🍪 Cookie-free

How to restrict OpenVPN to certain devices in DD-WRT

OpenVPN on DD-WRT offers a great feature, whereby you can restrict the VPN to only specified IP addresses.

This means that you could:

  • Only run the VPN on specific devices (for example, I have it running on my Fire Stick with Kodi).
  • Use the VPN only when you want it by setting a custom IP on your device.

Here’s how it works, in the DD-WT admin interface (e.g. 192.168.1.1):

Restrict your VPN device(s) to fixed IP addresses

This locks your devices to particular IP addresses, which you’ll then use for the VPN.

  1. Navigate to Status > LAN

    DD-WRT LAN status

  2. Scroll down to Active Clients and locate your device; it may take a bit of guesswork

    DD-WRT Active Clients

  3. Copy its Hostname and MAC Address - stick them in TextEdit/Notepad or similar

  4. Navigate to Services

  5. Under DHCP Server, hit Add to add a line to Static Leases

  6. Paste the MAC Address and Hostname you copied earlier

    DD-WRT static lease

  7. Type the IP address you’d like to lock this device to

  8. Leave client lease time blank

  9. Scroll to the bottom and Save


Restrict OpenVPN to specified IP addresses
  1. Navigate to Services > VPN

    DD-WRT VPN

  2. Scroll down to OpenVPN Client

  3. Find the box labelled Policy based Routing

  4. Add the IP addresses of the devices you want to access the Internet through the VPN

    DD-WRT OpenVPN Policy based Routing

  5. Save and Apply Settings


Reboot to refresh IP addresses

There are other ways to do this but the simplest way to get your newly locked device onto the correct IP address, and therefore the VPN, is to reboot:

  1. Navigate to Administration
  2. Scroll to the bottom and hit Reboot RouterDD-WRT reboot router

That’s it!

Once your router reboots, you should be able to access the Internet VPN-free on all devices but the one(s) specified in Policy based Routing.