• March 25, 2023, 10:10:47 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: Private Internet Access OpenVPN aboard DIR-810L in DD-WRT Repeater Setup  (Read 7148 times)

Ontarier1

  • Level 1 Member
  • *
  • Posts: 2

These are the steps I used to configure my DIR-810L (previously flashed with DD-WRT firmware) as a repeater, and then installing Private Internet Access VPN in client mode. I don't like to use the VPN all the time since download speed is slower, plus not all of my devices are compatible with software. This way I have a repeater router I can connect non-VPN-enabled devices to.

1.   Start by downloading, saving, extracting and opening the zip file at https://www.privateinternetaccess.com/openvpn/openvpn.zip
o   Right-click the ca.crt file, select Open with, then select Notepad, then Open.
o   You can leave it open on your desktop because youíll need the contents shortly.
o   You will also need your PIA Username and Password.
2.   Disable your computerís Wi-Fi, open its Network and Sharing Center and click Change Adapter Settings. Right click Local Area Connection, click Properties. Select Internet Protocol Version 4 then click Properties. Check Use the following IP address: and enter 192.168.1.5. Left click on Subnet mask and it will auto fill. Click OK.
3.   Connect one of your repeater-to-beís LAN ports to your computerís Ethernet port with an Ethernet cable. Open a browser window and enter 192.168.1.1 in the address bar. If a DD-WRT page opens, go to Step 4. If not, reset the repeater-to-be using its reset button (protocols for this vary by manufacturer) and go to Step 4.
4.   Reset router to DD-WRT factory default settings ( Go to Administration/Factory Defaults/Restore Factory Defaults/Yes/Apply Settings/OK.)
5.   With luck after a few moments youíll be back at the Router Management Screen. If not you can open another browser window and enter 192.168.1.1. If you still canít connect to the router shut it off by disconnecting the power and turn it on again. In the unlikely event you still canít connect save your Notepad file and reboot the computer, open a browser window and enter 192.168.1.1 .
6.   Enter a Router Username (most use ďadminĒ without the quotation marks), then enter a password, enter it again, then click Change Password. Then go to Administration/Enter your new User Name and Password, hit OK, click in Info Site Password Protection box, click Save.
7.   Go to Setup -> Basic Setup:
o   Go to Network Setup:
   In Router IP set Local IP Address to a different subnet (see example) from your main router and write the number down as you will need it shortly.
   Example: if main routerís IP address is 192.168.1.1, make repeaterís 192.168.2.1. If main routerís IP is 192.168.0.1, make repeaterís 192.168.1.1.
   Leave Subnet Mask at default value but change Gateway and Local DNS to the IP address of your main router.
o   Network Address Server Settings (DHCP): 
   DHCP Type =DHCP Server
   DHCP Server = Enable
   Static DNS 1 = 209.222.18.222
   Static DNS 2 = 209.222.18.218 (These are PIAís DNS servers.)
   Static DNS 3/WINS = Your call but I left them at 0.0.0.0
   Use DNSMasq for DHCP = Checked
   Use DNSMasq for DNS = Checked
   DHCP-Authoritative = Checked
   Might as well change Time Settings to your own Time Zone while youíre on the page.
o   Save
8.   Go to Wireless -> Basic Settings: For first Wireless Physical InterfaceÖ
o   Wireless Mode: Repeater
o   Wireless Network Mode: Same as the main router
o   Wireless Network Name (SSID): Same as the main router
o   Wireless Channel: I used the same channel as the main router
o   Channel Width: I used the same width as the main router
o   Wireless SSID Broadcast: I disable mine but your call
o   Network Configuration: Bridged
o   Click Save
o   In Virtual Interfaces beneath the Wireless Physical Interface you just configured click Add
o   Wireless Network Name (SSID): Different from main router (This is the SSID you will connect to once the router is configured)
o   Wireless SSID Broadcast: I disable mine but your call
o   AP Isolation: Disable
o   Network Configuration: Bridged
o   Save
o   Follow the same steps for the next Wireless Physical Interface/Virtual Interface if you have a dual band  router and want an additional network on the 5 GHz band. (I have thus far been unable to connect to the 5 GHz band but perhaps youíll have better luck.)
9.   Go to Wireless -> Wireless Security:
o   For the first Physical Interface enter the same Security Mode, WPA  Algorithms and WPA Shared Key as the first network on your main router.
o   For the first Virtual Interface enter the same Security Mode, WPA  Algorithms and WPA Shared Key as the first network on your main router. Leave Key Renewal Interval at its default value.
o   Save
o   Repeat if necessary for the second Physical Interface/Virtual Interface and if you did so, 
o   Save
10.   (Optional but recommended in the post upon which Iím basing these instructions) Go to Security/Firewall
o   In Block WAN Requests uncheck every item except Filter Multicast, and THEN disable SPI firewall in Firewall Protection
   Note: If you are very concerned about security, a Repeater might still work okay with the SPI firewall enabled. If you decide to leave it enabled but experience problems, keep this step in mind.
o   Save
11.   Go to Services -> Services
o   In ďDNSMasqĒ ensure DNSMasq, Local DNS, and No DNS Rebind are enabled. In my setup Query DNS in Strict Order and Add Requestor MAC to DNS Query were left at default.
o   Save
12.   Go to Services -> VPN
o   In OpenVPN Client, Start OpenVPN Client click Enable. Other options will appear.
o   Change Server IP/Name from 0.0.0.0 to us-texas.privateinternetaccess.com . If you prefer to use a different location the full list can be found at: https://www.privateinternetaccess.com/pages/network  .
o   Port = 1194
o   Tunnel Device = TUN
o   Tunnel Protocol = UDP
o   Encryption Cipher = Blowfish CBC
o   Hash Algorithm = SHA1
o   User Pass Authentication = Enable
o   Username = Your PIA username
o   Password = Your PIA password
o   Advanced Options = Enable, More options will appear.
o   Advanced Options = Enable
o   TLS Cipher = None
o   LZO Compression = Yes
o   NAT = Enable
o   Firewall Protection = Disable (PIA says, if running the DD-WRT router in repeater mode, the main router should still have its firewall enabled. and you would still be behind that firewall.)
   (Optional) If you would prefer to use Encryption Cipher AES-128-CBC change Port = 1196.
o   Scroll down to Additional Config and type:
persist-key
persist-tun
tls-client
remote-cert-tls server
o   Go back to Notepad and highlight the full contents of the ca.crt file you unzipped earlier by clicking inside it then pressing Ctrl+A Ctrl+C.
o   Scroll down to CA Cert and paste (Ctrl+V) the contents. Be sure the entire text gets pasted in from -----BEGIN CERTIFICATE----- to -----END CERTIFICATE----
o   Click Save and Apply Settings.
o   Go to Status -> OpenVPN to see in State, Client: CONNECTED SUCCESS. (It may take a few moments.)
o   Open your computerís Network and Sharing Center and click Change Adapter Settings. Right click Local Area Connection, click Properties. Select Internet Protocol Version 4 then click Properties. Check Obtain an IP address automatically. Click OK. Click Close. Go back to Network and Sharing Center, Manage Wireless Networks, Click Add, Manually Create A New Network Profile, in Network type the SSID you created, in Security type and Encryption type use the ones used earlier, for Security Key use the network password you created earlier, check Connect even if the network is not broadcasting if you disabled SSID broadcast in the router, click Next, click Close.
o   Enable your computerís Wi-Fi, connect to one of the new SSIDs you created, then go to http://www.privateinternetaccess.com , and if all went well configuration-wise youíll see: ďYou are protected by PIA.Ē
Logged

FurryNutz

  • Poweruser
  • ††▲
    ▲†▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting

Thank you for the feed back and information.

FYI, Any 3rd party FW is not supported on the 810L in this forum. So any users wishing to use 3rd Party FW on D-Link routers will need to refer to the 3rd Party FW support site and there forums.

It's recommended to use wired LAN cables when ever possible for doing any heavy streaming or VPN connections. LAN is stable this way. Using wireless repeaters can and will lower wireless performances ans the repeating process does impact this due to it's nature of having to take one wireless signal and then repeat it for others to use. Using Wireless Bridges maybe a alternative suggestion over using Repeaters.

Good Luck.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.