Jump to content
Not connected, Your IP: 3.137.162.21
Sign in to follow this  
Baxter

Suggested DD-WRT FirmWare for OpenVPN on WRT54GL Linksys Router

Recommended Posts

Hi all,

I am just a bit wondering, which DD-WRT Firmware Version would be recommended to use in

a WRT54GL V1.1 Router.

I did check the supported router database on their Site, but all FW suggested is from 2009

and if I am not wrong, many updates to OpenVPN itself have been done,

so this may be a reason why I am currently unable to connect to any AirVPN Destination

with the WRT Router itself, but any client I use in my Homenet, is able to build up the connection using the local windows AirVPN Client.

Hence, I would like an answer, which DD-WRT FW will work with theWRT54GL and AirVPN.

Thanks in Advance for your advice,

Baxter

Share this post


Link to post

Hi all,

I just like to share my findings of the past days, with much help from this forum I was finally able to have everything setup the way I wanted to.

First of all, what I experienced, getting errors in the form of TLS Handshake TimeOut (the 60sec. ones) und disconnect issues, EVEN with no iptables or firewall rules in effect, is truly the reason of the firmware.

For the WRT54GL V1.1 I use, I found this build working:

DD-WRT v24-sp2 (03/08/12) vpn - build 18687

Just make sure to get the correct build number and the openvpn generic Firmware build.

Second, I had to use these iptables rules in the DD-WRT to get the traffic correctly forwarded.

iptables -I FORWARD -i br0 -o tun1 -j ACCEPT

iptables -I FORWARD -i tun1 -o br0 -j ACCEPT

iptables -I INPUT -i tun1 -j REJECT

iptables -t nat -A POSTROUTING -o tun1 -j MASQUERADE

iptables -t nat -A POSTROUTING -o tap0 -j MASQUERADE

I had to check (using ifconfig) which correct tun device the openvpn client created, for me it was tun1

Hence, I had to adapt the rules for this.

Hope this may be of help to anyone in the future.

Kind regards,

Baxter

Share this post


Link to post

Thank you for posting this, I am actually running into similar trouble using v24-sp2 (10/10/09) vpn
(SVN revision 13064)
, in my case however, I have successfully added 3 of the four files. Unfortunatly, the CA.crt would not take for some reason. I assumed the text from the ca.crt file would be applied in the

/Services/VPN/Openvpn Daemon/"Public Server Cert" box. <--Apparently this is a new name given to the CA.crt box.

When the CA.crt code was pasted here, it did not hold after clicking apply. The box just cleared the code. weird...

 

I was refereed here by support to this thread and started looking around. So far the only place I have found the 18687 build is through the link below, but I do not see a folder for the WRT54GL that was mentioned in this thread... Is there another place I should be looking?

 

 

ftp://ftp.dd-wrt.com/others/eko/BrainSlayer-V24-preSP2/2012/03-08-12-r18687/files/

 

Thanks,

 

Share this post


Link to post

There may be variations in the way the text boxes for the various keys are named among all the iterations of the dd-wrt firmware.

 

Check this page:  https://airvpn.org/ddwrt/  and see if those instructions match what you see in the particular version you are using.

 

Hope this helps.

 

 

Share this post


Link to post

While I get that the router you are using is an old work horse it will good a long way to upgrade to a newer router with more RAM and a better CPU. OpenVPN takes a lot of resources to run well and the W54 just lacks those. For likely $40 or less you could get a much more capable router for VPN usage. 

Share this post


Link to post

Hello!

 

The following build has been tested and it fully works with AirVPN, for Linksys WRT-54GL 1.1:

DD-WRT v24-sp2 (03/08/12) vpn - build 18687

 

Also confirmed by Baxter and other people:

https://airvpn.org/topic/6525-suggested-dd-wrt-firmware-for-openvpn-on-wrt54gl-linksys-router/?do=findComment&comment=6612

 

The newest build you cite has not been tested so far: feel free to try, just keep in mind that it's not been tested yet. See also here to avoid bugged builds:

http://svn.dd-wrt.com/ticket/2536

 

EDIT:

some additional notes to help you avoid bugged DD-WRT firmwares can be found on this thread:
https://airvpn.org/topic/4292-dd-wrt-not-connecting-on-linksys-e2500-router/?do=findComment&comment=4358

 

Kind regards

Share this post


Link to post

Baxter, it is great that you somehow got it to work. I tried the link of the firmware to 18687 for the wrt54g after a bunch of google searches turned up nothing else for the wrt54gl or a generic build and now I will have to JTAG the effing thing since I can't even ping it now. If you are going to post that you got it working how about you at least do us the courtesy of posting a link to the build that you used.

Share this post


Link to post

I can confirm that the 18687 build of DD-WRT works. I was very near to using the wrt54g build and bricking my router until I read joker69's post, so thanks for that.
 
Here's the direct link to the firmware image file for WRT54GL 1.1, it took quite a bit of work to uncover:
 
ftp://dd-wrt.com/others/eko/BrainSlayer-V24-preSP2/2012/03-08-12-r18687/files/broadcom/dd-wrt.v24_vpn_generic.bin
 
I can confirm that this build works with airvpn, although it needs a bit of tweaking. There's a bug in this particular version of the firmware that makes the Hash Algorithm setting revert back to SHA256, but airvpn uses SHA1. Maybe some servers auto-negotiate this, but I needed to force this to SHA1 for it to work.
 
The following setting needs to be changed in the openvpn.conf file on the router: 
 

 

auth sha1
 

I'm still struggling with making this thing apply with a startup script so the setting won't be lost when I reboot, but at least it's working when I add this manually through telnet.

Share this post


Link to post

Just a quick thank you and a question...

 

Firstly, thanks for the suggestion of using build 18687 on my ol' WRT54GL. Got it connecting to AirVPN reliably (as far as I can see, although the Hash Algorithm setting does change on its own as mentioned above - but doesn't seem to matter). 

 

Secondly, is there much of a difference between Baxter's iptables rules and the DD-WRT firewall rules listed on the setup page?

The reason I ask is my connection seems to work with both, and being a noob I don't really know the difference between tun0 and tun1, or why Baxter includes a line for tap0 while the setup page doesn't. If someone could explain this that would be fantastic!

 

Thanks again.

 

edit: Actually, looks like Baxter's iptables rules don't work on my system - but the firewall rules on the setup page seem to (for both wired and wireless access). However, I am a little concerned when the log keeps showing lines such as: 

 

20140325 11:31:32 MANAGEMENT: Client connected from 127.0.0.1:5001

20140325 11:31:32 D MANAGEMENT: CMD 'state'

20140325 11:31:32 MANAGEMENT: Client disconnected

20140325 11:31:32 MANAGEMENT: Client connected from 127.0.0.1:5001

20140325 11:31:32 D MANAGEMENT: CMD 'log 500'

20140325 11:31:32 MANAGEMENT: Client disconnected 

 

Is this a problem? I don't seem to be losing VPN connectivity, but if it's disconnecting and reconnecting so quickly I don't notice that could be a problem. If anyone has any insight I'd love to hear it, otherwise I might try Tomato and see if the result is the same.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...