I always wanted to have a separate WiFi access point in my home network that automatically tunnels traffic through my VPN server in the US, instead of having VPN clients installed on every device that require the use of the VPN. At times, some devices do not have support for VPN clients to be installed. I then began doing a bit of research and found that the DD-WRT firmware might be able to help me achieve this goal.
I recalled that I was given a new AC1750 D-Link 868L router by Starhub a while back and it was just sitting in one corner collecting dust. I decided to reflash that router and add it as a bridge to my current network’s router. As information on that particular router online is pretty scarse, it took a few tries and several bricks to get it working as intended.
These are the steps to get DD-WRT working: (with a lot of trial and errors!)
- Navigate to the D-Link’s router administrative interface and update the stock firmware to the first ever factory release firmware. (DIR868LA1_FW100SHCb01.bin from the official site will work)
- When that is done, repeat step 1, but with the following firmware specifically for the 868-L: r25974-factory-to-ddwrt_base.bin, available on the official DD-WRT repository.
- The router should be on the base DD-WRT firmware after the reboot.
- Clear the NVRAM.
- Navigate to the DD-WRT’s firmware page and update the firmware that is specifically for the 868-L: r27506-dir868a-webflash.bin, which can also be found on the official DD-WRT repository.
- After the reboot, the 868-L will be running a full-fledged version of DD-WRT.
The next few steps involves getting the configuration right for the WiFi access point that has VPN tunnelling:
- First navigate to the wireless tab in DD-WRT administrative interface. Scroll down slightly and you should see a ‘Virtual Interface’ section. Click on ‘Add’.
- You should now see a new section right at the bottom of the page showing the newly added interface.
- Name it accordingly. If unsure, you simply replicate my settings as follows:
- Now that the virtual AP is set, the next step would be to create a virtual bridge. Navigate to the ‘Setup’ –> ‘Networking’ tab. Under the ‘Bridging’ section, create a new bridge named ‘br1’. Here, you can assign an IP range that belongs to the ‘br1’ bridge interface. My settings are as follows:
- Now the bridging is settled, the next step is to set the VPN settings, which can be easily done under the ‘Services’ –> ‘VPN’ tab. I am using OpenVPN and after configuring it correctly, you should see the following page under ‘Status’ –> ‘OpenVPN’. This depends on your VPN settiings.
- The last step is to set the routing on the device. I set a start-up script under the ‘Administration’ –> ‘Commands’ tab as follows:
sleep 220; tun_name=$(ifconfig | sed -n 's/.*\(tun[^ ]\).*/\1/p'); tun_addr=$(ifconfig $tun_name | sed -nr 's/.*P-t-P:([^ ]+) .*/\1/p'); ip rule add from 10.13.37.0/24 table 200; ip route add default via $tun_addr dev $tun_name table 200; ip route flush cache;
- All the settings should be configured now. Your new virtual AP should have all traffic tunneled through the VPN.