Witopia and DD-WRT

If you’re interested in setting up Witopia on a DD-WRT router I found a few guides that seem to work well. You’ll need a personalvpn pro account for this to work. To make your life easier and support this awesome VPN service you really should get their buffalo router, I may order one and post up a review soon. Searching around you find a few guides but not all of them work completely so I’ll post some notes and details here to supplant them.

BIG DISCLAIMER: This is against the ToS of Witopia and you really should buy their router as it’ll save you a big headache and will likely perform better unless you have a kick ass router.

First, some resources these details are adapted from:

The first thing that you want to do is login to your account and download a zip file for openvpn configuration. Inside of there you’ll get some files:

  • ca.crt
  • AA#####.crt (different)
  • AA#####.key
  • README.txt
  • SampleConfig.txt
  • ta.key

Navigate to the DD-WRT router page and click on Administration -> Commands. Open up the ca.crt, AA####.crt, AA#####.key files in pspad or notepad and use the contents between the lines that start with —- without any additional spaces in the file below from these files. Since these are private you shouldn’t post them here and so I’ve left them off my post as well. Be sure no extra spaces make their way into here. Enter these into the box, modifying as needed. When you’re done click on Save Startup so it will run these commands on startup.

Optionally you can replace vpn.us.witopia.net with a vpn from this list. Also if your router and local network is different from 192.168.0.0/24, e.g. your router is 192.168.0.1 and your ip is something like 192.168.0.39, you will need to change the ip. I have a 10.0.0.0/8 network which means my router is 10.0.0.1 and my netmask is 255.0.0.0.

cd /tmp
ln -s /usr/sbin/openvpn /tmp/myvpn
./myvpn --mktun --dev tap0
brctl addif br0 tap0
ifconfig tap0 0.0.0.0 promisc up
sleep 5

echo "
client
daemon
dev tun
proto udp
remote vpn.us.witopia.net 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
ns-cert-type server
cipher bf-cbc
comp-lzo
verb 3
mute 20
mssfix 1450

" > /tmp/client.conf

echo "
-----BEGIN CERTIFICATE-----
INSERT CONTENTS OF CA.CRT HERE
-----END CERTIFICATE-----
" > /tmp/ca.crt

echo "
-----BEGIN RSA PRIVATE KEY-----
INSERT CONTENTS OF AA#####.key here
-----END RSA PRIVATE KEY-----
" > /tmp/client.key
chmod 600 /tmp/client.key

echo "
-----BEGIN CERTIFICATE-----
INSERT CONTENTS OF AA#####.crt here
-----END CERTIFICATE-----
" > /tmp/client.crt

./myvpn --config client.conf --float

route add -net 192.168.0.0/24 dev br0

After you’ve done that, be sure to click Save Startup. Next up we need to add a firewall command, which is below. This will need to be input on the same screen and afterwards click “Save Firewall” to save it.

iptables -A POSTROUTING -t nat -o tun0 -j MASQUERADE

And finally, navigate to Administration -> Keep Alive and enable Proxy Watchdog. Input the following, replacing the vpn with the gateway you chose if you changed it above:

  • Proxy IP Address: vpn.lax.witopia.net
  • Proxy Port: 1194

Now you can reboot your router via Administration -> Management and click on the Reboot Router button on the bottom. You should then be connected to a Witopia through your router. You can verify by visiting a site like WhatisMyIpAddress.com or ip Chicken.

9 thoughts on “Witopia and DD-WRT”

  1. I can get my secondary router connected to the internet though my main router, but it doesn’t connect to witopia. Any debugging tips?

    1. Could it have something to do with the fact that my ca.crt has two certificates in it? I’ve got
      –Begin certificate–
      contents
      –End certificate–
      –begin certificate–
      different contents
      — end certificate–

      1. Not sure, you have the ca.crt and a ca####.crt? Have you tried setting a dmz to your other router on your directly connected router?

  2. I am new to this and I can’t get my head around it. This did not work for me. I am in UAE on Etisalat, my DD-WRT router (192.168.2.1) is connected behind my Etisalat router (192.168.1.1) , WAN on DD-WRT plugged into LAN on Etisalat. Trying to connect via London or Manchester… must be doing something basic wrong. Can anyone help with the correct commands….??

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.