?
Solved

How do I set up a VPN between two locations using two DD-WRT routers.

Posted on 2009-02-20
13
Medium Priority
?
2,631 Views
Last Modified: 2013-11-16
Hey.

I have no expreience in setting up VPN and I need help to configure a VPN connection between two locations. I have managet to get hold of two linksys routers now upgraded with latest stable DD-WRT (vpn version)  v24-sp1.

I found two articles on the net about this, but i cant get it to work.
http://www.dd-wrt.com/wiki/index.php/OpenVPN_-_Site-to-Site_routed_VPN_between_two_routers
and
http://www.geek-pages.com/articles/latest/openvpn_server_and_client_on_dd-wrt.html
This last article is talking about some options i cant find in any menus (JFFS2)

Both routers are configureed and rebootet. But when i try to ping there is no response from the other side.

As far as I can understand PPTP is not the way to go. Even tho it looks tempting because of it simplicity

Look in the code section to se my settings.
Is there anyting left out in the exaples.

In the code example
123.123.123.123 is makebeleave ip of the vpn server.
The key is changed to one from the example

Server startup:
-----------------------------------------------------------------------------
Startup# Move to writable directory and create scripts
cd /tmp
ln -s /usr/sbin/openvpn /tmp/myvpn
 
# Config for Site-to-Site SiteA-SiteB
echo "
proto udp          
port 2000
dev tun0
secret /tmp/static.key
verb 3
comp-lzo
keepalive 15 60
daemon
" > SiteA-SiteB.conf
 
# Config for Static Key
echo "
-----BEGIN OpenVPN Static key V1-----
aeb68165149e096d8f04252dd22fe67d
dd15d8c87e8a577c5c14ebd1ef0bf0b6
0e1d652f91fe66ed3774505e641936dd
458a6db60fb36b969d8bcd37803cf1d3
6d49383ec2daa1d2ae70e3ca49b950a4
bba985940e5e4a15fac702cbcf47f9d0
39f7939980bbb63d2964bb6216471162
0a519fe25d1e0d48044a1ad85dc94758
af6f7b7c52ccaaefa3d013fcbf621366
5ea18d9dc36c3b2a9ac277a9903998fe
45e10b0f79fd443727c3f30278981b3d
0fa525ad843645b4acc28969450bd601
4ce774aba0e830149489dc1592741580
fbd3cd24cc7baa68e06b3e3aedae2565
a36b8a3f687ddbb78411740d755249cf
45c0617c215b66eabc72f60f47b32c64
-----END OpenVPN Static key V1-----
" > static.key
 
# Create interfaces
/tmp/myvpn --mktun --dev tun0
ifconfig tun0 10.61.24.1 netmask 255.255.255.0 promisc up
 
# Create routes
route add -net OTHERSUBNET netmask 255.255.255.0 gw 10.61.25.1
 
# Initiate the tunnel
sleep 5
/tmp/myvpn --config SiteA-SiteB.conf
 
 
Server Firewall:
# Open firewall holes
iptables -I INPUT 2 -p udp --dport 2000 -j ACCEPT
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
 
 
Client Startup:
--------------------------------------------------------------
# Move to writable directory and create scripts
cd /tmp
ln -s /usr/sbin/openvpn /tmp/myvpn
 
# Config for Site-to-Site SiteA-SiteB
echo "
remote 123.123.123.123
proto udp          
port 2000
dev tun0
secret /tmp/static.key
verb 3
comp-lzo
keepalive 15 60
daemon
" > SiteA-SiteB.conf
 
# Config for Static Key
echo "
-----BEGIN OpenVPN Static key V1-----
aeb68165149e096d8f04252dd22fe67d
dd15d8c87e8a577c5c14ebd1ef0bf0b6
0e1d652f91fe66ed3774505e641936dd
458a6db60fb36b969d8bcd37803cf1d3
6d49383ec2daa1d2ae70e3ca49b950a4
bba985940e5e4a15fac702cbcf47f9d0
39f7939980bbb63d2964bb6216471162
0a519fe25d1e0d48044a1ad85dc94758
af6f7b7c52ccaaefa3d013fcbf621366
5ea18d9dc36c3b2a9ac277a9903998fe
45e10b0f79fd443727c3f30278981b3d
0fa525ad843645b4acc28969450bd601
4ce774aba0e830149489dc1592741580
fbd3cd24cc7baa68e06b3e3aedae2565
a36b8a3f687ddbb78411740d755249cf
45c0617c215b66eabc72f60f47b32c64
-----END OpenVPN Static key V1-----
" > static.key
 
# Create interfaces
/tmp/myvpn --mktun --dev tun0
ifconfig tun0 10.61.25.1 netmask 255.255.255.0 promisc up
 
# Create routes
route add -net OTHERSUBNET netmask 255.255.255.0 gw 10.61.24.1
 
# Initiate the tunnel
sleep 5
/tmp/myvpn --config SiteA-SiteB.conf
 
Client Firewall:
--------------------------------------------------------------
# Open firewall holes
iptables -I INPUT 2 -p udp --dport 2000 -j ACCEPT
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT

Open in new window

0
Comment
Question by:klundoffshore
  • 7
  • 6
13 Comments
 
LVL 8

Expert Comment

by:MrJemson
ID: 23696949
"Before proceeding, you need to download the VPN-flavoured version of DD-WRT from the DD-WRT Download Page"

Silly question, but you do have this version correct?
0
 
LVL 8

Expert Comment

by:MrJemson
ID: 23696964
Also, I believe JFFS2 section is under Administration from memory.
A few lines below the password change field...
0
 

Author Comment

by:klundoffshore
ID: 23697488
Hi.. Let me quote my self for a start:
" have managet to get hold of two linksys routers now upgraded with latest stable DD-WRT (vpn version)  v24-sp1."

So yes i have the VPN version. :) Just to wipe all doubt away here is a copy from admin web page:
"Firmware: DD-WRT v24-sp1 (07/28/08) vpn"

Under administration there are several tabs, none of them have the JFFS2 settings.  Maybe they have removed it or renamed it in v24-sp1. I sure cant se it.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 

Author Comment

by:klundoffshore
ID: 23697557
Hmm. I have found JFFS2 uner Services -> Services ->  DHCP server.
But it says:
Use JFFS2 for client lease DB  (Not mounted)
Not possible to turn on.

 Is this really necesarry? The first article does not even mention this.


JFFS2.jpg
0
 
LVL 8

Expert Comment

by:MrJemson
ID: 23697619
Apologies fo not seeing that in your first post.

From the DD-WRT website:
Note that DD-WRT v24sp1 VPN builds have the JFFS feature removed, presumably due to conflicts that Brainslayer found between JFFS and bandwidth monitoring

Looks like you are correct in saying JFFS2 is not a requirement.

In your logs do you have any info regarding the tunnel?
Does ifconfig show any extra interfaces being applied?
0
 

Author Comment

by:klundoffshore
ID: 23699119
Guess i need som help in getting the logging to work out.
I have put "log /tmp/openvpn.log" in the startutp of the router.  By using the "First Technique" from ddwrt wiki.

But i am not able ro execute the command that is supposed to show med the logfile.
"router$ less /tmp/openvpn.log"

Image shows what i have typed.
First Technique: Shell Logging 
Thanks Miguel for suggesting this! :-) Add logging to the VPN tunnel operation. This can be done by inserting the following line in the client and/or server configuration: 
 
log /tmp/openvpn.log
This will instruct openvpn to create a log file named 'openvpn.log' in /tmp. By enabling Telnet or SSH and connecting to your router, you should be able to get the logging output by issuing the following command: 
 
router$ less /tmp/openvpn.log
You need to use your arrow keys to scroll up and down in the log and 'q' to exit the scroller. 
 
Warning: This should only be used for testing and debugging purposes as it generates extra load on your router, as well as eating up valuable space in memory. 

Open in new window

log.jpg
0
 
LVL 8

Expert Comment

by:MrJemson
ID: 23703157
router$ is a prompt, like root@DD-WRT:~#
The actual command is: 'less /tmp/openvpn.log'
You could also use 'tail /tmp/openvpn.log' or 'cat /tmp/openvpn.log'

Try this and let me know how you go.
0
 

Author Comment

by:klundoffshore
ID: 23709301
Thanx for Reply. When i try to less, tail or cat i get no response. Like the file is not there. se attatched image.

I have added "log /tmp/openvpn.log" to the startup command of the router but it seems like there is no file created.

My bet is that i have placed it in the wrong place, Se code. I just put it at the end. Im a windows guy and know very little about *nix commands. (as you probably understand :) )
# Move to writable directory and create scripts
cd /tmp
ln -s /usr/sbin/openvpn /tmp/myvpn
 
# Config for Site-to-Site SiteA-SiteB
echo "
remote 84.234.146.122
proto udp          
port 2000
dev tun0
secret /tmp/static.key
verb 3
comp-lzo
keepalive 15 60
daemon
" > SiteA-SiteB.conf
 
# Config for Static Key
echo "
-----BEGIN OpenVPN Static key V1-----
809f1e47221b5f0a97258832e25f5e98
e495540885c5c9d75694509ada1bdf30
6415b23a225f90945996ff917a03e827
44974d7ae7c56a1afec27ed5b0839da2
09112f4706a01ce2528596f6104c9a91
31f864c312060fceaa29c7dc85e5bb36
512ce01d78ca3526590c70a19cde810a
a70ad68ab5cda46cf1e7b6642fe48815
b09db499a0bf65d539a3c9a2cf75a36e
9f4e7bac6ce45c70396f694402e94cee
72ebd4d0cea3b6c8bcda14708dfd2535
6a529dabb22efbe4d066455a22f13ee1
a0a14a7db5a164294eb41fd058e4103b
48b62cbf29a23171320ecb10d9e5266e
0feeb627928791995886402622dbd569
19e49925861484b5aa9b6c1e2b3e4010
-----END OpenVPN Static key V1-----
" > static.key
 
# Create interfaces
/tmp/myvpn --mktun --dev tun0
ifconfig tun0 10.61.25.1 netmask 255.255.255.0 promisc up
 
# Create routes
route add -net OTHERSUBNET netmask 255.255.255.0 gw 10.61.24.1
 
# Initiate the tunnel
sleep 5
/tmp/myvpn --config SiteA-SiteB.conf
log /tmp/openvpn.log

Open in new window

vpn.png
0
 
LVL 8

Expert Comment

by:MrJemson
ID: 23709968
That means the file is empty.

Please post the output of:

ls -l /tmp/
0
 

Author Comment

by:klundoffshore
ID: 23710260
Here you go. Seems like the file is not there. Hence my last post. Is it set up corectly in the the routers startup?
vpn2.png
0
 

Author Comment

by:klundoffshore
ID: 23710347
the static.key should also holde the key info statet in the startup command. but noe files wil open:
Im so close to give up on this and by a router that nativly supports VPN
vpn3.png
0
 
LVL 8

Accepted Solution

by:
MrJemson earned 1500 total points
ID: 23710524
To me, (looking at the tutorial) what you have done looks fine.
I have setup a site to site VPN on Openwrt before but not on DD-WRT.
Perhaps it may be worthwhile having a shot a openwrt?
There may be a flaw in DD-WRT...

If not like you said you may be better off investing in a couple of VPN Sonicwall routers or something similar.
0
 

Author Closing Comment

by:klundoffshore
ID: 31549448
I might try openwrt, but wit my lacing *nix background i guess il be stuck there also. SonicWall is a bit to expensive here for what you get. Im looking at

Linksys RV042 (it comes with 5 VPN clients)
 http://www.smallnetbuilder.com/content/view/30186/51/
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question