Jump to content
Not connected, Your IP: 3.133.148.76
Sign in to follow this  
6501166996442015

So you want to use AirVPN on your router but DD-WRT doesn't support it?

Recommended Posts

Hi, 

 

As some of you may know, DD-WRT requires at least 8mb of memory (or 4mb if it's a Broadcom chipset) in order to use OpenVPN.

 

However, this is not the end of the world. I use a D-Link DIR-615 which is unsupported by DD-WRT for OpenVPN, but I am able to get it running.

Things to know before hand:

1. My router's processor is only 400mhz, and combined with the lack of memory, it means that the maximum speed I am getting is around 6mbps 8mbps. On a normal machine, I get a lot more. This is due to the processor limitations and not due to the implementation.

2. Most problems I have had are to do with permissions. Make sure your uploaded files are all 777 or 755 permissions. 

3. This should work on most MIPS routers. I can guarantee that it is working on the DIR-615 and TL941N routers.

4. The OpenVPN package I am using is from November 2011, so it is relatively outdated. I believe it is version 2.2, whereas the current release is 2.3.2. If someone is willing to repackage it and upload the latest version, it may provide better performance.  Updated to March 2014!

 

REQUIREMENTS:

 

1. You need a server. Maybe AirVPN can help in this regard if they would be willing to host the files?

  • On this server, you will host a package called openvpn_pack.tar.gz containing the openvpn config and libraries for ssl and lzo.
  • You will also host a script and your ovpn files.
    WHY IS THIS THE CASE? 
    My router only has 64kb of NVRAM. This means that I can only store a small amount of data on there before the memory is consumed. The best way to conserve the NVRAM is to wget the needed scripts from a remote server rather than store them on the router itself. If you use all of your NVRAM, you can brick your router.

2. You need your .ovpn file generated through the "Enter" section of AirVPN. 

 

 

And we begin:

 

1. The first step required is to upload the files to your server.

  • Here is a temporary link to download openvpn_pack.tar.gz (855kb). This is not a host for you to use in your script, and is only staying up temporarily for public access. You must download this package and upload it to your own host, unless AirVPN is willing to host it.
  • The following script must be saved as "executeScript.sh" and uploaded to your server:

     

    #!/bin/sh
     cd /tmp/openvpn
     export LD_LIBRARY_PATH=/lib:/usr/lib:/jffs/lib:/jffs/usr/lib:/jffs/usr/local/lib:/mmc/lib:/mmc/usr/lib:/opt/lib:/opt/usr/lib:/tmp/openvpn/lib
     cd /tmp/openvpn
     killall -9 openvpn
     sleep 2
     insmod /tmp/openvpn/lib/tun
    echo tun.ko bridged
     killall -9 openvpn
     /tmp/openvpn/bin/openvpn --config /tmp/openvpn/client/airvpn.ovpn --daemon
     echo Started the daemon
    echo Starting loop to update the routing
     tunup=0
     while [ $tunup ]
     do
     sleep 1
     if ifconfig tun0
     then
     iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
     tunup=1
     echo Set the routing tables to use the vpn
     break
     fi
     done

 

  • You must go through this section of AirVPN and generate your ovpn file.
    NOTE: You can also add the following lines to the end of your ovpn file if you want to debug any errors:
    status /tmp/var/log/openvpn-status_tap.log
    log-append /tmp/var/log/openvpn_tap.log
    mute 20
    

    The first two lines will make logs of the connection in case you need to troubleshoot, and the third line will limit logging repeating problems to conserve memory. You can use notepad to edit the files. Also, in the script I have called this file AirVPN.ovpn. Your filename will be different. You can either change the script to your filename or you can rename your file to AirVPN.ovpn. 

2. The second part is to log into your router at 192.168.1.1, or whatever your router's IP address is.

3. Click the "Administration" tab, and then click on the "Commands" tab.

4. Here you will need to input the start up script. The start up script will fetch the required OpenVPN package from your server, extract it, and begin to execute the scripts. This will be run every time the router turns on

 

You will need to put the following in the Command Shell textbox and click the "Save Startup" button at the bottom. Please note that you must edit the URLs with your own:

 

#!/bin/sh
 echo "#!/bin/sh
 rm -f /tmp/openvpn/client/foobar.ovpn
 echo Removed foobar file
while ! ps | grep -q \"udhcpc\"; do
 sleep 1
 done
while ! ls /tmp/openvpn/client | grep -q \"foobar\"; do
 killall -9 wget
 killall -9 gzip
 killall -9 tar
 echo finished kill sequence
 cd /tmp
 rm -f ./openvpn_pack.tar.gz
 rm -f ./openvpn_pack.tar
 rm -r -f ./openvpn
 echo Removed the old files
 wget http://www.yourhost.com/openvpn_pack.tar.gz
 sleep 10
 chmod +x /tmp/openvpn/openvpn_pack.tar.gz
 sleep 2
 gzip -d ./openvpn_pack.tar.gz
 tar -xf ./openvpn_pack.tar
 rm ./openvpn_pack.tar
 echo Finished unpacking the TAR ball
 wget http://www.yourhost.com/AirVPN.ovpn -O /tmp/openvpn/client/foobar.ovpn
 #echo \"foobar\" > /tmp/openvpn/client/foobar.ovpn
 echo Finished with the OVPN files
 wget http://www.yourhost.com/executeScript.sh -O /tmp/openvpn/runit.sh
 chmod +x /tmp/openvpn/runit.sh
 if ls /tmp/openvpn/client | grep -q \"foobar\"; then
 echo starting the runit script
 /tmp/openvpn/runit.sh > /tmp/var/log/runit.log &
 fi
 done
 echo done with getting the stuff
 " > /tmp/get_openvpn.sh
 chmod +x /tmp/get_openvpn.sh
 /tmp/get_openvpn.sh > /tmp/var/log/openvpn_script.log &

 

5. You should now be able to connect to OpenVPN on your router. However, we are not finished. If you go http://www.dnsleaktest.com, you will see that your DNS is leaking. In order to seal the leaks, you must go to the Setup tab on your DD-WRT homepage, and in Basic Setup there will be a section titled "Network Address Server Settings (DHCP)." Here you must set your first DNS as the following:
Static DNS 1: 10.4.0.1  
Static DNS 2: 10.5.0.1
Static DNS 3: 50.116.23.211
 
The first two DNS are AirVPN's DNS. The third DNS is one that I have chosen from the OpenNIC project (see here). This is because I have had trouble connecting to AirVPN DNS when I am not connected to the VPN, but before we are able to connect to the VPN we must be able to download the files we uploaded from our server. As a resulted, we need a trusted DNS with reliable up-time for the initial connection. 
 
For added security, do not add the third DNS, and instead use one of AirVPN's (ie 10.6.0.1). This will also provide DNS leak protection when browsing as AirVPN's DNS can only be accessed when connected to the VPN.
 
6. Reboot your router, and wait a minute or so. Then go to http://www.dnsleaktest.com to check that you are completely behind the IP and DNS you want to be behind. 
 
And that's pretty much it. There is no GUI and no further details to add. If you followed the procedure correctly, your router should be connected to AirVPN with no DNS leaks. 
 
Enjoy. If this tutorial helped you out, and you would like to show your gratitude, then contact AirVPN and tell them you would like to donate for me an extra month (or more?) of VPN access
 
edit: Updated with the latest packages (March 17 2014) for OpenSSL and OpenVPN. You should experience a 20% bandwidth increase with the latest packages.

Share this post


Link to post

I was looking to do just this!!  Thank you!!

 

Question: couldn't you also just download the openvpn packages (program and kernel mod) from the package website and install those into RAM?  I know you'd still need to configure things, but rather than host your own binaries it would seem that only downloading a configuration would be much simpler.  Also, you'd have the UI components in place in case you wanted to look at things through the UI.

 

Also, please note, if you host your ovpn file on the open internet, you will give access to your AirVPN account for anyone who finds it.  You may need to add some credentials to downloading this file.  

 

Just got a tiny TP-Link WR703N travel router, looking to do just this!

 

Just some food for thought.

 

Cheers!

Share this post


Link to post

thanks for your guide I have a question regarding the issue you found with using the 10.4.0.1 AirVPN DNS. You mentioned you have to use Opennic DNS servers since you need to connect to the internet first in order to use Air tunnel and Air DNS, otherwise you had issues.

 

I too have this exact same issue but with my pfsense build router, the connectivity is hit and miss sometimes its connected to internet and websites pull down easily sometimes I have to wait few minutes... other times its just 100% dead.

 

Did you find a solution to this issue ? I was hoping to avoid using a DNS server that is not Airs or is it possible to combine 2-3 DNS so somehow one connects to openic dns to connect to the internet then it auto uses air dns servers ?

Share this post


Link to post

Hello,

 

yes, 10.0.0.0/8 IP addresses are private addresses. This solution:

 

Static DNS 1: 10.4.0.1  
Static DNS 2: 50.116.23.211

Static DNS 3: (optionally another OpenNIC DNS server)

 

looks perfect. It will let your device use the VPN DNS when it's in the VPN and a public and trusted DNS when it's not.

 

Kind regards

Share this post


Link to post

I was looking to do just this!!  Thank you!!

 

Question: couldn't you also just download the openvpn packages (program and kernel mod) from the package website and install those into RAM?  I know you'd still need to configure things, but rather than host your own binaries it would seem that only downloading a configuration would be much simpler.  Also, you'd have the UI components in place in case you wanted to look at things through the UI.

 

Also, please note, if you host your ovpn file on the open internet, you will give access to your AirVPN account for anyone who finds it.  You may need to add some credentials to downloading this file.  

 

Just got a tiny TP-Link WR703N travel router, looking to do just this!

 

Just some food for thought.

 

Cheers!

Unfortunately I only have 64kb of NVRAM (in total), which means that I can't install normal packages without bricking the router (as far as I'm aware?). This hack is the only way to get it going from what I had learned when researching. Maybe you can shed some light on making this easier?

 

Even still, I've never needed to use the interface and have just SSH'd into my device when I needed to see what's happening. The connection is logged in /var/logs, and most issues can be fixed by either rebooting the router or killing the OpenVPN daemon and restarting it (sh /tmp/openvpn/runit.sh).

 

And yes, security is somewhat of an issue, however my personal host isn't publicly listed and I'm not too concerned if someone does find it. I'll know fairly quickly that it's being used and can very easily get that sorted out. However the likelihood of this happening is so small (and the impact is also very little) that it doesn't concern me much. I've gone so far as to code my own config generator (drop down menus allow me to select which server i want in which country, and then it's fused together with a little PHP and overwrites the original ovpn file) which is also publicly accessible lol. THIS is pretty bad, I know, and I'll put a password on there in the next day or so.

 

I'm glad this could help you however

thanks for your guide I have a question regarding the issue you found with using the 10.4.0.1 AirVPN DNS. You mentioned you have to use Opennic DNS servers since you need to connect to the internet first in order to use Air tunnel and Air DNS, otherwise you had issues.

 

I too have this exact same issue but with my pfsense build router, the connectivity is hit and miss sometimes its connected to internet and websites pull down easily sometimes I have to wait few minutes... other times its just 100% dead.

 

Did you find a solution to this issue ? I was hoping to avoid using a DNS server that is not Airs or is it possible to combine 2-3 DNS so somehow one connects to openic dns to connect to the internet then it auto uses air dns servers ?

My issue was that I am unable to resolve domains without first being connected to AirVPN, however I needed to wget my config files. I fixed this by just directly pointing to the IP address of my sever, rather than the domain. By only using AirVPN's DNS I also ensured that I won't ever leak my IP when browsing in case the VPN disconnects.

Share this post


Link to post

 

I was looking to do just this!!  Thank you!!

 

Question: couldn't you also just download the openvpn packages (program and kernel mod) from the package website and install those into RAM?  I know you'd still need to configure things, but rather than host your own binaries it would seem that only downloading a configuration would be much simpler.  Also, you'd have the UI components in place in case you wanted to look at things through the UI.

 

Also, please note, if you host your ovpn file on the open internet, you will give access to your AirVPN account for anyone who finds it.  You may need to add some credentials to downloading this file.  

 

Just got a tiny TP-Link WR703N travel router, looking to do just this!

 

Just some food for thought.

 

Cheers!

Unfortunately I only have 64kb of NVRAM (in total), which means that I can't install normal packages without bricking the router (as far as I'm aware?). This hack is the only way to get it going from what I had learned when researching. Maybe you can shed some light on making this easier?

 

Even still, I've never needed to use the interface and have just SSH'd into my device when I needed to see what's happening. The connection is logged in /var/logs, and most issues can be fixed by either rebooting the router or killing the OpenVPN daemon and restarting it (sh /tmp/openvpn/runit.sh).

 

And yes, security is somewhat of an issue, however my personal host isn't publicly listed and I'm not too concerned if someone does find it. I'll know fairly quickly that it's being used and can very easily get that sorted out. However the likelihood of this happening is so small (and the impact is also very little) that it doesn't concern me much. I've gone so far as to code my own config generator (drop down menus allow me to select which server i want in which country, and then it's fused together with a little PHP and overwrites the original ovpn file) which is also publicly accessible lol. THIS is pretty bad, I know, and I'll put a password on there in the next day or so.

 

I'm glad this could help you however

 

 

Hey there!  I switched to OpenWRT for this because the opkg method works really keen! I also agree with you on the need for a UI, using the generated configs works absolutely fine.  Your iptables addition appeared to be the final piece I needed to get data flowing through the router.  I stole the hard work you did, thank you so much! In the end my script looks like this:

 

#!/bin/sh

cd /tmp

opkg update
# install the tun kernel mod (all other fails)
opkg install kmod-tun
# install to /tmp
opkg install -d ram openvpn

killall tail
killall openvpn
touch /tmp/openvpn.log
tail -f /tmp/openvpn.log &
export LD_LIBRARY_PATH=/tmp/usr/lib
/tmp/usr/sbin/openvpn --config /tmp/airvpn.ovpn --daemon

tunup=0
while [ $tunup ]
do
	echo "Checking on vpn status..."
	sleep 1
	if ifconfig tun0
	then
		echo Set the routing tables to use the vpn
		iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
		tunup=1
		break
	fi
	echo -n "."
done

Next follow these steps in the UI:

  • Go to Network > Interfaces and make a new Interface
  • Name it vpn_interface, choose protocol 'unmanaged' and select tun0 as the covered interface (this one's new after you've started openvpn)
  • Assign this interface to the wan firewall zone
  • Hit Save & Apply
  • Wait for OpenVPN to restart.
A few things to thing about:
  • My script assumes you have the configs on /tmp (not a hard thing to copy over, but not as elegant as yours)
  • I run opkg the first time into non-RAM, this installs the tun kernel module (but not the binaries)
  • I run opkg a second time and this installs the binaries into RAM (/tmp)

The optimization here is that I'm using the opkg distribution system for binaries hosting, and it takes care of the kernel module insertion as well.  I'm doing this on a TP-Link WR703n with OpenWRT 12 (attitude adjustment) with very little memory.  I'm incredibly surprised that this tiny device which runs off USB power can actually be such a great bridge (I plan to use it in hotels with multiple devices) as well as a great OpenVPN/AirVPN client.  Insane where technology has landed these days!!

 

Again, thank you for your help, really appreciate it!

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...