If you came to this page without reading the introduction please go back for a brief introduction, the advantages of this method and how it works.
Use this setup if you already have a DD-WRT router in your network and plan to configure Ace VPN on it for entire house protection.
- Ace Premium SSL VPN account or Ace Ultimate SSL VPN account
- Router running DD-WRT firmware (Mega or VPN build).
- If you do not have a router flashed with DD-WRT. Please flash it first and continue with the instructions. Check if your router is supported
Check out the demo of DD-WRT V24 SP2 to get a fair idea of the features available with dd-wrt flashed router.
- This tutorial requires basic knowledge about routers and networks. If you have no prior knowledge we suggest you to familiarize about routers and networks before you continue
- Flashing third party firmware can void your routers warranty
- AceVPN.com is not responsible for any damage to the hardware, systems, or personal injury if you do attempt this!
- Only attempt if you are confident in your skills!
- You have the DD-WRT router configured and can access Internet.
Router Configuration Steps
- Connect a PC to the Lan port of the Router
- Using your browser, login to the admin page of Router B. By default this is available at http://192.168.1.1
- Go to Setup > Basic Settings tab and set values as per below. Set the Static DNS to either OpenDNS or Google DNS. Uncheck / disable DNSMasq and DHCP-Authoritative checkboxes. Also set the correct date and time.
- Go to Services > VPN tab and set values as per below
- Start OpenVPN: Enable
- Server IP / Name: vpn.acevpn.com
- Port: 443
- Use LZO Compression: Enable
- Tunnel Protocol: UDP
- nsCertType: Checked
- Public Server Cert: Paste the contents of acevpn-ca.crt
- Public Client Cert: Paste the contents of acevpn-user.crt
- Private Client Key: Paste the contents of acevpn-user.key. This is the password file. Do not share this with anyone.
- Hit the Save button
It would look like below screenshot when above steps are completed
- Go to Administration > Commands tab and set values as per below
- Paste the below content into "Commands" textbox, replace the USERNAME and PASSWORD with the credentials you received from Ace VPN and hit Save Startup button
PASSWORD" > /tmp/openvpncl/userpass.conf
#NOTE: Get additional IP's from the configuration file
remote 220.127.116.11 443
remote 18.104.22.168 443
keepalive 20 800
auth-user-pass /tmp/openvpncl/userpass.conf" > /tmp/openvpncl/myopenvpn.conf
# The following line should be a single line with no line break
( sleep 20 ; killall openvpn ; /usr/sbin/openvpn --config /tmp/openvpncl/myopenvpn.conf --auth-user-pass /tmp/openvpncl/userpass.conf --route-up /tmp/openvpncl/route-up.sh --down /tmp/openvpncl/route-down.sh --daemon ) &
- Now paste the below content into "Commands" textbox and hit Save Firewall button
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
iptables -I INPUT -i tun0 -j REJECT
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
Now reboot your router and wait for a minute for the router to establish a secure tunnel with Ace VPN gateway. Point your web browser at http://www.acevpn.com/, and scroll down a ways. In the border on the right you’ll see a box made of dotted lines, with an IP address, Hostname, city, etc. If AceVPN is working, the IP address, Hostname, City, State, etc. should all be something *other* than your own.
Refer DD-WRT troubleshooting steps.
If you’re unable to connect to the VPN server or can occasionally but not for more than a few minutes at a time, and you use a WAN device that does PPPoE onboard (Like a SpeedStream 5100b DSL Modem) — You may have to disable the onboard PPPoE and use the PPPoE on the WRT54G. The GRE that’s needed for the VPN sometimes gets messed up by your WAN device, probably because it uses a buggy layer 3 stack that corrupts or doesn’t pass the GRE packets to your WRT.
You may also have disconnects if the actual network that the client is on is the same subnet that the server is on (e.g. client subnet is 192.168.1.0/24 and the VPN server subnet is 192.168.1.0/24). This causes IP collisions. The best solution is to change the subnet of your client network to something unique, such as 192.168.5.0/24 (i.e. an IP range of 192.168.5.1-255 with a netmask of 255.255.255.0).
If you need assistance please email us the log. To enable openvpn log …
Add the following after “verb 3″ in your startup script.
Reboot your router, wait for about 5 minutes and then SSH / Telnet to your router and run the following command.
ln -s /tmp/acevpn.log /tmp/www/acevpnlog.html
Now go to http://192.168.1.1/user/acevpnlog.html and email us the contents of this page.
To enable logging please follow the instructions at http://www.dd-wrt.com/wiki/index.php/Logging_with_DD-WRT