How do I set up a VPN between two locations using two DD-WRT routers.

Hey.

I have no expreience in setting up VPN and I need help to configure a VPN connection between two locations. I have managet to get hold of two linksys routers now upgraded with latest stable DD-WRT (vpn version)  v24-sp1.

I found two articles on the net about this, but i cant get it to work.
http://www.dd-wrt.com/wiki/index.php/OpenVPN_-_Site-to-Site_routed_VPN_between_two_routers
and
http://www.geek-pages.com/articles/latest/openvpn_server_and_client_on_dd-wrt.html
This last article is talking about some options i cant find in any menus (JFFS2)

Both routers are configureed and rebootet. But when i try to ping there is no response from the other side.

As far as I can understand PPTP is not the way to go. Even tho it looks tempting because of it simplicity

Look in the code section to se my settings.
Is there anyting left out in the exaples.

In the code example
123.123.123.123 is makebeleave ip of the vpn server.
The key is changed to one from the example

Server startup:
-----------------------------------------------------------------------------
Startup# Move to writable directory and create scripts
cd /tmp
ln -s /usr/sbin/openvpn /tmp/myvpn
 
# Config for Site-to-Site SiteA-SiteB
echo "
proto udp          
port 2000
dev tun0
secret /tmp/static.key
verb 3
comp-lzo
keepalive 15 60
daemon
" > SiteA-SiteB.conf
 
# Config for Static Key
echo "
-----BEGIN OpenVPN Static key V1-----
aeb68165149e096d8f04252dd22fe67d
dd15d8c87e8a577c5c14ebd1ef0bf0b6
0e1d652f91fe66ed3774505e641936dd
458a6db60fb36b969d8bcd37803cf1d3
6d49383ec2daa1d2ae70e3ca49b950a4
bba985940e5e4a15fac702cbcf47f9d0
39f7939980bbb63d2964bb6216471162
0a519fe25d1e0d48044a1ad85dc94758
af6f7b7c52ccaaefa3d013fcbf621366
5ea18d9dc36c3b2a9ac277a9903998fe
45e10b0f79fd443727c3f30278981b3d
0fa525ad843645b4acc28969450bd601
4ce774aba0e830149489dc1592741580
fbd3cd24cc7baa68e06b3e3aedae2565
a36b8a3f687ddbb78411740d755249cf
45c0617c215b66eabc72f60f47b32c64
-----END OpenVPN Static key V1-----
" > static.key
 
# Create interfaces
/tmp/myvpn --mktun --dev tun0
ifconfig tun0 10.61.24.1 netmask 255.255.255.0 promisc up
 
# Create routes
route add -net OTHERSUBNET netmask 255.255.255.0 gw 10.61.25.1
 
# Initiate the tunnel
sleep 5
/tmp/myvpn --config SiteA-SiteB.conf
 
 
Server Firewall:
# Open firewall holes
iptables -I INPUT 2 -p udp --dport 2000 -j ACCEPT
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
 
 
Client Startup:
--------------------------------------------------------------
# Move to writable directory and create scripts
cd /tmp
ln -s /usr/sbin/openvpn /tmp/myvpn
 
# Config for Site-to-Site SiteA-SiteB
echo "
remote 123.123.123.123
proto udp          
port 2000
dev tun0
secret /tmp/static.key
verb 3
comp-lzo
keepalive 15 60
daemon
" > SiteA-SiteB.conf
 
# Config for Static Key
echo "
-----BEGIN OpenVPN Static key V1-----
aeb68165149e096d8f04252dd22fe67d
dd15d8c87e8a577c5c14ebd1ef0bf0b6
0e1d652f91fe66ed3774505e641936dd
458a6db60fb36b969d8bcd37803cf1d3
6d49383ec2daa1d2ae70e3ca49b950a4
bba985940e5e4a15fac702cbcf47f9d0
39f7939980bbb63d2964bb6216471162
0a519fe25d1e0d48044a1ad85dc94758
af6f7b7c52ccaaefa3d013fcbf621366
5ea18d9dc36c3b2a9ac277a9903998fe
45e10b0f79fd443727c3f30278981b3d
0fa525ad843645b4acc28969450bd601
4ce774aba0e830149489dc1592741580
fbd3cd24cc7baa68e06b3e3aedae2565
a36b8a3f687ddbb78411740d755249cf
45c0617c215b66eabc72f60f47b32c64
-----END OpenVPN Static key V1-----
" > static.key
 
# Create interfaces
/tmp/myvpn --mktun --dev tun0
ifconfig tun0 10.61.25.1 netmask 255.255.255.0 promisc up
 
# Create routes
route add -net OTHERSUBNET netmask 255.255.255.0 gw 10.61.24.1
 
# Initiate the tunnel
sleep 5
/tmp/myvpn --config SiteA-SiteB.conf
 
Client Firewall:
--------------------------------------------------------------
# Open firewall holes
iptables -I INPUT 2 -p udp --dport 2000 -j ACCEPT
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT

Open in new window

klundoffshoreAsked:
Who is Participating?
 
MrJemsonCommented:
To me, (looking at the tutorial) what you have done looks fine.
I have setup a site to site VPN on Openwrt before but not on DD-WRT.
Perhaps it may be worthwhile having a shot a openwrt?
There may be a flaw in DD-WRT...

If not like you said you may be better off investing in a couple of VPN Sonicwall routers or something similar.
0
 
MrJemsonCommented:
"Before proceeding, you need to download the VPN-flavoured version of DD-WRT from the DD-WRT Download Page"

Silly question, but you do have this version correct?
0
 
MrJemsonCommented:
Also, I believe JFFS2 section is under Administration from memory.
A few lines below the password change field...
0
Firewall Management 201 with Professor Wool

In this whiteboard video, Professor Wool highlights the challenges, benefits and trade-offs of utilizing zero-touch automation for security policy change management. Watch and Learn!

 
klundoffshoreAuthor Commented:
Hi.. Let me quote my self for a start:
" have managet to get hold of two linksys routers now upgraded with latest stable DD-WRT (vpn version)  v24-sp1."

So yes i have the VPN version. :) Just to wipe all doubt away here is a copy from admin web page:
"Firmware: DD-WRT v24-sp1 (07/28/08) vpn"

Under administration there are several tabs, none of them have the JFFS2 settings.  Maybe they have removed it or renamed it in v24-sp1. I sure cant se it.
0
 
klundoffshoreAuthor Commented:
Hmm. I have found JFFS2 uner Services -> Services ->  DHCP server.
But it says:
Use JFFS2 for client lease DB  (Not mounted)
Not possible to turn on.

 Is this really necesarry? The first article does not even mention this.


JFFS2.jpg
0
 
MrJemsonCommented:
Apologies fo not seeing that in your first post.

From the DD-WRT website:
Note that DD-WRT v24sp1 VPN builds have the JFFS feature removed, presumably due to conflicts that Brainslayer found between JFFS and bandwidth monitoring

Looks like you are correct in saying JFFS2 is not a requirement.

In your logs do you have any info regarding the tunnel?
Does ifconfig show any extra interfaces being applied?
0
 
klundoffshoreAuthor Commented:
Guess i need som help in getting the logging to work out.
I have put "log /tmp/openvpn.log" in the startutp of the router.  By using the "First Technique" from ddwrt wiki.

But i am not able ro execute the command that is supposed to show med the logfile.
"router$ less /tmp/openvpn.log"

Image shows what i have typed.
First Technique: Shell Logging 
Thanks Miguel for suggesting this! :-) Add logging to the VPN tunnel operation. This can be done by inserting the following line in the client and/or server configuration: 
 
log /tmp/openvpn.log
This will instruct openvpn to create a log file named 'openvpn.log' in /tmp. By enabling Telnet or SSH and connecting to your router, you should be able to get the logging output by issuing the following command: 
 
router$ less /tmp/openvpn.log
You need to use your arrow keys to scroll up and down in the log and 'q' to exit the scroller. 
 
Warning: This should only be used for testing and debugging purposes as it generates extra load on your router, as well as eating up valuable space in memory. 

Open in new window

log.jpg
0
 
MrJemsonCommented:
router$ is a prompt, like root@DD-WRT:~#
The actual command is: 'less /tmp/openvpn.log'
You could also use 'tail /tmp/openvpn.log' or 'cat /tmp/openvpn.log'

Try this and let me know how you go.
0
 
klundoffshoreAuthor Commented:
Thanx for Reply. When i try to less, tail or cat i get no response. Like the file is not there. se attatched image.

I have added "log /tmp/openvpn.log" to the startup command of the router but it seems like there is no file created.

My bet is that i have placed it in the wrong place, Se code. I just put it at the end. Im a windows guy and know very little about *nix commands. (as you probably understand :) )
# Move to writable directory and create scripts
cd /tmp
ln -s /usr/sbin/openvpn /tmp/myvpn
 
# Config for Site-to-Site SiteA-SiteB
echo "
remote 84.234.146.122
proto udp          
port 2000
dev tun0
secret /tmp/static.key
verb 3
comp-lzo
keepalive 15 60
daemon
" > SiteA-SiteB.conf
 
# Config for Static Key
echo "
-----BEGIN OpenVPN Static key V1-----
809f1e47221b5f0a97258832e25f5e98
e495540885c5c9d75694509ada1bdf30
6415b23a225f90945996ff917a03e827
44974d7ae7c56a1afec27ed5b0839da2
09112f4706a01ce2528596f6104c9a91
31f864c312060fceaa29c7dc85e5bb36
512ce01d78ca3526590c70a19cde810a
a70ad68ab5cda46cf1e7b6642fe48815
b09db499a0bf65d539a3c9a2cf75a36e
9f4e7bac6ce45c70396f694402e94cee
72ebd4d0cea3b6c8bcda14708dfd2535
6a529dabb22efbe4d066455a22f13ee1
a0a14a7db5a164294eb41fd058e4103b
48b62cbf29a23171320ecb10d9e5266e
0feeb627928791995886402622dbd569
19e49925861484b5aa9b6c1e2b3e4010
-----END OpenVPN Static key V1-----
" > static.key
 
# Create interfaces
/tmp/myvpn --mktun --dev tun0
ifconfig tun0 10.61.25.1 netmask 255.255.255.0 promisc up
 
# Create routes
route add -net OTHERSUBNET netmask 255.255.255.0 gw 10.61.24.1
 
# Initiate the tunnel
sleep 5
/tmp/myvpn --config SiteA-SiteB.conf
log /tmp/openvpn.log

Open in new window

vpn.png
0
 
MrJemsonCommented:
That means the file is empty.

Please post the output of:

ls -l /tmp/
0
 
klundoffshoreAuthor Commented:
Here you go. Seems like the file is not there. Hence my last post. Is it set up corectly in the the routers startup?
vpn2.png
0
 
klundoffshoreAuthor Commented:
the static.key should also holde the key info statet in the startup command. but noe files wil open:
Im so close to give up on this and by a router that nativly supports VPN
vpn3.png
0
 
klundoffshoreAuthor Commented:
I might try openwrt, but wit my lacing *nix background i guess il be stuck there also. SonicWall is a bit to expensive here for what you get. Im looking at

Linksys RV042 (it comes with 5 VPN clients)
 http://www.smallnetbuilder.com/content/view/30186/51/
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.