Flashing DD-WRT on D-Link’s 868-L Router

I always wanted to have a separate WiFi access point in my home network that automatically tunnels traffic through my VPN server in the US, instead of having VPN clients installed on every device that require the use of the VPN. At times, some devices do not have support for VPN clients to be installed. I then began doing a bit of research and found that the DD-WRT firmware might be able to help me achieve this goal.

I recalled that I was given a new AC1750 D-Link 868L router by Starhub a while back and it was just sitting in one corner collecting dust. I decided to reflash that router and add it as a bridge to my current network’s router. As information on that particular router online is pretty scarse, it took a few tries and several bricks to get it working as intended.

These are the steps to get DD-WRT working: (with a lot of trial and errors!)

  1. Navigate to the D-Link’s router administrative interface and update the stock firmware to the first ever factory release firmware. (DIR868LA1_FW100SHCb01.bin from the official site will work)
  2. When that is done, repeat step 1, but with the following firmware specifically for the 868-L: r25974-factory-to-ddwrt_base.bin, available on the official DD-WRT repository.
  3. The router should be on the base DD-WRT firmware after the reboot.
  4. Clear the NVRAM.
  5. Navigate to the DD-WRT’s firmware page and update the firmware that is specifically for the 868-L: r27506-dir868a-webflash.bin, which can also be found on the official DD-WRT repository.
  6. After the reboot, the 868-L will be running a full-fledged version of DD-WRT.

The next few steps involves getting the configuration right for the WiFi access point that has VPN tunnelling:

  1. First navigate to the wireless tab in DD-WRT administrative interface. Scroll down slightly and you should see a ‘Virtual Interface’ section. Click on ‘Add’.
  2. You should now see a new section right at the bottom of the page showing the newly added interface.
  3. Name it accordingly. If unsure, you simply replicate my settings as follows:Screen Shot 2016-01-18 at 10.09.46 AM
  4. Now that the virtual AP is set, the next step would be to create a virtual bridge. Navigate to the ‘Setup’ –> ‘Networking’ tab. Under the ‘Bridging’ section, create a new bridge named ‘br1’. Here, you can assign an IP range that belongs to the ‘br1’ bridge interface. My settings are as follows:Screen Shot 2016-01-18 at 10.13.49 AM
  5. Now the bridging is settled, the next step is to set the VPN settings, which can be easily done under the ‘Services’ –> ‘VPN’ tab. I am using OpenVPN and after configuring it correctly, you should see the following page under ‘Status’ –> ‘OpenVPN’. This depends on your VPN settiings.Screen Shot 2016-01-18 at 10.20.10 AM
  6. The last step is to set the routing on the device. I set a start-up script under the ‘Administration’ –> ‘Commands’ tab as follows:
    sleep 220;
    tun_name=$(ifconfig | sed -n 's/.*\(tun[^ ]\).*/\1/p');
    tun_addr=$(ifconfig $tun_name | sed -nr 's/.*P-t-P:([^ ]+) .*/\1/p');
    ip rule add from 10.13.37.0/24 table 200;
    ip route add default via $tun_addr dev $tun_name table 200;
    ip route flush cache;
  7. All the settings should be configured now. Your new virtual AP should have all traffic tunneled through the VPN.

 

Advertisements

3 thoughts on “Flashing DD-WRT on D-Link’s 868-L Router

    1. v00d00sec Post author

      Hello there, that IP range will be the router’s bridged interface (br1). The rule is to allow routing from the br1 interface to the VPN interface. So if you set the IP for br1 to 192.168.88.1 for example, you will need to change the rule to “ip rule add from 192.168.88.0/24 table 200;” instead. Hope this helps.

      Like

      Reply
  1. Pingback: Virtual Wireless Access Point with VPN on DD-WRT | x76 x30 x30 x64 x30 x30 x73 x65 x63

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s