Tag Archives: ASUS

DD-WRT PPTP VPN Client Settings

I have two routers, one is ASUS RT-AC66U, it’s used for all my devices, it uses default firmware shipped from ASUS, the other is ASUS RT-N16, it uses DD-WRT and configured with VPN client to pass all traffic to my VPN servers to bypass website blocking from China, I use this router for my PlayStation and other devices that don’t have native VPN support.

First you need to enable PPTP client on DD-WRT router:

  • Remote Subnet Mask: 255.255.255.0
  • MPPE Encryption: mppe required,no40,no56,stateless
  • Username: Your VPN username
  • Password: Your VPN password

Then you need to enable Startup commands:

#!/bin/sh
sleep 120
PPTPSERVER=$(/usr/sbin/nvram get pptpd_client_srvip)
PPTPGWY=$(/usr/sbin/nvram get wan_gateway)
/sbin/route add -host $PPTPSERVER gw $PPTPGWY dev vlan2
/sbin/route del default
/sbin/route add default dev ppp0
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

According to this article, the script I’m using above will terminate all Internet traffic until a VPN connection can be re-established if the VPN connection is lost, if you’d like your router to continue to route traffic using your ISP’s connection when losing connection, you can use the following script:

#!/bin/sh
sleep 120
PPTPSERVER=$(/usr/sbin/nvram get pptpd_client_srvip)
PPTPGWY=$(/usr/sbin/nvram get wan_gateway)
/sbin/route add -host $PPTPSERVER gw $PPTPGWY dev vlan2
/sbin/route del default
/sbin/route add default gw $PPTPGWY metric 100
/sbin/route add default dev ppp0
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

Set static IP for my secondary router according to my primary router, note that you need to set your DNS to some other providers outside China Great Fire Wall.

Some other steps you can do:

  • Enable remote access to your router,then you can access your router at http://10.0.0.100:8080/ when you’re using your main router network connection.
  • Enable SSH for easier (maybe harder) maintenance in the future.
  • Enable SNMP for easier (maybe harder) maintenance in the future.
  • Backup your current router settings.
  • Change Wi-Fi TX Power
  • Change NTP timezone
  • Enable JFFS2 support

Some useful command:

  • route – Show current router rules
  • ps | grep pptp – Show VPN process

References: