Encrypted VPN with DD-WRT for your iPod or iPhone

By | 2010/06/23

How do I create an encrypted VPN to tunnel my iPhone traffic through my home internet connection?

August 2012 Update: PPTP VPNs are no longer secure. The encryption has been cracked and PPTP VPNs should no longer be used!

You need:

DD-WRT 24sp1 installed in your home router

– iPod Touch, iPhone, or other computer or device. This guide happens to show an iPod Touch.

– Ideally have DynDNS (free) already setup in your DD-WRT, or alternatively have a domain name pointing to your home ip address.

1. In DD-WRT go to Services > PPTP

Create the following settings:

PPTP Server: Enable
Server IP:
Client IP(s):
username * password *

Server IP is your router’s private ip address. This will be the same as the private ip address you are using in your web browser to access DD-WRT, for instance.

Client IP(s): You must pick a range of available DHCP private IP addresses that are available as specified in DD-WRT > Setup.

CHAP-Secrets: Your desired VPN login in this format:


Click Apply Settings, then Save.


2. Next go to Security > VPN

Enable PPTP Passthrough

Click Apply, then Save.


3. Finally go to Administration > Commands

Enter the following command into the ‘Commands’ box and click Run Commands, and then Save Startup.

sed -i -e 's/mppe .*/mppe required,stateless/' /tmp/pptpd/options.pptpd


4. Finally, reboot your router under

Administration > Management > Reboot Router

Ok your router should be all set!

Now for this example I’m connecting with an iPod Touch. You could also use these settings for other computers or devices to connect to your VPN.

In the iPod or iPhone, go to Settings > General


Network >




Add VPN Configuration >


Click PPTP

Description: put your home domain
Server: put home domain, or ip address
Account: put your CHAP-Secrets VPN username
Password: put your CHAP-Secrets VPN password
Encryption Level: Auto
Send All Traffic: ON

Click to Save at the top.


You can now toggle a switch to turn your VPN ‘ON’ under your iPod settings. When connected you get a small VPN indicator at the top.



11 thoughts on “Encrypted VPN with DD-WRT for your iPod or iPhone

  1. David

    I have used this method to configure my VPN on both my iPhone 4 and iPad 2 with success, sort of.

    The connection works flawlessly with the exception that my iPad consistently cannot connect if it is the first client connecting to the VPN. As soon as I make a connection from my iPhone or a PC to the VPN, then my iPad will connect successfully every time. I can then disconnect the first client and the iPad will continue to function on the VPN as expected. Reconnecting however, would again require that another client be connected first.

    The iPhone and iPad connections are configured identically, both using Encryption Level: Auto.

    This is very consistent and reproducable. I can attempt dozens of times to connect to the VPN as the first client from my iPad and it will consistently show “Connecting”, then “Starting”, then “Disconnecting”. As soon as I make the same connection from my iPhone or PC, the next attempt from my iPad works perfectly.

    I am using DD-WRT v24-sp1 and have configured the PPTP server as per this article including required encryption:

    cat /tmp/pptpd/options.pptpd shows the following:

    name *
    lcp-echo-failure 10
    lcp-echo-interval 5
    deflate 0
    mppe required,stateless
    chap-secrets /tmp/pptpd/chap-secrets
    ip-up-script /tmp/pptpd/ip-up
    ip-down-script /tmp/pptpd/ip-down
    mtu 1450
    mru 1450

    Any ideas would be appreciated.

    1. scott Post author

      Hm that all seems ok to me. I have since gone to dd-wrt v24-sp2 on my router. It seems to have better VPN support. You can just select a button to enable encryption instead of doing some sort of sed command.

      See this image:

      > http://scottlinux.com/wp-content/uploads/2011/04/ddwrt.png

      The only downside is that there is no ipv6 support in this build of dd-wrt, if that concerns you. Otherwise. I’d suggest trying v24-sp2,

  2. dave

    OK, I have been trying to get this working for 3 days now… some websites say I have to put in my routers private IP address into the server IP in the router, others say it has to be my WAN IP address…

    If I use my wan IP address then all works fine while I am connected to the local wi-fi but not from an external network…. Actually same as using the lan IP address in the server IP box… can connect fine when using my local wi-fi but not from an external source…

    Any idea why?

    1. scott Post author

      Are you coming from the outside with a same private ip range as your home network? This can be problematic for a VPN.

  3. dave

    Dont think so… I am using my 3g connection on my iphone to connect to the VPN and it simply wont connect…

    Now the confusing part is that some websites say to set the PPTP server in dd-wrt as the private IP address as you have done, others say to use the WAN (public) ip address. I ahve tried it all ways and nothing works.

    currently the PPTP server is set to Client IP’s are set to (my DHCP starts at

    I also have a 2nd vpn connection setup on the iphone to try and that is using the DDNS settings and the iphone comes up with the error “the PPTPN-VPN server did not respond”

    if I connect to my lan via wi-fi then it all works so obviously the authentication etc is fine, its getting the external connection thats killing me…

    1. scott Post author

      Ok hrmm. Yeah the server ip setting should technically work with either the private ip or public WAN address.

      Have you tried to connect from a coffee shop wifi with your phone on that wifi?

      (In case there is anything being filtered by your 3G connection?)

  4. Deltady

    Hi, How can I verify if PPTPN-VPN is working well(on DDWRT 24 sp2)? I have “the PPTPN-VPN server did not respond” error via 3G connection(I use no-ip DDNS). Have a nice day

  5. mike


    What does that command line do?

    sed -i -e ‘s/mppe .*/mppe required,stateless/’ /tmp/pptpd/options.pptpd

    Thanks for the tutorial


  6. Jafar

    Today, we use our smartphones for everything from reading news to checking bank accounts to ordering food to texting family and friends. You always read about being careful when using a laptop on a public WiFi network because of hackers and snooping, but what about your smartphone? A hacker could probably gain more information about you from your smartphone if they could capture the data being sent between your apps and the Internet.


Leave a Reply

Your email address will not be published. Required fields are marked *

Notify me of followup comments via e-mail. You can also subscribe without commenting.