OpenVPN server

This is a step-by-step guide on how to set up an OpenVPN server on your DD-WRT router. It is assumed that you have an OpenVPN build on your router.

This guide has been tested on three different routers:

  • D-Link DIR-868L A1 (DD-WRT v3.0-r27506 (07/09/15) std)
  • NETGEAR WNDR3700v3 (DD-WRT v3.0-r29440 mega (04/11/16))
  • NETGEAR WNR3500Lv2 (DD-WRT v24-sp2 (03/25/13) vpn (SVN revision 21061))

This guide does not explain how to generate certificates and keys or how to set up an OpenVPN client. The setup is for a server using basic certificates for an Autologin profile only. A user/password and man-in-the-middle protection can be added later on, once you have a working server.

My router arrangement is as follows; cable modem bridged to my Airport Extreme which forwards port 45022 to my DD-WRT router (WAN IP:

Before you start, you should backup your router, then Restore Factory Defaults to avoid unknown settings messing up your server configuration. Once you have a working server, you may restore your backup and configure it again and further tweak it to your needs.

With your clean DD-WRT router (Factory Defaults), do the following:

1) Log into your router and set a new Router Username and Router Password
2) Press <Save Password>


3) Refresh and log into your router using your new username and password
4) Go to Setup >> Basic Setup
5) Scroll down to Router IP and update Local IP Address and Local DNS. This will be your router’s IP address (e.g.
6) <Save> settings


7) Go to Wireless >> Wireless Security
8) Set Security Mode (WPA2 Personal), then WPA Algorithms (AES) and add a suitable WPA Shared Key
9) <Save> settings


10) Go to Wireless >> Basic Settings
11) Update Wireless Network Name (SSID) and disable Wireless SSID Broadcast.
12) <Save> settings


13) Go to Services >> VPN
14) Scroll down to OpenVPN Server/Daemon
15) Enable OpenVPN
16) Configure the server as follows:

OpenVPN: Enable
Start Type: WAN Up
Config as: Server
Server mode: Router (TUN)
Port: 45022
Tunnel Protocol: UDP
Encryption Cipher: Blowfish CBC
Hash Algorithm: SHA256
Advanced Options: Enable
TLS Cipher: None
LZO Compression: Adaptive
Redirect default Gateway: Enable
Allow Client to Client: Enable
Allow duplicate cn: Enable
Tunnel MTU setting: 1500
Tunnel UDP Fragment:
Tunnel UDP MSS-Fix: Disable
Client connect script:
Static Key:
PKCS12 Key:
Public Server Cert: paste server.crt content from and including —–BEGIN CERTIFICATE—–
CA Cert: paste ca.crt content here
Private Server Key: paste server.key content here
DH PEM: paste dh2048.pem content here
Additional Config:

push “route”
push “dhcp-option DNS”

TLS Auth Key:
Certificate Revoke List:

17) <Save> settings


18) Press <Apply Settings>
19) Wait two minutes and restart your PC for a simple IP reset
20) Log into your router (
21) Go to Setup >> Advanced Routing
22) Press <Show Routing Table>
23) Find column Interface and look for tun# (e.g. tun2)
24) Press <Close>


25) Go To Services >> Services
26) Scroll down to DNSMasq and enable DNSMasq, Local DNS, No DNS Rebind and Query DNS in Strict Order
27) Add the following text under Additional DNSMasq Options:


28) <Save> settings


29) Go to Administration >> Commands
30) Add the below text to the Command textbox and press <Run Commands> and then <Save Firewall>

iptables -I INPUT 1 -p udp –dport 45022 -j ACCEPT
iptables -I FORWARD 1 –source -j ACCEPT
iptables -t nat -A POSTROUTING -s -j MASQUERADE
iptables -I FORWARD -i br0 -o tun2 -j ACCEPT
iptables -I FORWARD -i tun2 -o br0 -j ACCEPT


31) Go to Status >> OpenVPN
32) Scroll down to State. If it says “Server: CONNECTED: SUCCESS”, then you’ve made it!


Now that you have a working OpenVPN server, you just have to configure an OpenVPN client.

Leave a Reply