Solved

DD-WRT VPN tunnel between 2 offices

Posted on 2011-02-23
15
1,329 Views
Last Modified: 2012-05-11
I have installed a WRT54G2 with DD-WRT VPN version installed in our main office.  We have installed an identical one in our satellite office.  Both are setup and reporting to No-ip for DDNS.

192.168.1.x is the main office.  Setup a route to 192.168.2.x that uses the satellite No-ip name.
192.168.2.x is the satellite office.  Setup a route to 192.168.1.x that uses main office No-ip name.

The main office is the VPN server and the sattelite is a client router.

When I browse or ping from either side, I cannot get to the other side.  Any ideas of what to check would be appreciated.
0
Comment
Question by:hydrazi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
15 Comments
 
LVL 33

Accepted Solution

by:
MikeKane earned 250 total points
ID: 34963213
HAve you followed this guide: http://www.dd-wrt.com/wiki/index.php/OpenVPN_-_Site-to-Site_routed_VPN_between_two_routers

If the tunnel builds, but there is no traffic, you probably need to concentrate on the IPTables and filtered IP lists for the sites.  
0
 
LVL 5

Expert Comment

by:shadowmantx
ID: 34963295
It will be best to setup site to site VPN.  Then check the vpn log and it will give you an error code that will help with troubleshooting.
0
 

Author Comment

by:hydrazi
ID: 34969412
Alright, I will give the site to site with OPENVPN a try
0
Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.

 
LVL 4

Expert Comment

by:onlyamir007
ID: 35024163
did you try PPTP connection ??
0
 

Author Comment

by:hydrazi
ID: 35047498
Yes, I believe I tried the PPTP.  I went on vacation and now I am back.  I am going to look into it tomorrow.  SOrry for the delay.
0
 

Author Comment

by:hydrazi
ID: 35128883
Ok, so I setup OpenVPN routed between the two sites wit different subnets.
I setup syslog to tell me if there are issues and this is what I get:

03-14-2011      10:30:59      Daemon.Notice      192.168.1.1      Mar 14 09:31:00 pppd[1221]: pppd 2.4.4 started by root, uid 0
03-14-2011      10:30:59      Daemon.Info      192.168.1.1      Mar 14 09:31:00 pptpd[1220]: CTRL: Starting call (launching pppd, opening GRE)
03-14-2011      10:30:58      Daemon.Info      192.168.1.1      Mar 14 09:30:59 pptpd[1220]: CTRL: Client 50.75.36.188 control connection started
03-14-2011      10:30:52      Daemon.Info      192.168.1.1      Mar 14 09:30:52 pptpd[1211]: CTRL: Client 50.75.36.188 control connection finished
03-14-2011      10:30:52      Daemon.Debug      192.168.1.1      Mar 14 09:30:52 pptpd[1211]: CTRL: Reaping child PPP[1212]
03-14-2011      10:30:52      Daemon.Error      192.168.1.1      Mar 14 09:30:52 pptpd[1211]: CTRL: PTY read or GRE write failed (pty,gre)=(9,10)
03-14-2011      10:30:52      Daemon.Error      192.168.1.1      Mar 14 09:30:52 pptpd[1211]: GRE: read(fd=9,buffer=420c6c,len=8196) from PTY failed: status = -1 error = Input/output error, usually caused by unexpected termination of pppd, check option syntax and pppd logs
03-14-2011      10:30:52      Daemon.Info      192.168.1.1      Mar 14 09:30:52 pppd[1212]: Exit.
03-14-2011      10:30:48      Daemon.Notice      192.168.1.1      Mar 14 09:30:48 pppd[1212]: pppd 2.4.4 started by root, uid 0
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 35328549
Your syslog shows errors for PPTP/GRE, not OpenVPN. OpenVPN uses SSL.
0
 

Author Comment

by:hydrazi
ID: 35329664
So, something else is trying to start and shouldn't be?
0
 

Author Comment

by:hydrazi
ID: 35329683
Ok, so what you are saying is that having PPTP VPN Passthrough enabled is not correct?
0
 
LVL 69

Assisted Solution

by:Qlemo
Qlemo earned 250 total points
ID: 35330878
PPTP PassThru is not related - it is used if you need ot manage incoming PPTP calls, and forward them to another router, instead of letting the DD-WRT box handle it.

Your Syslog snippet looks kind of strange, but that just might be the PPTP daemon restarting, which we can ignore. But you might want to switch off the pppd daemon, if you do not use it for PPTP.

I cannot see any OpenVPN logging in Syslog. Either OpenVPN is configured to log into files (if the log keyword is used in the config file), or it is not started. With the configuration showed in above link, OpenVPN connection is initiated on reboot only. Since in daemon mode it should then run all the time, trying to connect to the other side. In that particular configuration there isn't a particular server or client, both sides try to connect actively.
0
 

Author Comment

by:hydrazi
ID: 35342474
Is there any way that I can verify that OpenVPN is working then?  Or do I just have to connect to one network and check to see if I can ping a machine on the other side?
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 35342819
My *nux knowledge is rusty, but you should be able to see whether the process runs (e.g. using ps). If it runs, it should try to connect to the other site. Since you do not see anything in Syslog, I suspect OpenVPN is not running at all.
0
 

Author Comment

by:hydrazi
ID: 35513178
All help was appreciated.  The error was in the router install, had to reflash them both and then reconfigure and it worked.
0
 

Author Comment

by:hydrazi
ID: 35513253
I am ready to award points
0

Featured Post

Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question