If you came to this page without reading the introduction please go back for a brief introduction, the advantages of this method and how it works.

Use this setup if you already have a DD-WRT router in your network and plan to configure Ace VPN on it for entire house protection.

Requirements

• Ace Premium SSL VPN account or Ace Ultimate SSL VPN account
• Router running DD-WRT firmware (Mega or VPN build).
• If you do not have a router flashed with DD-WRT. Please flash it first and continue with the instructions. Check if your router is supported

DD-WRT Demo

Check out the demo of DD-WRT V24 SP2 to get a fair idea of the features available with dd-wrt flashed router.

Warning

• This tutorial requires basic knowledge about routers and networks. If you have no prior knowledge we suggest you to familiarize about routers and networks before you continue
• Flashing third party firmware can void your routers warranty
• AceVPN.com is not responsible for any damage to the hardware, systems, or personal injury if you do attempt this!
• Only attempt if you are confident in your skills!

Assumptions

• You have the DD-WRT router configured and can access Internet.

Router Configuration Steps

• Connect a PC to the Lan port of the Router
• Using your browser, login to the admin page of Router B. By default this is available at http://192.168.1.1

• Go to Setup > Basic Settings tab and set values as per below. Set the Static DNS to either OpenDNS or Google DNS. Uncheck / disable DNSMasq and DHCP-Authoritative checkboxes. Also set the correct date and time.

• Go to Services > VPN tab and set values as per below

OpenVPN Client

• Start OpenVPN: Enable
• Server IP / Name: vpn.acevpn.com
• Port: 443
• Use LZO Compression: Enable
• Tunnel Protocol: UDP
• nsCertType: Checked
• Public Server Cert: Paste the contents of acevpn-ca.crt
• Public Client Cert: Paste the contents of acevpn-user.crt
• Private Client Key: Paste the contents of acevpn-user.key. This is the password file. Do not share this with anyone.
• Hit the Save button

It would look like below screenshot when above steps are completed

• Go to Administration > Commands tab and set values as per below
• Paste the below content into "Commands" textbox, replace the USERNAME and PASSWORD with the credentials you received from Ace VPN and hit Save Startup button
  
  sleep 30
  echo "USERNAME
  PASSWORD" > /tmp/openvpncl/userpass.conf
  sleep 30
  echo "client
  dev tun
  proto udp
  hand-window 60
  remote-random
  #NOTE: Get additional IP's from the configuration file
  remote 94.23.114.100 443
  remote 76.73.56.41 443
  resolv-retry infinite
  nobind
  persist-key
  persist-tun
  ns-cert-type server
  comp-lzo
  verb 3
  keepalive 20 800
  reneg-sec 0
  ca /tmp/openvpncl/ca.crt
  cert /tmp/openvpncl/client.crt
  key /tmp/openvpncl/client.key
  auth-user-pass /tmp/openvpncl/userpass.conf" > /tmp/openvpncl/myopenvpn.conf

  # The following line should be a single line with no line break
( sleep 20 ; killall openvpn ; /usr/sbin/openvpn --config /tmp/openvpncl/myopenvpn.conf --auth-user-pass /tmp/openvpncl/userpass.conf --route-up /tmp/openvpncl/route-up.sh --down /tmp/openvpncl/route-down.sh --daemon ) &


• Now paste the below content into "Commands" textbox and hit Save Firewall button
  
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
iptables -I INPUT -i tun0 -j REJECT
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE


Now reboot your router and wait for a minute for the router to establish a secure tunnel with Ace VPN gateway. Point your web browser at http://www.acevpn.com/, and scroll down a ways. In the border on the right you’ll see a box made of dotted lines, with an IP address, Hostname, city, etc. If AceVPN is working, the IP address, Hostname, City, State, etc. should all be something *other* than your own.

Troubleshooting

Refer DD-WRT troubleshooting steps.

Disconnects

If you’re unable to connect to the VPN server or can occasionally but not for more than a few minutes at a time, and you use a WAN device that does PPPoE onboard (Like a SpeedStream 5100b DSL Modem) — You may have to disable the onboard PPPoE and use the PPPoE on the WRT54G. The GRE that’s needed for the VPN sometimes gets messed up by your WAN device, probably because it uses a buggy layer 3 stack that corrupts or doesn’t pass the GRE packets to your WRT.

You may also have disconnects if the actual network that the client is on is the same subnet that the server is on (e.g. client subnet is 192.168.1.0/24 and the VPN server subnet is 192.168.1.0/24). This causes IP collisions. The best solution is to change the subnet of your client network to something unique, such as 192.168.5.0/24 (i.e. an IP range of 192.168.5.1-255 with a netmask of 255.255.255.0).

Enable logging

If you need assistance please email us the log. To enable openvpn log …

Add the following after “verb 3″ in your startup script.
log /tmp/acevpn.log
Reboot your router, wait for about 5 minutes and then SSH / Telnet to your router and run the following command.
ln -s /tmp/acevpn.log /tmp/www/acevpnlog.html
Now go to http://192.168.1.1/user/acevpnlog.html and email us the contents of this page.

Enable syslog

To enable logging please follow the instructions at http://www.dd-wrt.com/wiki/index.php/Logging_with_DD-WRT