Remote Access your Home Computer – Setup a VPN with DD-WRT

How many times have you forgotten something you needed in your home computer? How much time, productivity and money have you lost because of this? What if you could connect to your home computer from work? (or anywhere for that matter). You probably already thought of the idea but discarded it as being too complicated, time consuming or expensive. What if I tell you that all you need is a $60 router and simple instructions?. In this project I will teach you how to create your own home virtual private network (VPN) connection with method that will work better than even the best remote access software. A connection you will have at your service for free, 24 hrs a day and without the need of having a computer or a server on all the time consuming power. Everything will be done with the help of a simple but wonderful router and free, open source software.


What is Needed for this Project

2) Linksys WRT54GL wireless broadband router. You can usually find these routers for $60 anywhere on the web. (Check DD-WRT’s website first before purchasing this router, your existing router might already be compatible)

1) DD-WRT firmware for the router. This is free, you can find it at dd-wrt.com.

Advantages over other Remote-Connect Solutions

Having your own VPN connection.

For those of you not familiar with virtual private networks: A VPN is a tunnel to your network, meaning that once a secure remote connection is established, you will be as if you were sitting at your house inside your own network, with an IP of the same range and no firewall restrictions in the middle. Once you are connected to the VPN the possibilities are endless. You can establish a remote desktop connection to any of your home computers, print directly from your current computer to one of your printers at home. Even when you open a webpage, in your web browser it will come from your home Internet provider.

You will always have access to your network even if your external home IP address changes.

Home internet access has a flaw; your external IP is dynamic (It changes arbitrarily). If your external IP happens to change when you need to connect remotely, you are not going to know what the new one is unless you are at home. That already makes the possibility of a remote connection useless. To overcome this flaw, which is present in virtually all other remote-connect solutions; we will obtain a free subscription to a dynamic DNS provider. Dymanic DNS allows you to have a fixed IP or domain name that will point to your changing home IP address, For this project we have chosen DynDNS.

Your connection will be always on, even if all computers are off. (you can wake them up remotely)

What if you left your house and you forgot to turn your computer on, how will you be able to connect to your network? and how will you be able to access your files? This is where the Linksys WRT54GL with the DD-WRT firmware comes in. With this firmware you will be able to connect to DynDNS and inform when your external IP changes. But thats not all: you will also be able to host the VPN server at the router and not at the computer. Therefore when you connect remotely you will be connecting to your router which is always on. You may be asking yourselves at this point  “that’s fine. But I still won’t be able to access my files because my computer is off!!!!” DD-WRT has “Wake-on-LAN”. With Wake-on-LAN you can wake up any computer that is directly connected to the router (no wireless).


Step 1: Open a Free Account with DynDNS

Go to the DynDNS website and click on:

1) Dns and domains -> 2) Dynamic DNS free (or “learn more” button underneath) -> 3) Create hostname

On the next page enter a subdomain name of your preference, click on the domain button to pick from a wide variety of domains, do not change any other settings. On the next section, click on “your current location’s IP address is…” so that your external IP address can be automatically populated in the field above.


Step 2: Load your Router with DD-WRT Firmware

Set up the Linksys WRT54GL and load it with the DD-WRT firmware.  There are two firmwares that you are going to have to load. The reason for this is that the original firmware in router does not allow enough space to perform the loading process of the full DD-WRT firmware. Therefore, a mini DD-WRT firmware has to be loaded first. This firmware will replace the original and it is small enough for its own installation to be completed. In addition, once installed, it is also small enough for the full firmware version of DD-WRT to be loaded.

Setup and Prepare for DD-WRT Firmware Installation

Connect your router to your DSL or Cable modem via the WAN interface and to the computer via one of its 4 existing LAN ports.

Set your computer’s ip configuration from DHCP to the following:

IP address:    192.168.1.100
Mask:           255.255.255.0
Gateway:      192.168.1.1
DNS:            192.168.1.1

Make sure you can get out to the web.

Load the Router with the DD-WRT Firmware

*** WARNING: It is very important you do not interrupt the loading process once it starts or your router might be permanently damaged. The process might last several minutes, do not power-cycle your router until you see a message on the screen advising your the process has been completed. Please read this whole section before proceeding***

Click to enlarge

To load DD-WRT you have to load two firmwares. and an initial “mini” firmware that will erase the router’s current contents and will allow you to load the second and final one; the VPN firmware. Do not try to load the final VPN firmware directly to the router, it won’t fit and the installation will get stuck half way. 

1) Load the “Mini” version of DD-WRT:

To load the “mini” version of DD-WRT, access the routers configuration page by opening your Internet browser and going to http://192.168.1.1 (this address might be different if you have a different brand of router). The default credentials for the wrt54gl router are: Login: Password: admin. Once there, click on the administration tab -> “fimware upgrade” -> “browse” and pick the mini version -> “click on the upgrade button”. Once again do not interrupt this process until you get a confirmation on the screen that the process has been completed successfully or else you will turn your router into a brick! Restart the router and make sure it works; if not, reset it.

2) Load the VPN Version of DD-WRT

The process for loading the final VPN version of DD-WRT is basically the same as for the mini.  Access the router’s configuration page by opening your Internet browser and going to http://192.168.1.1.  The default credentials for a router loaded with DD-WRT are: Login: root Password: admin. Once there, click on the administration tab then on “fimware upgrade” -> “browse” and pick the VPN version -> “click on the upgrade button”. Once again do not interrupt this process or else you will turn your router into a brick! Restart the router and make sure it works; if not, reset it.


Step 4: Configure Router’s Connection to  DynDNS

Click to enlarge

Go into the router’s configuration and under the “General” click on the “DDNS” tab

- DDNS service: Select DynDNS.org

- Do not use external IP Check:  Leave it as “no

- Enter the username and password you chose when you signed up to DynDNS

- Host Name: enter the domain name you chose. Example: house.dyndns.org

- Type: leave it as “Dynamic

- Wildcard: Leave unchecked

- Force update interval:  leave the default, “10” days


Step 5: Configure VPN Setup at the Router

Click to enlarge

Go to the router’s configuration and under the “Services” tab click on the “VPN” tab

- Set “PPTP Server“, “Broadcast Support“, “Force MPPE Encription” to “enable”

- “Server IP” will be your router’s IP, in this case 192.168.1.1

- “Client IP(s)” is the IP range dedicated to all computers that will connect through the VPN, in this example we are alocating 5 IPs in the 200′s range, so we will set it to 192.168.1.200-205

- “Chap Secrets” is basically your username and password, enter it exactly as you see in the picture (click to enlarge) including spaces and asterisks. Example: If your username is “administrator” and password “abcdefg” then enter:

administrator * abcdefg *


- Set “Radius“, “PPTP Client Options“, “Start OpenVPN” (under Daemon) and Start OpenVPN” (under Client) to “disable”


Step 6: Configure VPN Client at Incoming Computer

The following is the VPN client setup you will implement at the computer you are using to connect to your remote computer. The tutorial on this section is for Windows XP. I won’t cover Windows Vista or 7 since I do not want to make this article bigger than what it already is:

- Click Start -> Settings -> Control Panel -> Network -> New Connection

- Select “Connect to the network at my workplace” and click “Next“.

- Select “Virtual Private Network connection” and click “Next“.

- Enter the name you would like to give to this VPN connection. Any name will be OK, this is just for your reference.

- Select “Do not dial my initial connection” and click “Next” and “Finish”.

- Enter your the domain name you selected with DynDNS. Example “house.dyndns.com” and click “Next“.

- Select “Do not use my smart card” and click “Next” and “Finish“.

This will create a new icon under:

Start -> Settings -> Control Panel -> Network.

You can drag this icon to your desktop if you prefer.


Step 8: Turn your Computer on Remotely with Wake-on-LAN

Click to enlarge

Before this can be accomplished, you must enable Wake-on-LAN on your computer’s BIOS. Every computer is different, but usually to get into the BIOS you have to turn the computer on and immediately start pressing either the “DEL”, “F1″ or “F2″ buttons. Once there, look for the “Wake-on-LAN” option and enable it. All computers will have it unless the network card is not integrated into the motherboard.

Now, If you forgot to turn your computer on before you left, no problem. Just connect to your VPN, open your Internet browser and log into the router’s configuration page and perform the following these steps:

- Click on “Administration Tab” and “WOL” tab

- Select the computer you wish to wake up from the list of computers available in the router. To select the computer check the box to the right hand side; this will place the selected computer at the bottom on the “WOL addresses list”

- Press “Wake UP” button

 

Step 9: Connecting to the Remote Computer

Now that you are connected to the VPN and your remote computer is up and running, you can connect to it using a variety of methods, like “Shared Folders”, FTP, Telnet, etc. The most common and useful method, however, would be to connect via “Remote Desktop“.

Remote Desktop in Windows

To connect via Remote Desktop, you have to make sure that the remote desktop connection is enabled on the computer you are trying to connect to. The “Administrator” account will have access automatically once you enable Remote Desktop on the destination computer, however, other account will have to be added to the list of allowed users.

Remote Desktop in Linux

To connect from a Windows PC to a remote Ubuntu Linux PC using Windows Remote Desktop, please read this article.

To connect from a Ubuntu Linux PC to a remote Windows PC using Windows Remote Desktop, please read this article.


Final Thoughts

If you want a reliable, painless, always on, worry free connection to your home computer, there is no better solution out there.  You will find hundreds of articles on the web on how to connect to your computer remotely, some even selling you one remote connection service or another. Most of then will talk about WebEx, VNC, LogMeIn, even other VPN client/server setups. None will give you a complete solution; you will either need a second person on the other side to connect you or you will need to have your remote computer on all the time. This is a complete solution, and as long as you have the router, it is free forever.

21 comments:

  1. Josh, 16. August 2011, 11:51

    Does anyone know a good way to implement certification or a good guide to using Easy RSA to implement the certificates into this setup?

     
  2. Mircea, 12. August 2011, 1:33

    Thank you Pablo for your answer. My needs are little different from your article (maybe I don’t need DynDNS because I have a static IP at router, I need to use remote IP gateway from router to my field laptop), that is why I asked if this particular needs will work. Compared cu DD-WRT instructions for VPN, your article is much more simple and practical.
    I will buy Linksys 4200 (it’t more futureproof) when I will found that DD-WRT includes a stable VPN version (at this moment is work in progress). I know WRT54GL is more stable/tested, and cheap like chips, but I want a more powerfull router.

     
  3. Pablo Garcia, 11. August 2011, 21:00

    Hi Mircea
    Yes, you cannot install dd-wrt in that router you need to get another one. And, yes, this works I tried it myself, I never write an article if I don’t try the project first.

     
  4. Mircea, 11. August 2011, 12:30

    Hi and thank you for your work!
    I need to conect remotely (from dinamic IP) to my office router and from there to other computer accesible only from office IP (my office has static IP and the computers I want to connect are IP filtered).
    Your solution seems to be the answer, I tried Teamviewer, VNC, Logmein, but that solutions needs a computer to be open.
    My office Router (D-link DI524) is not supported, I will buy another one if you say that I can use remote gateway.
    Can I do this?
    Many thanks!

     
  5. Pablo Garcia, 2. August 2011, 20:01

    Kathy:
    You probably could however they are going to be really slow. What you want to do is connect remotely to your computer using VPN then opening a remote desktop connection and run any programs from the remote computer’s desktop.

     
  6. kathy, 2. August 2011, 18:19

    With just a VPN connection, can I map to drives located on the remote computer? and run applications that are on the remote computer? Not sure why I need RDT.

     
  7. Pablo Garcia, 26. July 2011, 9:22

    Jonathan
    Same as any other VPN. It also depends on your internet connection of course.

     
  8. Jonathan, 23. July 2011, 23:03

    How is the connection speed?

     
  9. Pablo Garcia, 6. July 2011, 11:31

    Hi David

    The router does everything and it is totally independent from the computer, you should be able to connect to it 24/7. Now if your computer goes to sleep or is turned off you need to setup “Wake-on-line”, so you can wake it up from the router. Now, this only works if you are connected with an Ethernet cable to the router, it will not work Wireless.

     
  10. David, 5. July 2011, 6:56

    I have another problem. I made a setup on the dd-wrt for connecting remotely over internet (on the administrative page). all works fine while the lan side computer is turnd on (i can connect over internet to the router web interface typing the dns domain name provided by dyndns.org) but when i shut down the computer, after some time, for example half an hour, the router is not accessible anymore. Wich settings must I set to keep the router on? does it go to stanby?

     
  11. Pablo Garcia, 5. June 2011, 20:30

    Hi Christopher:

    The WRT54GS has many versions, some have enough memory for the VPN firmware and some do not. Flip your router and take a look at the version, then go to the DD-WRT website and download the correct version for your router, if the VPN firmware is not on the list then you cannot flash it.
    If it is then you must be doing something wrong, each firmware for each particular router has instructions on the DD-WRT forum, search in there and you will find an answer.

     
  12. christopher, 5. June 2011, 6:11

    I’ve just loaded DD-WRT on my WRT54GS router. Unfortunately I followed the step by step directions from DD-WRT and put Micro on it first. Micro doesn’t come with VPN functionality, and now the “firmware upgrade” keeps saying “upgrade failed” when I try to put the VPN version on. Any ideas?

     
  13. Pablo Garcia, 9. May 2011, 23:21

    Hi Blewie
    Where are you getting this error?, some details would be nice ;)

     
  14. Pablo Garcia, 9. May 2011, 19:40

    Hi Curtis:

    I am not sure I understand what you mean by “you have to do the remote computer”. If you are talking about “Remote Desktop” then the answer is yes, if that is what you wish to do. Please understand (and this goes for everybody else that reads this article.) that when you connect via VPN is basically the same as if you placed your remote computer inside the same network you are trying to connect to. It will get an IP from the remote network and even when you go to the web that Internet you are seeing will come from the remote network’s router. It will be just as if you were inside the remote network.
    After you connect to the remote network via VPN then you can connect to any computer inside the remote network using a variety of methods, like “Remote Desktop”, “Shared Folders”, etc.

    I’ve now added an extra step (Step 9) so people don’t get lost once they finish reading the article.

     
  15. blewie, 9. May 2011, 1:53

    Hi,
    i keep getting an error 868?
    any help would be nice!

     
  16. Curtis, 8. May 2011, 20:39

    OK… so what do you have to do to the remote computer to connect to the home network? I don’t see any configuration information for the remote workstation.

     
  17. Pablo Garcia, 6. May 2011, 14:15

    Hi Griff:

    You have to enable Remote Desktop Access on the remote computer, and connect to it via remote desktop. You can also share a folder on the remote computer, etc. There are many different ways, it just depends on what you what to do and how you want to do it.

     
  18. Griff, 6. May 2011, 9:28

    I have setup this VPN and I am able to establish a connection through the VPN but I cant seem to access my computers I am not sure if there is an additional program I need or what can you point me in the right direction? I have a network login setup at my work and it dials in to the router and makes the established connection and I can see that connection at the bottom of the screen I am just unsure about how to go forward from here on establishing the connection to the computer within that network.

     
  19. Pablo Garcia, 13. February 2011, 10:46

    Sorry, my mistake, I’ve corrected it now, thanks for letting me know.

     
  20. rokkon, 13. February 2011, 8:02

    Shouldn’t the IP range in Step 5 be something like “192.168.1.200-205″ instead of “192.168.200-205″?
    Otherwise pretty nice guide!

     
  21. Alfredo, 11. January 2011, 14:11

    can the PPTP Server on DD-WRT run at the same time as the PPTP Client?

     

Write a comment:


You will receive an email when your comment is answered


+ five = 6

.