Articles in this section

How to Set Up OpenVPN on DD-WRT Routers

This guide will walk you through setting up CyberGhost VPN on a DD-WRT router using OpenVPN, step by step.

Jump To…

Requirements

Things to Know Before You Start

Step-by-Step Guide

How to Check if the VPN Is Working

Requirements

To set up CyberGhost VPN on a DD-WRT router, you’ll need the following:  

  • A router with DD-WRT firmware that supports OpenVPN

You can check whether your router supports DD-WRT firmware here. Also, here’s an article on how to install DD-WRT firmware on a router.

  • A CyberGhost account

How to create a CyberGhost account online

How to manage your CyberGhost account

  • A CyberGhost subscription

How to purchase or upgrade a subscription

How to activate your subscription with an activation key

Note: If you'd prefer a simpler option, FlashRouters offers DD-WRT routers that come pre-configured with CyberGhost VPN, so no manual setup is needed.

exp.pngDisclaimer: This guide is as detailed as possible, but some technical knowledge is required. Steps may vary slightly depending on your router model or firmware version, and information may not always reflect the latest updates.

Things to Know Before You Start

  • Routers have weaker processors than computers, so VPN speeds will be slower than connecting directly from a device. If speed is a priority, connecting directly from your PC, laptop, or tablet will give better results.
  • If your router doesn't have built-in DSL functionality, your internet connection will still be managed by your DSL modem. In that case, connect your devices to the router, and the router connects to the modem. Make sure your devices are set to connect to the new router's network, not your old one, or simply disable the modem's WiFi if you no longer need it.
  • Flashing your router with DD-WRT may void your warranty and carries a small risk of bricking the device, for example, if the power cuts out mid-flash. CyberGhost isn’t responsible for any damage. Check your dealer's policy before proceeding.

Step-by-Step Guide

This tutorial on setting up an OpenVPN connection on your DD-WRT router uses the following configuration:

  • Firmware: DD-WRT v3.0-r40900 std (09/04/19)
  • Hardware: Linksys WRT32x

Step 1: Set Up Your Router

The first thing you should do is make sure your DD-WRT router can connect to the Internet.

Then open your browser and go to 192.168.1.1 to access your router's management console. Note that this is the default address. If you've changed it before, use that address instead.

Once you’re in:

  1. Click Setup > Basic Setup and make sure the connection type is set to Automatic Configuration - DHCP. This lets your router automatically get an IP address from your modem.
  2. Next, under Network Setup, assign your router a fixed local IP address. Whatever address you set here will become the address you use to access the router's management console going forward.

Note: Leave all other settings as they are unless your ISP has provided you with specific configuration details, such as a static IP address or custom DNS servers. In that case only, enter those details here instead.
 

Untitled.png

  1. Navigate to Setup > IPV6 and select Disable. This is optional but recommended to prevent IP leaks. 
  2. Then, click Apply Settings and Save.

disable-ipv6.png

Step 2: Create a CyberGhost VPN Configuration

  1. Visit your CyberGhost VPN online account. If prompted, enter your credentials to log in.
CyberGhost login screen.
  1. Select VPN from the left-side menu, then click Configure Device.

CyberGhost interface showing the "VPN" and "Configure Device" options highlighted.

  1. Next, create your server configuration, as described below:
  • Protocol: OpenVPN.
  • Country: The server location you want to connect to. You can choose one location per configuration. If you want to change the location afterwards, you’ll need to create a different configuration. 
  • Server group: The server group and the OpenVPN protocol (UDP or TCP) you want to use:
    • OpenVPN UDP: Allows higher speed than the TCP version but can result in broken downloads in some cases. This is the default setting.
    • OpenVPN TCP: Allows more stable connections than the UDP version but is a bit slower. Choose this version if you have recurrent connection issues such as sudden disconnections.
  1. Once done, click Save Configuration.
Once done, click Save Configuration.
  1. You’ll be taken to the VPN tab automatically. Select View next to the configuration.
Router-How-to-Set-Up-OpenVPN-on-DD-WRT-Routers-4.png
  1. Take note of the following:
  • Username: The username generated for this configuration. This isn’t your regular CyberGhost account username. It only authenticates this manual configuration with CyberGhost’s servers.
  • Password: The password generated for this configuration. This isn’t your regular CyberGhost account password. It only authenticates this manual configuration with CyberGhost’s servers.
  1. Then, click on Download Configuration to download the config file to your computer.
CyberGhost router configuration showing the "Download Configuration" option highlighted.

Important: Please keep your username and password obtained during the configuration process at hand, as you will be asked to enter them later in the setup.

The saved config file contains the following single files:

  • ca.crt: This is the certificate of the certification authority.
  • client.crt: This is the user certification file.
  • client.key: This is your private key file.
  • openvpn.ovpn: This is your OpenVPN configuration file.

Step 3: Add the VPN Configuration to the Router

  1. Open your router interface at 192.168.1.1.
  2. Once in the router management console, click Services > VPN.
  3. Scroll down to OpenVPN Client and check the Enable option next to Start OpenVPN Client.

start-openvpn.png

  1. Fill in the following settings:

  • Server IP / Name: Enter the server group from step 2 (for example, xx-xx-ca.cg-dialup.net).
  • Port: 443
  • Tunnel Device: TUN
  • Tunnel Protocol: UDP or TCP (depending on which protocol type you have chosen in step 1)
  • Encryption Cipher: AES-256-CBC
  • Hash Algorithm: SHA256
  • User Pass Authentication: Enable
  • USERNAME: The username you have generated when adding the device in step 1. This isn’t your regular CyberGhost username.
  • PASSWORD: The password you have generated when adding the device in step 1. This isn’t your regular CyberGhost password.
  • Advanced Options: Enabled
  • TLS Cipher: None
  • LZO Compression: Disabled
  • NAT: Enable
  • Firewall Protection: Enable
  • IP Address: Leave blank
  • Subnet Mask: Leave blank 
  • Tunnel MTU setting: 1500
  • Tunnel UDP Fragment: Leave blank
  • Tunnel UDP MSS-Fix: Disable
  • nsCertType verification: Leave unchecked
  • TLS Auth Key: Leave blank
mceclip0.png

Additional Config

Go to the folder where you've extracted the downloaded configuration, right-click the openvpn.ovpn file, and open it with a text editor. Any text editor will do, but WordPad displays the config more clearly.

OpenWith.jpg

  1. Once open, select the passage from “resolv-retry infinite” to “verb 4” and copy the selected text.

ovpn.png
  1. Right-click in the Additional Config field and click Paste.

paste.jpg

For the rest of the fields:

  • Policy Based Routing: Leave blank
  • PKCS12 Key: Leave blank
  • Static Key: Leave blank
  • CA Cert: Right-click the ca.crt file, choose Open With > WordPad or Notepad, and copy all of the text and paste it into this field.
  • Public Client Cert: Right-click the client.crt file, choose Open With > WordPad or Notepad, and copy all of the text and paste it into this field.
  • Private Client Key: Right-click the client.key file, choose Open With > WordPad or Notepad, and copy all of the text and paste it into this field.

Here’s how the additional configurations should look: 
mceclip2.png

Step 4: Finalize the Router Configuration

  1. Click on the Administration tab in your router settings, and select Commands.
  2. In the Command Shell field, copy and paste the following commands:

iptables -I FORWARD -i br0 -o tun1 -j ACCEPT
iptables -I FORWARD -i tun1 -o br0 -j ACCEPT
iptables -I INPUT -i tun1 -j REJECT
iptables -t nat -A POSTROUTING -o tun1 -j MASQUERADE
  1. Next, click Save Firewall.

firewall.png

  1. You can now reboot the device by going to Administration > Management > scroll all the way down and click Reboot Router

mceclip0.png

Note: You may need to wait some time (upwards of 1 minute, depending on the router) for the settings to apply.

How to Check if the VPN Is Working

To verify the VPN is working:

  1. In your router settings, navigate to Status > OpenVPN.
  2. Under State, you should see the message: Client: CONNECTED SUCCESS.

connected.png

  1. Restart your browser (this is extremely important as location info may be cached in the browser) and visit a website like iplocation.net to verify the change of your IP.

Need assistance? Contact our Customer Support team:

Related articles

Comments

0 comments

Article is closed for comments.