So as you may remember from a previous post, I wanted to run my VPN on the router, but had trouble finding one that had native support for OpenVPN in the DD-WRT firmware build. Although it can’t be installed in the firmware, it turns out you can still enable the functionality by loading the libraries and scripts into RAM and running them from there.
As I said, I closely followed the advice of the DD-WRT forum user that goes by “jnjn”. This link is the key forum discussion on the subject.
http://www.dd-wrt.com/phpBB2/viewtopic.php?p=541541#541541
That being said, I made some changes to the script. Below are the actual scripts I used to setup my router.
The biggest change to “jnjn’s” original code was putting in a wait for “udhcpc” process to be up and running before going on to grab files from the FTP server. Before I added that to the scripts, I had very unpredictable and unproductive startups of the router. When I tried running all the same scripts from the telnet command line, there was no such behavior. I don’t have any evidence of what was going on, but I’ve had none of the problems since putting that wait into the script.
The other thing that’s missing is the “ovpn” config file. I downloaded a ZIP file from Astrill based on my MAC address for my router. You can do the same, or you can write your own file for a different service or for other purposes.
—————————————————————–
Startup script (entered into the “commands” window under the Administration tab in DD-WRT web management interface)
—
#!/bin/sh echo "#!/bin/sh rm -f /tmp/openvpn/client/foobar.ovpn echo Removed foobar file while ! ps | grep -q \"udhcpc\"; do sleep 1 done while ! ls /tmp/openvpn/client | grep -q \"foobar\"; do killall -9 wget killall -9 gzip killall -9 tar echo finished kill sequence cd /tmp rm -f ./openvpn_pack.tar.gz rm -f ./openvpn_pack.tar rm -r -f ./openvpn echo Removed the old files wget ftp://ftpuser:userpw@yourFTPserver/openvpn_pack.tar.gz gzip -d ./openvpn_pack.tar.gz tar -xf ./openvpn_pack.tar rm ./openvpn_pack.tar echo Finished unpacking the TAR ball wget ftp://ftpuser:userpw@yourFTPserver/YourConfigFile.ovpn -O /tmp/openvpn/client/YourConfigFile.ovpn echo \"foobar\" > /tmp/openvpn/client/foobar.ovpn echo Finished with the OVPN files wget ftp://ftpuser:userpw@yourFTPserver/executeScript.sh -O /tmp/openvpn/runit.sh chmod +x /tmp/openvpn/runit.sh if ls /tmp/openvpn/client | grep -q \"foobar\"; then echo starting the runit script /tmp/openvpn/runit.sh > /tmp/var/log/runit.log & fi done echo done with getting the stuff " > /tmp/get_openvpn.sh chmod +x /tmp/get_openvpn.sh /tmp/get_openvpn.sh > /tmp/var/log/openvpn_script.log &
————————
executeScript.sh
—
#!/bin/sh cd /tmp/openvpn export LD_LIBRARY_PATH=/lib:/usr/lib:/jffs/lib:/jffs/usr/lib:/jffs/usr/local/lib:/mmc/lib:/mmc/usr/lib:/opt/lib:/opt/usr/lib:/tmp/openvpn/lib cd /tmp/openvpn #./start_openvpn.sh & killall -9 openvpn sleep 2 killall -9 openvpn /tmp/openvpn/bin/openvpn --config /tmp/openvpn/client/YourConfigFile.ovpn --daemon echo Started the daemon echo Starting loop to update the routing tunup=0 while [ $tunup ] do sleep 1 if ifconfig tun0 then iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE tunup=1 echo Set the routing tables to use the vpn break fi done
——————————————
Contents of openvpn_pack.tar.gz
—
openvpn: drwxr-xr-x 2 root root 0 Feb 4 11:31 bin drwxr-xr-x 2 root root 0 Feb 4 11:31 client drwxr-xr-x 2 root root 0 Feb 4 11:31 lib openvpn/bin: -rwxr-xr-x 1 root root 365844 Feb 17 2011 openvpn openvpn/client: openvpn/client:openvpn/lib: -rw-r--r-- 1 root root 1075336 Feb 17 2011 libcrypto.so.0.9.8 -rw-r--r-- 1 root root 234240 Feb 17 2011 libssl.so.0.9.8
CS
/ May 6, 2013How is it going? Is your VPN still working? I’m in Shenzhen trying to set up my dd-wrt router but as OpenVPN is now blocked in China I’m not sure if I’ll succeed. If you have a solution I would love to hear about it!
shanghaipolack
/ June 9, 2013Yes, many VPNs are now blocked in China after a big increase in deep packet inspection in the last 8 weeks of last year.
There are still quite a few that work. Do a search for best VPNs in China, and look for a review that seems up to date and detailed. I switched providers earlier this year and am very happy with the new company, back running through the router to cover the whole house. Astrill was no longer a viable option.