Here is a tutorial on how to connect a DD-WRT router to LimeVPN servers via the OpenVPN GUI client:
Step 1: In the DD-WRT Administrative Interface, navigate to Setup > Basic Setup. Under Network Address Server Settings (DHCP), set these DNS addresses:
Static DNS 1 = 8.8.8.8
Static DNS 2 = 8.8.4.4
Static DNS 3 = 0.0.0.0 (default)
Use DNSMasq for DHCP = Checked
Use DNSMasq for DNS = Checked
DHCP-Authoritative = Checked
Then, Save and Apply settings.
If you’re setting up two routers, you should change the second router's Local IP address to be different than the main router’s. (In this case, the main router’s IP is 192.168.1.1, while the one we’re connecting to LimeVPN server is accessible via 192.168.2.1)
Step 2: Navigate to Setup > IPv6. Set IPv6 to Disable, then Save & Apply Settings.
(this is a recommended step to make sure you get no IP leaks)
Step 3: Navigate to Service > VPN. Under OpenVPN Client, set Start OpenVPN Client = Enable, to see the options necessary for this configuration. Then set the following:
Server IP/Name = Use a server of your choice. You can check the list of servers from https://network.limevpn.com/
Port = 1194
Tunnel Device = TUN
Tunnel Protocol = UDP
Encryption Cipher = AES-256-CBC
Hash Algorithm = SHA-512 (note: If SHA-512 does not work, select SHA-1)
User Pass Authentication = Enable
Username, Password = Your LimeVPN credentials
Note: If the Username and Password fields are missing, fill in the remaining fields and proceed to step 3.
Advanced Options = Enable (this will enable additional options)
TLS Cipher = None
LZO Compression = Yes
NAT = Enable
The options not mentioned in this guide should be kept with default values.
Step 3.1: (Optional, depending on step 3.) If the Username and Password fields are missing, go to Administration > Commands, and enter this code:
echo "YOURUSERNAME
YOURPASSWORD" > /tmp/openvpncl/user.conf
/usr/bin/killall openvpn
/usr/sbin/openvpn --config /tmp/openvpncl/openvpn.conf --route-up /tmp/openvpncl/route-up.sh --down-pre /tmp/openvpncl/route-down.sh --daemon
Replace YOURUSERNAME and YOURPASSWORD with your respective LimeVPN account credentials. Click Save Startup, and return to the previous VPN tab.
Step 4: In the Additional Config box either enter or copy/paste these commands:
remote-cert-tls server
remote-random
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ping-timer-rem
reneg-sec 0
#log /tmp/vpn.log
#Delete # in the line below if your router does not have credentials fields and you followed the 3.1 steps:
#auth-user-pass /tmp/openvpncl/user.conf
Step 5: Download the CA and TLS certificates here.
Double click on the downloaded file and open any server file you wish to connect to in a notepad, The notepad file consists of both the CA Certificate as well as the TLS key.
Note: Please choose the certificate mentioned as “ Destination server “
Step 6: In the folder, open the .ovpn file of the server you chose to use with a text editor, such as Notepad.
Step 7: Copy its contents into the CA Cert field. Be sure the entire text gets pasted in, including
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgIJANUzyFMl8dpCMA0GCSqGSIb3DQEBCwUAMIG2MQswCQYD
VQQGEwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzEVMBMG
A1UEChMMRm9ydC1GdW5zdG9uMR0wGwYDVQQLExRNeU9yZ2FuaXphdGlvbmFsVW5p
dDEYMBYGA1UEAxMPRm9ydC1GdW5zdG9uIENBMRAwDgYDVQQpEwdFYXN5UlNBMSEw
HwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW4wHhcNMTgwNjA0MDg0MzM1
WhcNMjgwNjAxMDg0MzM1WjCBtjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRUw
EwYDVQQHEwxTYW5GcmFuY2lzY28xFTATBgNVBAoTDEZvcnQtRnVuc3RvbjEdMBsG
A1UECxMUTXlPcmdhbml6YXRpb25hbFVuaXQxGDAWBgNVBAMTD0ZvcnQtRnVuc3Rv
biBDQTEQMA4GA1UEKRMHRWFzeVJTQTEhMB8GCSqGSIb3DQEJARYSbWVAbXlob3N0
Lm15ZG9tYWluMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy3wR3WMd
eOYqZaGuxL5VKxPKpL3YW6dIq9R2KTmdl5CVebX4NykLEsQQIS7M6QsNTXF8QMqg
G7YzUM4iuhWw4Qu1Z63OvGKpHXiiX/10zS2Qs0EhCb5Il0wddMQ/a+eVn4Qm2Lxd
XEFw1meFakOJEFAcIZKgXSTtT6cxomm2LIrJcLWbMz6pXbGO09gGlU+pBhmqdeQH
Xb71OlicbH8+CqpX3a+jXXTVU0cPAgUqa1+Dn0iwlsqb2IfhdmKzIQVboDJvx/r4
SPLjoZGJ9RDK1+PplMazQjZlgEX8EQoKgxtypTFlUmvOSq+YPIPvFMq0CykIWwsy
RKYetOZhE/asMQIDAQABo4IBHzCCARswHQYDVR0OBBYEFMEBKdGHg8HUnB7T5bHy
Kl6+bak8MIHrBgNVHSMEgeMwgeCAFMEBKdGHg8HUnB7T5bHyKl6+bak8oYG8pIG5
MIG2MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5j
aXNjbzEVMBMGA1UEChMMRm9ydC1GdW5zdG9uMR0wGwYDVQQLExRNeU9yZ2FuaXph
dGlvbmFsVW5pdDEYMBYGA1UEAxMPRm9ydC1GdW5zdG9uIENBMRAwDgYDVQQpEwdF
YXN5UlNBMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW6CCQDVM8hT
JfHaQjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBwgMZpRqy8nHcz
onKIIoa6HuiaDbQWQfquSN+oWGoAvtmgVGACJMPa0hHJa9miJaqbpQyvhK/ho3FG
YdMIfBnal7WeiFnp5F6pYOFzl+3vGHjJ+d4AD/YCG1Wi+bglWSRQDTBsnfjvu0GM
HI5/BHuw8MDuthvXAp3k8hF0oGoM06UpQiEPnSyZKF9CFwcz9sUCABffhy7bm9fj
aC0pCBYI6RqRBA20anI8Esa5k72gpoMEO/Ua+AgcFqvjiavAQQ3K3w4qndI7o5Nr
p33n6px9d+arwi9e2ZmpOhQCL7opJBOkG9V7IG6pEwQN8g4TO+4cipVyVwbI/RH8
7NW9EtL+
-----END CERTIFICATE-----
Step 8: You can keep the TLS Auth key empty.
Step 9: After entering all this data, Save and Apply Settings.
Step 10: To verify the VPN is working, Navigate to Status > OpenVPN
Under State, you should see the message: Client: CONNECTED SUCCESS.
Step 11: To create a kill-switch, you can go into Administration > Commands, and enter this script:
WAN_IF=nvram get wan_iface
iptables -I FORWARD -i br0 -o $WAN_IF -j REJECT --reject-with icmp-host-prohibited
iptables -I FORWARD -i br0 -p tcp -o $WAN_IF -j REJECT --reject-with tcp-reset
iptables -I FORWARD -i br0 -p udp -o $WAN_IF -j REJECT --reject-with udp-reset
Then select Save Firewall, Go into Administration > Management > Reboot router.