OpenVPN Client on ASUS RT-AC68U with DD-WRT Firmware 26 May, 2020 OpenVPN Client on ASUS RT-AC68U with DD-WRT Firmware

Note to self on setting up OpenVPN Client on Asus RT-AC68U Router with DD-WRT.

The goal of this exercise was to have OpenVPN client installed on a router that allows my family to enable/disable VPN via simple webapp, without dealing with the full settings page of the router management tool.

I had an old TM-AC1900 Cellspot router, but that’s basically a hobbled (in software) version of the capable RT-AC168U hardware. So, first step is to get a capable firmware installed.

I could not host this stand-alone webapp on a local store or webserver as CORS protection kicks in (both for DD-WRT and for the stock ASUS RT-AC68U firmware). With ssh access to the router, I can host the standalone webapp on the same webserver and avoid the CORS restriction.

Between the stock ASUS firmware vs DD-WRT, I prefer DD-WRT for this setup since access to http://router.local/user/ is not password protected, so the user experience (UX) is seamless – for local users connected to. Another ‘benefit’ with DD-WRT is the use of ‘Basic Authentication’ as opposed to some other protocol with the ASUS stock firmware (for an early iteration, I leant towards an insecure setup to simplify UX for the family – in my case, the DD-WRT router wasn’t directly connected to the WAN, but behind another router, so I was taking a risky chance). For actual auth with the router firmware to enable/disable the OpenVPN client, I simply hard-coded the Authentication: Basic <hash> header. Much of the ‘reverse engineering’ of the request/response for the enable/disable OpenVPN client were by simply observing the network traffic with the browser developer tool’s network tab 1 and looking at the request/response headers and the form data.

  1. Transform an old TM-AC1900 to RT-AC68U with this excellent guide from Bay Area Tech Pros2
    • Crucial to getting the CFE to show up was clear NVRAM in step 20 (Power off, Hold WPS button and power on while holding WPS button until the power LED begins to flash quickly)
    • And, navigating to very quickly (seems like the CFE page is only available for a short window after reboot/reset/nvram clear)
  2. Upgrade RT-AC68U to DD-WRT, with the latest beta from the ftp location 3.
  3. Setup OpenVPN client. I tried both ProtonVPN and Surfshark VPN 4 as the providers, both of which have excellent documentation 5. Retrieve the OpenVPN credentials from or, respectively.
  4. ssh into the router, copy the standalone webapp to /jffs/<user>/, and run ln -s /jffs/<user>/webapp.html /www/user/webapp.html
  5. /jffs/<user>/ is persistent storage, but /www/user isn’t and gets reset on reboot. So create a startup script with the above ln command.
  6. A stripped down version of the webapp I hacked up is here 6.

Quick References

Tags  ·   surfshark  ·   protonvpn  ·   VPN  ·   OpenVPN Client  ·   Router VPN  ·   DD-WRT  ·   Show Comments ▾

Original design for Tumblr crafted by Prashanth Kamalakanthan.
Adapted for Tumblr & Jekyll by Sai Charan. Customized theme available on Github.

Sai Charan's blog by Sai Charan is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License.
Creative Commons License