CyberGhost can be used on routers with the alternative firmware DD-WRT and with integrated OpenVPN support, if the following preconditions are met:
Important note: Please make sure that you run an IPv4 Internet connection. Some Internet Service Providers already connect with the IPv6 protocol, which is not supported by CyberGhost. While the CyberGhost client takes care of deactivating IPv6 under Windows, users of native protocols have to do this manually. If IPv6 is not deactivated, data might leak outside the IPv4 VPN tunnel!
First thing you should do is to make sure your DD-WRT router can connect to the Internet, but also is in a different network class then any other router you might have. For that open your router settings, click on 'Setup' in the upper menu and on 'Basic Setup' in the lower menu, activate the automatic configuration of IP addresses (DHCP) for the WAN and give your DD-WRT router a fixed local IP address under 'Network Setup'.
Visit your CyberGhost VPN online account.
Click on the menu entry 'My Devices' and then on button 'Add Device'.
In the list of Operating Systems you can CyberGhost use with, please click on 'Other' to be able to setup all necessary options for the OpenVPN protocol. When done the screen extends and gives way to 'Create new credentials'. Do it by clicking on the respective button.
Scroll up the page. As you see, the placeholder for a new device is now replaced by 'Linux, Router, etc.'. Click on that button:
Type a name for your new device and activate the wanted extra features, provided with each Premium subscription:
Scroll down and generate the login and configuration data for the OpenVPN protocol:
- Protocol: Choose the OpenVPN protocol you want to use:
- OpenVPN (UDP): UDP allows higher speed than the TCP version, but can result in broken downloads in some cases. This is the default setting.
- OpenVPN (TCP): TCP allows more stable connections than the UDP version, but is a bit slower. Choose this version, if you have recurrent connection issues such as sudden disconnections.
- Country: Since native protocol connections may only be used with exactly one server you now have to choose the country you want to surf from; the server to be used in this country will be chosen by CyberGhost automatically. (If you want or need different PPTP, L2TP or OpenVPN connections in different countries, repeat all steps for every country.)
- Server group: Depending on the chosen country as well as the availability of different server types as an attribute of your current plan you can also define a server group to use:
- Standard Server: This is the group of all paid service servers (Special Edition, Premium, Premium Plus)
- Premium Server: This is the smaller group of all exclusive servers for Premium subscribers (Premium, Premium Plus)
- NoSpy Server: This is the group of all exclusive NoSpy servers for Premium subscribers with special extensions.
After setting up your connection wishes please note down the following data sets. You will need them to configure your device:
- Server: This is the address of the country (server) you want to be connected with, e.g. '1-ro.cg-dialup.net'. Note: This address changes with every country you have chosen in the step before. The actual single server to be used will be chosen automatically by CyberGhost.
- User name: A solely for protocol usage generated user name. This is NOT your regular CyberGhost account user name.
- Password: A solely for protocol usage generated password. This is NOT your regular CyberGhost account password.
Once done, please download the configuration file. For that please click on 'Download Configuration' and save the file on your computer. It's a ZIP file, which contains the following single configuration files:
- ca.crt: This is the certificate of the certification authority
- client.crt: This is the user certification file
- client.key: This is your private key file
- openvpn.ovpn: This is your OpenVPN configuration file
Note: If you need to change the country to surf from, you must re-configure the location to use in your account management and download the new zipped config file.
Open your router interface and click in the upper menu on ‚Services‘ and in the lower menu on ‚VPN‘. Locate the area 'OpenVPN Client' and click right to 'Start OpenVPN Client' on 'Enable'.
Now you need to start filling in the client's settings:
- Server IP / Name: Please enter the server address of Step 2, e. g. '4-de.cg-dialup.net'. Depending on the country to connect with, the second block of each address will be exchanged, e.g. instead '4-de.cg-dialup.net‘ (for Germany with Standard Server Group) '4-ro.cg-dialup.net‘ (for Romania with Standard Server Group). When configuring location and server group, the complete and proper address will be generated automatically for you. It includes encrypted information about your plan, the country, the server group chosen and the domain name; the protocol to be used will be detected automatically when connecting to CyberGhost.
- Port: The port address is '443'.
- Tunnel Device: TUN
- Tunnel Protocol: UDP or TCP, depending on which protocol type you have chosen in step 1
- Encryption Cipher: AES
- Hash Algorithm: MD5
- nsCertType verification: not checked
- Advanced Options: Enabled
- TLS Cipher: not checked
- LZO Compression: Adaptive
- NAT: Disable
- Bridge TAP to br0: Disable (we will do this with firewall commands)
- IP Address: leave blank
- Subnet Mask: leave blank
- Tunnel MTU setting: 1500
- Tunnel UDP Fragment:1300
- Tunnel UDP MSS-Fix: Disable
- LS Auth Key: leave blank
- Additional Config: In this box please type in 'auth-user-pass /tmp/key.txt' and then copy from your downloaded 'openvpn.ovpn' configuration file the passage from 'resolv-retry infinite' to 'comp-lzo' into it. For that you open the file with an editor, mark the passage, copy the text with 'Control-C' and insert the text here with 'Control-V'. Afterwards the content should look similar to this sample (see also screen shot below):
explicit-exit-notify 2 [Note: Some routers don't understand this command. In cases of doubt or if the configuration doesn't work, please remove this entry.]
|Please don’t copy the example text above and use your downloaded OpenVPN file, because a server configuration might have been changed after publishing this article.|
Now take care of the next options:
- Policy based Routing: leave blank
- PKCS12 Key: leave blank
- Static Key: leave blank
- CA Cert: In this box please copy all text of the file 'ca.crt'. For that you open the respective file with a simple editor and copy the text like you have done before with the 'openvpn.ovpn'.
- Public Client Cert: In this box please copy all text of the file 'client.crt'.
- Private Client Key: In this box please copy all text of the file 'client.key'.
At last click on 'Save' and then on 'Apply Settings'.
Activate the tab 'Administration' in the upper menu and 'Commands' in the lower menu. In the area 'Command Shell' you now enter the following commands:
echo 'username' > /tmp/key.txt
echo 'password' >> /tmp/key.txt
Please enter the user name created in step 1 instead 'username' and the password created in step 1 instead 'password' , e.g. 'echo johndoe12345 > /tmp/key.txt'.
|DO NOT use your regular CyberGhost user name and password, which you use to login in the client and your account management!|
Click on 'Save Startup'.
Now enter the following commands, again in the 'Command Shell':
iptables -I FORWARD -i br0 -o tun1 -j ACCEPT
iptables -I FORWARD -i tun1 -o br0 -j ACCEPT
iptables -I INPUT -i tun1 -j REJECT
iptables -t nat -A POSTROUTING -o tun1 -j MASQUERADE
Click on 'Save Firewall'.
You can now reboot the device and after the reboot you are connected to CyberGhost. You can check this on your router's interface under 'Status > OpenVPN'.