User Tools

Site Tools


OpenVPN Bridge to Another Country

Certain content is only available to other country's IP addresses. Set up a Virtual Access Point on your DD-WRT router which is bridged to an OpenVPN server in the other country.

The focus here will be configuring the client bridge on your router. I am assuming you already have the server portion configured and working with IP masquerading (NAT) configured. <p>1. Use easy-rsa scripts to generate a new client certificate on the OpenVPN server.</p><p>Edit the file 'vars' to set sane defaults like setting the expiry to 10 years rather than the default 1 year.</p>

root@openvpn:/etc/openvpn/easy-rsa# ./build-key
Generating a 1024 bit RSA private key
Certificate is to be certified until Mar 16 16:49:28 2020 GMT (3650 days)
Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

Copy the resulting private key, certificate and CA cert ca.crt from the keys/ directory to the client.

3. Create the new Virtual Interface on your local DD-WRT router. Go to <uri strref=“”/> and Add a new Virtual Interface wl0.1. <p>Configure WPA2 wireless security <uri strref=“”/> on your new Virtual wireless.</p><p>4. Create a new ethernet bridge on your router <uri strref=“”/> and assign the new Virtual Interface wl0.1 to the new bridge br1. Assign an IP of 192.168.x.2. 192.168.x.1 will be on the OpenVPN server, assigned to the tap0 interface there.</p><p>/etc/network/interfaces on Debian/Ubuntu:</p>

auto tap0
iface tap0 inet static
        pre-up /usr/sbin/openvpn --mktun --dev tap0
        address 192.168.x.1

5. Add an additional DHCP server on the Setup -&gt; Networking page for the bridge br1.

6. Configure the DHCP server to hand out 192.168.x.1 as the gateway IP to clients. <p><uri strref=“”/> -&gt; DNSmasq</p>


7. Configure the OpenVPN client of the DD-WRT router <uri strref=“”/>

If you SSH to the router, the resulting configuration file should look like: <p>root@DD-WRT:/tmp/openvpncl# cat openvpn.conf</p>

dev tap
proto udp
remote 1194
resolv-retry infinite
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ca /tmp/openvpncl/ca.crt
cert /tmp/openvpncl/client.crt
ns-cert-type server
key /tmp/openvpncl/client.key

8. Reboot the router and add the tap0 interface to the new bridge br1. I was not able to do this in the web interface, I ran the following from the SSH shell instead:

root@DD-WRT:~# brctl add br1 tap0

You will want to have this command run when the router reboots, so add to nvram rc_startup. I use 60 seconds so the OpenVPN tunnel has enough time to start.

nvram set rc_startup=&quot;
sleep 60
ip link set tap0 up
brctl addif br1 tap0

(You can also set the startup via the web interface on <uri strref=“”/>)

Verify the Current Bridging Table on the <uri strref=“”/> page is correct, so that tap0 is now bridged to your Virtual AP wl0.1.

Current Bridging Table
Bridge Name     STP enabled     Interfaces
br0    no    vlan1 eth1
br1    no    wl0.1 tap0 
openvpnbridgetoanothercountry.txt · Last modified: 2020/02/13 22:55 (external edit)

free spam filter