Create Your Own VPN Server with DD-WRT
May 31, 2010
Virtual Private Networks (VPNs) aren't just for corporate networks. You can setup your own VPN sever in your home or small office using a wireless router and free, Open Source DD-WRT.
Virtual Private Networks (VPNs) aren't just for corporate networks. You can setup your own VPN sever in your home or small office. Use it to securely connect to your network when away to get access to your network shares and computers. You might also find it useful when on public networks or Wi-Fi hotspots, to secure your traffic from local eavesdroppers.
One way to quickly setup a simple VPN server is to load DD-WRT onto your router, if it's compatible. DD-WRT is a firmware replacement. It replaces the factory brains of your router, giving it a new control panel with more features, such as a VPN server. You can check your router's compatibility here.
In this article, we'll go through the process of setting up the Point-to-Point Tunneling Protocol (PPTP) VPN feature of DD-WRT. It's no secret that PPTP has vulnerabilities like many other computing protocols, however sometimes taking some risks is acceptable. In addition to being easier to configure and manage, PPTP is already supported in Windows.
However, if you're dealing with customer data or other highly sensitive info you might want to go with a more secure VPN implementation. Maybe later in another tutorial we'll discuss how to setup OpenVPN in DD-WRT, which is more secure but a bit more complicated to setup. Plus users must download and configure a client utility in order to connect.
Flash the Router
A good place to start is the Router Database. Type in your vendor or model number and hopefully it will spit out a list of compatible firmware versions and variants. So you don't "brick" your router (render it useless), be sure to follow all the installation instructions carefully.
The most current stable release of DD-WRT at the time of this writing is v24 SP1 (Build 10020), which is what we're using for this tutorial. These directions should also work with v24 SP2 as we tested against the Beta 13064 build.
Remember, you don't have to use the VPN variant if you just want to use the PPTP VPN server or client; they are included in all variants except Mini. The special VPN variant gives you the more secure OpenVPN server and client, so use it if you plan to try that later.
Enable the PPTP VPN ServerTo get started, login to the Web-based control panel. Type the default IP address of 192.168.1.1 into a web browser. The first time accessing the router, you'll be prompted to create a username and password.
Click the Services tab and choose the PPTP sub-tab. In the PPTP Server area, select Enable. Then input the IP address of the router (192.168.1.1) for the Server IP.
For the Client IP(s), input a single address if you're the only user. If there's more than one user, you can specify a range. You should choose an address or range that doesn't conflict with the router's IP and client IPs (192.168.1.100 192.168.1.149). An acceptable range could be 192.168.1.2-99 (which is 192.168.1.2 192.168.1.99) or even 192.168.1.200-249 (which is 192.168.1.200 192.168.1.249). Make sure you specify ranges with the shorter format; don't include the whole address for the ending IP.
The CHAP-Secrets textbox is where you specify the usernames and passwords. Be sure to input them in the special format: username, space, asterisk, space, password, space, and asterisk. Here's an example:
joe * joespassword *
jane * janespassword *
If you're running a RADIUS/AAA server, you can optionally authenticate VPN users against it by enabling RADIUS and inputting your server details.
When you're all done, click Apply Settings, which will save and then apply the changes.