Solved

DD-WRT VPN tunnel between 2 offices

Posted on 2011-02-23
15
1,331 Views
Last Modified: 2012-05-11
I have installed a WRT54G2 with DD-WRT VPN version installed in our main office.  We have installed an identical one in our satellite office.  Both are setup and reporting to No-ip for DDNS.

192.168.1.x is the main office.  Setup a route to 192.168.2.x that uses the satellite No-ip name.
192.168.2.x is the satellite office.  Setup a route to 192.168.1.x that uses main office No-ip name.

The main office is the VPN server and the sattelite is a client router.

When I browse or ping from either side, I cannot get to the other side.  Any ideas of what to check would be appreciated.
0
Comment
Question by:hydrazi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
15 Comments
 
LVL 33

Accepted Solution

by:
MikeKane earned 250 total points
ID: 34963213
HAve you followed this guide: http://www.dd-wrt.com/wiki/index.php/OpenVPN_-_Site-to-Site_routed_VPN_between_two_routers

If the tunnel builds, but there is no traffic, you probably need to concentrate on the IPTables and filtered IP lists for the sites.  
0
 
LVL 5

Expert Comment

by:shadowmantx
ID: 34963295
It will be best to setup site to site VPN.  Then check the vpn log and it will give you an error code that will help with troubleshooting.
0
 

Author Comment

by:hydrazi
ID: 34969412
Alright, I will give the site to site with OPENVPN a try
0
Why Off-Site Backups Are The Only Way To Go

You are probably backing up your data—but how and where? Ransomware is on the rise and there are variants that specifically target backups. Read on to discover why off-site is the way to go.

 
LVL 4

Expert Comment

by:onlyamir007
ID: 35024163
did you try PPTP connection ??
0
 

Author Comment

by:hydrazi
ID: 35047498
Yes, I believe I tried the PPTP.  I went on vacation and now I am back.  I am going to look into it tomorrow.  SOrry for the delay.
0
 

Author Comment

by:hydrazi
ID: 35128883
Ok, so I setup OpenVPN routed between the two sites wit different subnets.
I setup syslog to tell me if there are issues and this is what I get:

03-14-2011      10:30:59      Daemon.Notice      192.168.1.1      Mar 14 09:31:00 pppd[1221]: pppd 2.4.4 started by root, uid 0
03-14-2011      10:30:59      Daemon.Info      192.168.1.1      Mar 14 09:31:00 pptpd[1220]: CTRL: Starting call (launching pppd, opening GRE)
03-14-2011      10:30:58      Daemon.Info      192.168.1.1      Mar 14 09:30:59 pptpd[1220]: CTRL: Client 50.75.36.188 control connection started
03-14-2011      10:30:52      Daemon.Info      192.168.1.1      Mar 14 09:30:52 pptpd[1211]: CTRL: Client 50.75.36.188 control connection finished
03-14-2011      10:30:52      Daemon.Debug      192.168.1.1      Mar 14 09:30:52 pptpd[1211]: CTRL: Reaping child PPP[1212]
03-14-2011      10:30:52      Daemon.Error      192.168.1.1      Mar 14 09:30:52 pptpd[1211]: CTRL: PTY read or GRE write failed (pty,gre)=(9,10)
03-14-2011      10:30:52      Daemon.Error      192.168.1.1      Mar 14 09:30:52 pptpd[1211]: GRE: read(fd=9,buffer=420c6c,len=8196) from PTY failed: status = -1 error = Input/output error, usually caused by unexpected termination of pppd, check option syntax and pppd logs
03-14-2011      10:30:52      Daemon.Info      192.168.1.1      Mar 14 09:30:52 pppd[1212]: Exit.
03-14-2011      10:30:48      Daemon.Notice      192.168.1.1      Mar 14 09:30:48 pppd[1212]: pppd 2.4.4 started by root, uid 0
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 35328549
Your syslog shows errors for PPTP/GRE, not OpenVPN. OpenVPN uses SSL.
0
 

Author Comment

by:hydrazi
ID: 35329664
So, something else is trying to start and shouldn't be?
0
 

Author Comment

by:hydrazi
ID: 35329683
Ok, so what you are saying is that having PPTP VPN Passthrough enabled is not correct?
0
 
LVL 70

Assisted Solution

by:Qlemo
Qlemo earned 250 total points
ID: 35330878
PPTP PassThru is not related - it is used if you need ot manage incoming PPTP calls, and forward them to another router, instead of letting the DD-WRT box handle it.

Your Syslog snippet looks kind of strange, but that just might be the PPTP daemon restarting, which we can ignore. But you might want to switch off the pppd daemon, if you do not use it for PPTP.

I cannot see any OpenVPN logging in Syslog. Either OpenVPN is configured to log into files (if the log keyword is used in the config file), or it is not started. With the configuration showed in above link, OpenVPN connection is initiated on reboot only. Since in daemon mode it should then run all the time, trying to connect to the other side. In that particular configuration there isn't a particular server or client, both sides try to connect actively.
0
 

Author Comment

by:hydrazi
ID: 35342474
Is there any way that I can verify that OpenVPN is working then?  Or do I just have to connect to one network and check to see if I can ping a machine on the other side?
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 35342819
My *nux knowledge is rusty, but you should be able to see whether the process runs (e.g. using ps). If it runs, it should try to connect to the other site. Since you do not see anything in Syslog, I suspect OpenVPN is not running at all.
0
 

Author Comment

by:hydrazi
ID: 35513178
All help was appreciated.  The error was in the router install, had to reflash them both and then reconfigure and it worked.
0
 

Author Comment

by:hydrazi
ID: 35513253
I am ready to award points
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question