How can we help you?

Topics

DD-WRT setup with NordVPN

DD-WRT is custom firmware for routers which support the OpenVPN protocol and is available on a wide variety of routers. You can check if your router supports DD-WRT firmware here and learn how to install DD-WRT firmware on a router here.

This tutorial will show you how to set up a DD-WRT VPN using an OpenVPN connection on your DD-WRT router using the DD-WRT OpenVPN client UI.

Alternative setup method:

1. In the DD-WRT Administrative Interface, navigate to Setup > Basic Setup. Under Network Address Server Settings (DHCP), set these NordVPN DNS addresses:

Static DNS 1: 103.86.96.100
Static DNS 2: 103.86.99.100
Static DNS 3: 0.0.0.0 (default)
Use DNSMasq for DHCP: Checked
Use DNSMasq for DNS: Checked
DHCP-Authoritative: Checked

Then, Save and Apply settings.

image__18_ (1).png

If you're setting up two routers, you should change the second router’s local IP address to a different one from the main router's. (In this case, the main router's IP is 192.168.1.1, while the one you’re connecting to a NordVPN server is accessible via 192.168.2.1)

2. Navigate to Setup > IPV6. Set IPv6 to Disable, click Save, and then Apply Settings.
(this is a recommended step to make sure your IP doesn’t leak)


ddwrt_openvpn_2.PNG
 

3. Navigate to Service > VPN. Under OpenVPN Client, set Start OpenVPN Client to Enable in order to see the options necessary for this configuration. Then set the following:

Server IP/Name: For the sake of this tutorial, we used us936.nordvpn.com, but you should connect to a server suggested to you in the server recommendation tab in your NordAccount dashboard.

 

Follow the steps below to find the best server for your connection:

  1. Log into your Nord Account, and click NordVPN.


     
  2. Scroll down to Advanced Settings and click Set up NordVPN manually.


     
  3. Select the Server recommendation tab. According to your location, the best server will be recommended.


     
  4. By pressing Advanced filters you can further customize the recommended servers by selecting the Server type and the Security protocol.




     


Port: 1194 (or 443 for the TCP protocol)
Tunnel Device: TUN
Tunnel Protocol: UDP (or TCP)
Encryption Cipher: AES-256-CBC
Hash Algorithm: SHA-512
User Pass Authentication: Enable
Username, Password: Your NordVPN service credentials
First Data Cipher: Not set
Second Data Cipher: Not set
Third Data Cipher: Not set

Note: If the Username and Password fields are missing, fill in the remaining fields and proceed to step 3.1

You can find your NordVPN service credentials (service username and service password) in the Nord Account dashboard:

 

Follow the steps below to find the service credentials for manual connection setup:

  1. Log into your Nord Account, and click NordVPN.


     
  2. Scroll down to Advanced Settings and click Set up NordVPN manually.


     
  3. Select the Service credentials tab, where you'll find the Username and Password needed to connect manually.

 

image__42_.png

 Advanced Options: Enable (this will enable additional options)

 

TLS Cipher: None
LZO Compression: No
NAT: Enable


The options not mentioned in this guide should be left with default values.

3.1. (Optional, depending on step 3.) If the Username and Password fields are missing, go to Administration > Commands and enter this code:
 

echo "YOURUSERNAME
YOURPASSWORD" > /tmp/openvpncl/user.conf
/usr/bin/killall openvpn
/usr/sbin/openvpn --config /tmp/openvpncl/openvpn.conf --route-up /tmp/openvpncl/route-up.sh --down-pre /tmp/openvpncl/route-down.sh --daemon

Replace YOURUSERNAME and YOURPASSWORD with your respective NordVPN service credentials. Click Save Startup and return to the previous VPN tab.

4. In the Additional Config box either enter or copy/paste these commands:
 

remote-cert-tls server
remote-random
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ping-timer-rem
reneg-sec 0
#log /tmp/vpn.log
#Delete `#` in the line below if your router does not have credentials fields and you followed the 3.1 step
#auth-user-pass /tmp/openvpncl/user.conf


ddwrt_openvpn_4.png

5. Open the OpenVPN configuration file you downloaded in Step 3 in any text editor of your preference (preferably WordPad or Notepad++, as regular notepad does not have the correct formatting).

6. When you open the .ovpn file of the server you chose (in our case, us936_nordvpn_com.udp.ovpn) in a text editor, you should see the <ca> part of the file (do NOT copy the <ca> and </ca> tags):

ddwrtconf.png

7. Copy its contents into the CA Cert field. Make sure the entire text gets pasted, including the

-----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines.

DDWRTnewCA.png

8. Now go back to the configuration file and scroll down to the <tls-auth> part. Copy the contents of the TLS Key:



9. Paste the contents into the TLS Auth Key field. Make sure the entire text gets pasted in, including the

-----BEGIN OpenVPN Static key V1----- and -----END OpenVPN Static key V1----- lines.

DDWRTnewTLS.png

10. After entering the data, click Save, and then Apply Settings.


ddwrt_openvpn_10.PNG


11. To verify that the VPN is working, navigate to Status > OpenVPN

Under State, you should see the message "Client: CONNECTED SUCCESS".

ddwrt_openvpn_11.PNG

Optional Kill Switch setup (for advanced users):

To create a kill switch, go to Administration > Commands and enter this script:
 

WAN_IF=`nvram get wan_iface`
iptables -I FORWARD -i br0 -o $WAN_IF -j REJECT --reject-with icmp-host-prohibited
iptables -I FORWARD -i br0 -p tcp -o $WAN_IF -j REJECT --reject-with tcp-reset
iptables -I FORWARD -i br0 -p udp -o $WAN_IF -j REJECT --reject-with udp-reset


Select Save Firewall, go to Administration > Management > Reboot router.

For other options check out our list of routers compatible with NordVPN.

Was this article helpful?
Thanks!