I was trying to use OpenVPN with ddWRT to make some cheap simple VPN adapters. The user had H.323 Video conference stations at 3 locations, each behind a inexpensive home router. The user wanted to be able to connect easily site to site. Now H.323 and the NAT used on home routers doesn't work very well together, H.323 requires each site connect to the other on arbitrary UDP ports. Very messy. Even configuring the VC stations to use fixed ports and opening those ports through the routers didn't work well, nor did UPNP. All methods the video stream itself subject to interception by an attacker.
On each network I installed a Buffalo WHR-HP-54 router I got at Fry's for about $70. The latest version of ddWRT has a "VPN" edition that includes OpenVPN and some special configuration pages.
The problem was that ddWRT wants to serve its intended use as a NATing router, and this conflicts with using OpenVPN in a point to point configuration. The default configuration of the router was NATing some of the VPN traffic and prevented it from working. Since these VPN devices were behind the firewall I only needed routing, not NAT. The fix was to disable all of the standard iptables rules. I couldn't find a way to turn this off via the control panel, but I did find a way to override it. Go to the Administration->Commands page and type these lines into the text box:
iptables -t nat -F iptables -F INPUT iptables -F FORWARDThen press "Save Firewall." This wipes all of the firewall rules on startup, if you need any of your own rules just add them after the commands above. This renders ddWRT into a simple router instead of a firewall and OpenVPN works perfectly. The OpenVPN setup turned out to be pretty easy, I'll explain in a later post.
