OpenVPN can be run in two modes: routed and bridged. The steps below set up a routed VPN so we could keep our existing subnets at each site. If you are looking for bridged VPN instructions client here. One of the WRTs should be the VPN server and the other shouild be the VPN client. This senerio works well when one site has a static internet IP address and a valid DNS entry while the other site is setup with DHCP. If both sites are setup with DHCP internet addresses, the server VPN should have a Dynamic DNS entry at a provider like www.dyndns.com. DynDNS.com is a free service and there is a client built into DD-WRT.
These instructions are written assuming that you will configure the VPN server WRT first and the client WRT second.
2) Logon to the
web management interface in DD-WRT. Select the Administration tab. Scoll down until
you find the JFFS2 Support
information. JFFS2 must be enabled. If you have never enabed JFFS2
before you will also need to select the Clean
JFFS2 enable button to initialize the file system. Scroll to
the bottom and select Save Settings.
3) Select the Administration tab
and then the Services subtab.
Scroll down to the OpenVPN client section
and make sure that Start OpenVPN
is set to Disable. If you had
to disable it, make sure you scroll to the bottom and click Save Settings. You have to leave this
disable because the configuration in DD-WRT is design to act as a
client to a vPN server running on a full-blown linux or other host.
4) Telnet to your router and enter the username of root and your administrative password.
5a) If this is your second WRT (the VPN client DD-WRT) skip to step 5b. If this is the VPN server WRT type in openvpn --genkey --secret /jffs/static.key and hit <enter>. This will generate the static key we will use for our VPN. (Once the command is complete the WRT will return to the bash prompt. Now type cat /jffs/static.key and hit <enter>. Copy and paste the output into notepad or wordpad. You will need the key information for the next router. Now you can skip to step 6.
Below is a static key example. DO NOT USE THIS KEY YOUR VPN WILL NOT BE SECURE.
# 2048 bit OpenVPN static key
#-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----
5b) At the prompt tyep vi /jffs/static.key and hit <enter>. Hit i to enter insert mode and then paste in the static key information your copied into notepad when working on your VPN server WRT. After you are done pasting, hit escape and then type :wq and hit <enter>
6) At the prompt type chmod 700 /jffs/static.key and hit <enter>
7a) If you are working on the VPN client WRT skip to step 7b. On the VPN server WRT copy the following script and paste on the command line. (Check the scipt for comments on the few items than need to be updated to match your environment.)
------------------- Copy starting below this line. -------------------
nvram set rc_firewall='
--mktun --dev tun0
## Change 192.168.2.0 to the network of the remote network. (The network on the Client VPN WRT)
route add -net
192.168.2.0 netmask 255.255.255.0 gw 10.0.100.2
--------------- Stop here when selecting text to copy --------------------------
7b) On the VPN clien WRT ctopy the following script and paste on the command line. (Check the scipt for comments on the few items than need to be updated to match your environment.)
------------------- Copy starting below this
nvram set rc_firewall='
/tmp/myvpn --mktun --dev tun0
ifconfig tun0 10.0.100.2 netmask 255.255.255.252 promisc up
192.168.1.0 to the network of the remote network. (The network on the
Server VPN WRT)
route add -net 192.168.1.0 netmask 255.255.255.0 gw 10.0.100.1
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
## Change the VPNSERVER.dnsalias.com portion to the DNS name of the VPN server WRT or its IP address.
/tmp/myvpn --dev tun0 --secret /jffs/static.key --comp-lzo --port 1194 --proto udp --verb 3 --daemon --remote VPNSERVER.dnsalias.com --ping 30 --ping-restart 120
Stop here when selecting text to copy --------------------------
8) Type nvram commit and hit <enter>
9) Now reboot you routers and attempt to ping hosts accross the VPN tunnel. (You will not be able to ping the WRTs addresses. You have to ping a host on the network other than the WRT.)
That should be it and good luck!
Source : geek-pages.com