http://www.dd-wrt.com/phpBB2/viewtopic. ... ht=#391635

Basically lifted from above link over at DD-WRT forums but this OpenVPN bridged (tap) connection between physically seperated DD-WRT capable routers continues to work very well and clients on either end all act like they are on the same local LAN!

FWIW: WRT320N located at my daughter's dorm configured as OpenVPN client bridge backto OpenVPN server located at home(WRT310N)...works 100%!


Under Administration/Commands Tab

Startup:
openvpn --mktun --dev tap0
brctl addif br0 tap0
ifconfig tap0 0.0.0.0 promisc up

Firewall:
...nothing required since configured as client...


Under Services/VPN/OpenVPN Daemon

OpenVPN Daemon: Enable
Start OpenVPN: Wan Up

CA Cert: ca.crt

Certificate Revoke List: *blank*

Public Client Cert: client1.crt

Private Client Key: client1.key

DH PEM: *blank*

OpenVPN Config:
management localhost 5001
verb 0
up-delay
client
dev tap0
proto udp
remote your.dyndns.ipaddress 1194
ns-cert-type server
cipher BF-CBC
comp-lzo
nobind
float
mute-replay-warnings
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem

OpenVPN TLS Auth: *blank*


Notice configured as client using settings under 'OpenVPN Daemon' NOT 'OpenVPN Client' under Services/VPN GUI tab of DD-WRT!




WRT310N configured as OpenVPN server:


Under Administration/Commands Tab

Startup:
openvpn --mktun --dev tap0
brctl addif br0 tap0
ifconfig tap0 0.0.0.0 promisc up

Firewall:
iptables -I INPUT -p udp --dport 1194 -j ACCEPT
(currently my WRT310N's WAN is disabled with static 192.168.1.120 LAN IP & gateway set to 192.168.1.1 since it is behind WRT600N gateway router with port 1194 port forwarded to WRT310N so the firewall on WRT310N is actually blank!)


Under Services/VPN/OpenVPN Daemon

OpenVPN Daemon: Enable
Start OpenVPN: Wan Up

CA Cert: ca.crt

Certificate Revoke List: *blank*

Public Client Cert: server.crt

Private Client Key: server.key

DH PEM: dh1024.pem

OpenVPN Config:
server-bridge 192.168.1.1 255.255.255.0 192.168.1.225 192.168.1.234
management localhost 5001
verb 0
comp-lzo
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
push "persist-tun"
push "persist-key"
port 1194
cipher BF-CBC
dev tap0
proto udp
keepalive 10 60
max-clients 8
client-to-client
dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem

OpenVPN TLS Auth: *blank*

You may have to adjust above highlighted in bold depending on your network!

BTW: SPI Firewall still enabled on both routers since this does not affect OpenVPN bridge and 'management localhost 5001' config line set in each router allows for populating the OpenVPN tab under Status for each router's DD-WRT GUI: http://www.dd-wrt.com/phpBB2/viewtopic. ... ht=#393084

http://www.dd-wrt.com/phpBB2/viewtopic. ... ht=#612668

Latest OpenVPN 2.2.0 included DD-WRT builds have blown the older build configs out of the water...OpenVPN support is simplified now thru DD-WRT's GUI...please see above link!

Hey there somms -- I am trying to do a similar thing but having trouble setting this up. Would you be interested in setting up my dd-wrt remotely, and I could pay you via paypal for your time? Please let me know -- and I will send you my email address.

This is an old thread, but users still look to it to copy and paste their configs, so I thought I'd make one quick typo correction. Where somms has

iptables -I INPUT -p upd --dport 1194 -j ACCEPT

it of course should be

iptables -I INPUT -p udp --dport 1194 -j ACCEPT

(the upd should be changed to udp).

Amazingly, after gnashing teeth for over a week now, I've finally gotten two routers (Asus RT-N16s) to OpenVPN in bridged mode thanks to somms. His suggestion of using OpenVPN Daemon instead of the OpenVPN client is what solved things for me. Now, you can directly edit the .conf file via GUI. I've now got all hosts on two bridged networks pinging each other. Thanks somms.

Why haven't I seen this suggestion on the DDWRT OpenVPN site?

I was lucky to find final working track a cell phone config screen there. That works awesome. Hope nothing will happen during the following couple of weeks.

Hi ! dd-wrt expert !
If I use a LinkSys wrt54gs V3 as an OpenVpn server,
is it possible to support 15 clients with the same
hardware and dd-wrt firmware ?

Is it possible to use wrt54gs V3 with dd-wrt
using OpenVpn as server
to support 15 router clients with same
hardware & firmware ?