TechNazgul RSS

Friday, January 28, 2011

Configuring DD-WRT VPN client with HideIP VPN



HideIP VPN is a simple, fast VPN provider that I’ve used in the past to help navigate around poor BGP routing issues that were slowing down my backups to CrashPlan’s online backup service.  Specifically, the goal was to avoid any and all routing through Cogentco’s very slow route to CrashPlan Central (which increased my uploads by 350%).  I’m optimistic that at some point CrashPlan will fix this problem by talking to Cogentco about how it’s affecting their service, but despite it being reported several months ago by many users on their forums, their only response is that they don’t believe it’s their problem (bummer).

 

However, configuring the VPN on each machine in my network was a pain I didn’t want to go through, so instead I set up a VPN on my DD-WRT router (Asus RT-N16) to direct all CrashPlan Central traffic through the VPN (which is faster than the direct connection BGP chooses for me to CrashPlan’s central servers).

 

This is all done in DD-WRT version v24-sp2 (mega build).  In the DD-WRT GUI, choose Services –> VPN – PPTP Client –> Enable.

 

That brings you to this interface:

 

ddwrt-pptp-vpn

 

Now, let’s explain each of the options above.

 

Server IP or DNS Name: This is the address of the HideIP VPN server you wish to use.  At the time I was doing this, here is how the IP addresses map to locations.  The lines in bold are VPNs that actually do avoid Cogentco’s routing to central.crashplan.com, so if you’re trying to accomplish the same thing, I’d recommend you use one of those.

 

us1.hideipvpn.com resolves to: 74.55.175.26 - Houston, TX
us2.hideipvpn.com resolves to: 204.152.215.132 - Los Angeles, CA
us3.hideipvpn.com resolves to: 174.37.16.81 - Dallas, TX
us4.hideipvpn.com resolves to: 173.208.45.178 - NYC
us5.hideipvpn.com resolves to: 173.208.68.58 - Dallas, TX
us6.hideipvpn.com resolves to: 67.215.231.90 - Santa Ana, CA
us7.hideipvpn.com resolves to: 173.234.32.26 - Chicago, IL (the one I’m using above)
us8.hideipvpn.com resolves to: 70.32.45.178 – NYC

 

Remote Subnet:  This is the range of addresses belonging to Central.CrashPlan.com.  I chose a wide swath of addresses that includes the complete last octet of the IP address. 173.225.132.x, which is what the combination of remote subnet and subnet mask accomplishes above.  Use those same values if you are backing up to central.crashplan.com.  Realistically, this will cause some non-crashplan traffic to go over this VPN as well, but I don’t consider that a big problem.

 

MPPE Encryption: These options are necessary to connect to HideIPVPN’s service:

mppe required,no40,no56,stateless

 

MTU/MRU/NAT: leave as default.

Username/Password” as provided by HideIPVPN

 

Once you’ve configured these options click Save, then Apply Settings.   Then navigate to “Administration –> Reboot Router.”  The router will connect to the VPN upon reboot. Make sure to give it 2-3 minutes to fully reboot and connect, after which you can test success by opening a terminal window and doing a traceroute to central.crashplan.com.  In Windows, the output looks like this.  The key that you are looking for is for the 2nd line to read something like below, an internal IP address on HideIPVPN’s network.  After that, just check the route to make sure that it does not include CogentCo and you’re set.

 

traceroute

 

In my case, going through CogentCo maxes me out at a ~500 Kbps to central.crashplan.com.  When I establish the VPN through HideIP-VPN-NYC, I achieve ~1.8 Mbps (on a 3 Mbps uplink connection), a 350% improvement.

 

15 comments:

  1. Hi!

    Cool howto indeed. Just a question, what happens if you want to route the traffic over the VPN for more than one subnet? guess you need to make use of iptables right?

    ReplyDelete
  2. Yep, that's my understanding as well. I don't have a lot of experience with that myself, but I did read up on the same thing when first setting this up.

    ReplyDelete
  3. Hi,

    I have had massive trouble trying to route more than one subnet down the VPN, if somebody comes up with a work for connecting PPTP and routing internet through it let me know, I too am using DD - WRT on an E3000 router. But the only way I got this to work was using PPTP main WAN setup and at best it was very slow and flaky to connect. I couldnt get it to work with PPTP client settings accept single subnet. Tried massive subnets as well like 1.0.0.0 255.0.0.0 in the hope it would route everything from 1.0.0.0 to 255.255.255.254 but it didnt work.

    ReplyDelete
  4. i have the exact same router and build for ddwrt but my internet connection is pppoe and if i did the above steps i cant connect to internet as my stupid isp assigned a user and a password and without it you can not connect to internet at all
    please help

    ReplyDelete
  5. I think you're stuck in that case with password-protected PPOE.

    ReplyDelete
  6. Thank you. I'm now seeing 3Mbps upstream to CrashPlan, up from around 500kbps previously (due to cogentco route).

    My upstream can theoretically get 10Mbps. I am wondering if there are even faster VPNs, or other performance tricks to optimize the HideIP VPN tunnel.

    ReplyDelete
  7. Awesome, thanks for taking the time to post back. I have had a ticket open with CrashPlan for months for them to take a look at this behavior but they keep responding saying almost no one is affected by this. If you are so inclined, please open a ticket with them to raise the awareness as well. Eventually if we're lucky we won't have to pay another $5 / month for a VPN.

    ReplyDelete
  8. TechNazgul, what is your router doing on the Setup/Basic tab in your configuration above? How is the router getting connected to your ISP?

    ReplyDelete
  9. It's a DHCP assignment from UVerse.

    ReplyDelete
  10. It is only the VPN that provides fool-proof online protection of your data and information on the internet. No doubt, it is the most preferred and trusted tool for online protection. To ensure perfect security, VPN creates an encrypted tunnel between your system and a remote server located in a different country. http://www.purevpn.com/blog/dd-wrt-vpn/

    ReplyDelete
  11. Thank you for this awesome guide I am however having a issue every time I try the traceroute it keeps failing.

    ReplyDelete
  12. Great post! Thanks for sharing!

    ReplyDelete
  13. PPTP Client over PPPoe Problem

    http://www.dd-wrt.com/phpBB2/viewtopic.php?p=734866

    ReplyDelete
  14. Nice article ! Nowadays, there are a lot of software like VPN available to hide ip address to surf internet anonymously . The purpose of hiding ip address from the public view provides security to the browsers so, they can prevent from ip hacking . After hiding their original ip, one can check whether their ip gets changed or not by using Ip-details.com

    ReplyDelete

Followers

Facebook