Go to the download section in the member area of the Perfect Privacy website and click on the router icon on the top right.
Choose your configuration type, we recommend using
- Type: Servers grouped
- Protocol: UDP
- Encryption: AES-256-CBC
Then click on Download and save the file mobile_udp.zip on your PC.
Tip: Depending on the CPU performance of the router you may want to use the weaker encryption AES-128-CBC to improve bandwidth.
Log in to your DD_WRT router and enter at least two public DNS servers. You can either use Google’s DNS servers (220.127.116.11, 18.104.22.168.) or any from the OpenNIC project.
Then click on Save and Apply Settings.
Note: If you want, you can also use Perfect Privacy DNS servers (you can find the IPs on the server site in the member area). Note that these DNS servers will only resolve *.perfect-privacy.com domains when VPN is not connected which means that Internet access will not work without the VPN being connected.
However, there will be no IP-Leak when using public nameservers instead, since all DNS requests will be sent anonymized over the VPN tunnel while a VPN connection is established.
Go to Services -> VPN and configure the settings as follows:
- Start OpenVPN Client: Enable
- Server IP/Name: A Perfect Privacy server of your choice, in this example zurich.perfect-privacy.com
- Port: Enter any valid port (148, 149, 150, 151, 1148, 1149, 1150 or 1151).
- Tunnel Device: TUN
- Tunnel Protocol: UDP
- Encryption Cipher: AES-256 CBC
- Hash Algorithm; SHA512
- User Pass Authentication: Enable
- Username: Your Perfect Privacy username
- Password: Your Perfect Privacy password
- Advanced Options: Enable
- TLS Cipher: TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
- LZO Compression: Adaptive
- NAT: Enable
- Firewall Protection: Enable
- Tunnel UDP Fragment: 1300
- nsCertType verification: Check the box
You can find the keys and certificates in the previously downloaded configuration. Open the *.ovpn file of the server you are using, in this case Zurich.ovpn.
- Copy the content between the tags <tls-auth></tls-auth> in the field TLS Auth Key.
- Copy the content between the tags <ca></ca> in the field CA Cert.
- Copy the content between the tags <cert></cert> in the field Public Client Cert.
- Copy the content between the tags <key></key> in the field Private Client Key.
When finished click on Save and Apply Settings.
CAUTION: This step activates the firewall protection (“kill switch”) which prevents traffic leaving your network in case the VPN connection was interrupted. If you also want to access the Internet with your router when no VPN is connected, you need to skip this step.
Go to Administration -> Commands and enter the following lines:
iptables --flush FORWARD iptables -P FORWARD DROP iptables -I FORWARD -o tun+ -j ACCEPT iptables -I FORWARD -i tun+ -j ACCEPT iptables -t nat -I POSTROUTING -o tun+ -j MASQUERADE
Then click on Save Firewall.