • Go to Services > Services tab and set values as per below
    • OpenVPN Client
    • Start OpenVPN: Enable
    • Server IP / Name: vpn.acevpn.com
    • Port: 443
    • Use LZO Compression: Enable
    • Tunnel Protocol: UDP
    • nsCertType: Checked
    • Public Server Cert: Paste the contents of acevpn-ca.crt
    • Public Client Cert: Paste the contents of acevpn-user.crt
    • Private Client Key: Paste the contents of acevpn-user.key. This is the password file. Do not share this with anyone.
    • Hit the Save button

It would look like below screenshot when above steps are completed

  • Go to Status > Wireless tab and set values as per below
    • Wireless Nodes
    • Click on the Site Survey button

      Neighbor's Wireless Networks
    • Click on the Join button corresponding to the Router A SSID
    • Click the Close button

  • Go to Administration > Commands tab and set values as per below
  • Paste the below content into "Commands" textbox, replace the USERNAME and PASSWORD with the credentials you received from Ace VPN and hit Save Startup button

    sleep 30
    echo "USERNAME
    PASSWORD" > /tmp/openvpncl/userpass.conf
    sleep 30
    echo "client
    dev tun
    proto udp
    hand-window 60
    remote-random
    #NOTE: Get additional IP's from the configuration file
    remote 94.23.114.100 443
    remote 76.73.56.41 443
    resolv-retry infinite
    nobind
    persist-key
    persist-tun
    ns-cert-type server
    comp-lzo
    verb 3
    keepalive 20 800
    reneg-sec 0
    ca /tmp/openvpncl/ca.crt
    cert /tmp/openvpncl/client.crt
    key /tmp/openvpncl/client.key
    auth-user-pass /tmp/openvpncl/userpass.conf" > /tmp/openvpncl/myopenvpn.conf

    ( sleep 20 ; killall openvpn ; /usr/sbin/openvpn --config /tmp/openvpncl/myopenvpn.conf --auth-user-pass /tmp/openvpncl/userpass.conf
    --route-up /tmp/openvpncl/route-up.sh --down /tmp/openvpncl/route-down.sh --daemon ) &

  • Now paste the below content into "Commands" textbox and hit Save Firewall button

    iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
    iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
    iptables -I INPUT -i tun0 -j REJECT
    iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE

Now reboot your router and wait for a minute for the router to establish a secure tunnel with Ace VPN gateway. Now open up a browser and go to Ace VPN home page to make sure the VPN tunnel is established.

Troubleshooting

Please refer to the DD-WRT troubleshooting steps.

If you have additional questions or need help please contact us