- DD-WRT v3.0-r37845M kongac (11/25/18) on a Netgear R7000
- I have configured my R7000 as a Wireless Access Point (see https://wiki.dd-wrt.com/wiki/index.php/Wireless_access_point)
Step 1, generate OpenVPN configuration files
- www.airvpn.org => Client Area => Config Generator
- Activate "Advanced Mode"
- Choose your Operating System: Router
- Choose your OpenVPN version: >= 2.4
- Need IPv6?: IPv4 only
- Advanced (right part of the screen): Activate "Separate keys/certs from .ovpn file"
- Protocols: Protocol: TCP; Port: 443; Entry IP: 3; Specs: tls-crypt, tls 1.2
- Choose server
- Generate protocol
- Select ZIP
Now you have generated a ZIP file containing the following 5 files:
ca.crt; user.crt; user.key; tls-crypt.key; and a .ovpn file, for example: AirVPN_NL-Alblasserdam_Muscida_TCP-443-Entry3.ovpn.
Step 2, DD-WRT => Services => VPN => OpenVPN Client
Hash Algorithm: SHA512
ca.crt goes in "CA Cert"; user.crt goes in "Public Client Cert"; user.key goes in "Private Client Key".
The tls-crypt.key goes in "Additional Config" between <tls-crypt> and </tls-crypt>.
Furthermore I´ve put the following two settings in "Additional Config": remote-cert-tls server and auth-nocache.
The contents of "Additional Config" could, for example, look like this:
content of tls-crypt.key
The only dissappointing thing: https://2ip.io/privacy/ still knows I am using a VPN service: