This is an easy “howto” setup a vpn between two locations using a flashed linksys wrt54 router with DD-WRT firmware. The instructions are rudely copied from dd-wrt.

• 2 routers flashed with dd-wrt with vpn link (eg. wrt54g linksys)
• Openvpn installed

Ensure both the routers are online and already acting as gateways. Start with generating your key first.

$ /usr/sbin/openvpn --genkey --secret static.key

In the script, now replace the content from the file just created static.key just after echo ”

# Move to writable directory and create scripts
cd /tmp
ln -s /usr/sbin/openvpn /tmp/myvpn

# Config for Site-to-Site SiteA-SiteB
echo "
proto udp          
port 2000
dev tun0
secret /tmp/static.key
verb 3
comp-lzo
keepalive 15 60
daemon
" > SiteA-SiteB.conf

# Config for Static Key
echo "#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-----END OpenVPN Static key V1-----" > static.key

# Create interfaces
/tmp/myvpn --mktun --dev tun0
ifconfig tun0 192.168.2.1 netmask 255.255.255.0 promisc up

# Create routes
route add -net 10.0.0.0 netmask 255.255.255.0 gw 192.168.2.1

# Initiate the tunnel
sleep 5
/tmp/myvpn --config SiteA-SiteB.conf

Now place the vpn script in the command section under start up.

# Open firewall holes
iptables -I INPUT 2 -p udp --dport 2000 -j ACCEPT
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
iptables -A INPUT -p icmp -j ACCEPT

Place the firewall script in command section under firewall.

In the below script below, replace key section with the content from the static.key file.

In the below section replace gw.rypevevej.dk with your endpoint vpn.

# Move to writable directory and create scripts
cd /tmp
ln -s /usr/sbin/openvpn /tmp/myvpn

# Config for Site-to-Site SiteA-SiteB
echo "
remote gw.rypevej.dk
proto udp          
port 2000
dev tun0
secret /tmp/static.key
verb 3
comp-lzo
keepalive 15 60
daemon
" > SiteA-SiteB.conf

# Config for Static Key
echo "#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-----END OpenVPN Static key V1-----" > static.key

# Create interfaces
/tmp/myvpn --mktun --dev tun0
ifconfig tun0 192.168.2.2 netmask 255.255.255.0 promisc up

# Create routes
route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.2.2

# Initiate the tunnel
sleep 5
/tmp/myvpn --config SiteA-SiteB.conf

# Open firewall holes
iptables -I INPUT 2 -p udp --dport 2000 -j ACCEPT
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT

Now place the vpn script in the command section under start up.

# Open firewall holes
iptables -I INPUT 2 -p udp --dport 2000 -j ACCEPT
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
iptables -I INPUT -p icmp -j ACCEPT

Place the firewall script in command section under firewall.

You should now be ready. First boot the master gateway and thereafter the client gateway. You should now be able to ping hosts on the two subnets.