Blog | Configure Witopia VPN on DD-WRT

19

Jul
2012
Comments Off on Configure Witopia VPN on DD-WRT

Configure Witopia VPN on DD-WRT

I like using a VPN service for a more secure browsing experience and I have used Witopia for the past little while with great success. The only issue was that I had to install it on all the PCs that I wanted to use it with and then remember to turn it on, etc which I did not like very much. So after a decent amount of googling, I decided to get a second router that supports DD-WRT and set that up to always be connected via VPN. This way, it is just a matter of switching my wireless connection from any device.

After some research I settled on Buffalo AirStation WHR-HP-G300N (bought from Newegg) which is a tiny little router that comes with DD-WRT installed. The only downside, I later found, is that since it’s got smaller memory on-board it does not support OpenVPN.

Witopia itself does provide a Cloakbox Pro device itself which is a higher end Buffalo router pre-configured to VPN, but I wanted to do it my way. So keep in mind as you read the instructions below that my setup is using a VPN router that is behind my main router.

Setup Instructions

  1. Add Google’s public DNS servers as static DNS servers for the DHCP server. Note that since my main router is using 192.168.1.x, I put this router on 192.168.11.x to make sure there is no complications.
  2. Configure the wireless access point on the router so that it does not conflict with your main wirless connection (i.e. give it a different name and use a different channel to be extra safe).
  3. Enable and configure the PPTP client on the router to connect to your favorite VPN location. You can get a list of the VPN location for Witopia here. For the Server IP or DNS Name I put in the IP address of the vpn server I wanted to connect to (e.g. pptp.chicago.witopia.net).
  4. Add a startup script to the router to configure it to use the VPN connection properly.

    The script below will wait until VPN is connected and then update the router’s routing appropriately. Note that 192.168.1.1 is the internal IP of my main router, not the VPN router which is 192.168.11.1.

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    
    echo "echo \"Startup Config started\" >> /tmp/mylog.txt" > /tmp/startupConfig.sh
    echo PPTPSERVER=$(/usr/sbin/nvram get pptpd_client_srvip) >> /tmp/startupConfig.sh
    echo PPTPGWY=192.168.1.1 >> /tmp/startupConfig.sh
    echo "/sbin/route add -host \$PPTPSERVER gw \$PPTPGWY" >> /tmp/startupConfig.sh
    echo "#/sbin/route del default" >> /tmp/startupConfig.sh
    echo "/sbin/route add default gw \$PPTPGWY metric 100" >> /tmp/startupConfig.sh
    echo "/sbin/route add default dev ppp0" >> /tmp/startupConfig.sh
    echo "/sbin/route del default" >> /tmp/startupConfig.sh
    echo "/sbin/route del default" >> /tmp/startupConfig.sh
    echo iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE >> /tmp/startupConfig.sh
     
    echo "ifconfig ppp0 > /dev/null" > /tmp/whileLoop.sh
    echo "RC=\$?" >> /tmp/whileLoop.sh
    echo "echo \"Checking ppp0: \$RC\" >> /tmp/mylog.txt" >> /tmp/whileLoop.sh
    echo "while [ \$RC -ne 0 ]; do" >> /tmp/whileLoop.sh
    echo "  sleep 5" >> /tmp/whileLoop.sh
    echo "  ifconfig ppp0 > /dev/null" >> /tmp/whileLoop.sh
    echo "  RC=\$?" >> /tmp/whileLoop.sh
    echo "  echo \"Checking ppp0: \$RC\" >> /tmp/mylog.txt" >> /tmp/whileLoop.sh
    echo "done" >> /tmp/whileLoop.sh
    echo "echo \"Running startupConfig.sh\" >> /tmp/mylog.txt" >> /tmp/whileLoop.sh
    echo "ifconfig ppp0 >> /tmp/mylog.txt" >> /tmp/whileLoop.sh
    echo "sh /tmp/startupConfig.sh" >> /tmp/whileLoop.sh
     
    sh /tmp/whileLoop.sh &

Once all this is setup, connect to the wireless for the VPN router, and go to IP Location Finder and make sure that it reports your location correctly. If it is still reporting your current location, then VPN is not working and you have to get your hands dirty and login to the router itself and poke around. That is beyond what I wanted to get into here, but I am sure you can find your solution on the internets.


Comments are closed.