Solved

DD-WRT VPN tunnel between 2 offices

Posted on 2011-02-23
15
1,312 Views
Last Modified: 2012-05-11
I have installed a WRT54G2 with DD-WRT VPN version installed in our main office.  We have installed an identical one in our satellite office.  Both are setup and reporting to No-ip for DDNS.

192.168.1.x is the main office.  Setup a route to 192.168.2.x that uses the satellite No-ip name.
192.168.2.x is the satellite office.  Setup a route to 192.168.1.x that uses main office No-ip name.

The main office is the VPN server and the sattelite is a client router.

When I browse or ping from either side, I cannot get to the other side.  Any ideas of what to check would be appreciated.
0
Comment
Question by:hydrazi
15 Comments
 
LVL 33

Accepted Solution

by:
MikeKane earned 250 total points
Comment Utility
HAve you followed this guide: http://www.dd-wrt.com/wiki/index.php/OpenVPN_-_Site-to-Site_routed_VPN_between_two_routers

If the tunnel builds, but there is no traffic, you probably need to concentrate on the IPTables and filtered IP lists for the sites.  
0
 
LVL 5

Expert Comment

by:shadowmantx
Comment Utility
It will be best to setup site to site VPN.  Then check the vpn log and it will give you an error code that will help with troubleshooting.
0
 

Author Comment

by:hydrazi
Comment Utility
Alright, I will give the site to site with OPENVPN a try
0
 
LVL 4

Expert Comment

by:onlyamir007
Comment Utility
did you try PPTP connection ??
0
 

Author Comment

by:hydrazi
Comment Utility
Yes, I believe I tried the PPTP.  I went on vacation and now I am back.  I am going to look into it tomorrow.  SOrry for the delay.
0
 

Author Comment

by:hydrazi
Comment Utility
Ok, so I setup OpenVPN routed between the two sites wit different subnets.
I setup syslog to tell me if there are issues and this is what I get:

03-14-2011      10:30:59      Daemon.Notice      192.168.1.1      Mar 14 09:31:00 pppd[1221]: pppd 2.4.4 started by root, uid 0
03-14-2011      10:30:59      Daemon.Info      192.168.1.1      Mar 14 09:31:00 pptpd[1220]: CTRL: Starting call (launching pppd, opening GRE)
03-14-2011      10:30:58      Daemon.Info      192.168.1.1      Mar 14 09:30:59 pptpd[1220]: CTRL: Client 50.75.36.188 control connection started
03-14-2011      10:30:52      Daemon.Info      192.168.1.1      Mar 14 09:30:52 pptpd[1211]: CTRL: Client 50.75.36.188 control connection finished
03-14-2011      10:30:52      Daemon.Debug      192.168.1.1      Mar 14 09:30:52 pptpd[1211]: CTRL: Reaping child PPP[1212]
03-14-2011      10:30:52      Daemon.Error      192.168.1.1      Mar 14 09:30:52 pptpd[1211]: CTRL: PTY read or GRE write failed (pty,gre)=(9,10)
03-14-2011      10:30:52      Daemon.Error      192.168.1.1      Mar 14 09:30:52 pptpd[1211]: GRE: read(fd=9,buffer=420c6c,len=8196) from PTY failed: status = -1 error = Input/output error, usually caused by unexpected termination of pppd, check option syntax and pppd logs
03-14-2011      10:30:52      Daemon.Info      192.168.1.1      Mar 14 09:30:52 pppd[1212]: Exit.
03-14-2011      10:30:48      Daemon.Notice      192.168.1.1      Mar 14 09:30:48 pppd[1212]: pppd 2.4.4 started by root, uid 0
0
 
LVL 68

Expert Comment

by:Qlemo
Comment Utility
Your syslog shows errors for PPTP/GRE, not OpenVPN. OpenVPN uses SSL.
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 

Author Comment

by:hydrazi
Comment Utility
So, something else is trying to start and shouldn't be?
0
 

Author Comment

by:hydrazi
Comment Utility
Ok, so what you are saying is that having PPTP VPN Passthrough enabled is not correct?
0
 
LVL 68

Assisted Solution

by:Qlemo
Qlemo earned 250 total points
Comment Utility
PPTP PassThru is not related - it is used if you need ot manage incoming PPTP calls, and forward them to another router, instead of letting the DD-WRT box handle it.

Your Syslog snippet looks kind of strange, but that just might be the PPTP daemon restarting, which we can ignore. But you might want to switch off the pppd daemon, if you do not use it for PPTP.

I cannot see any OpenVPN logging in Syslog. Either OpenVPN is configured to log into files (if the log keyword is used in the config file), or it is not started. With the configuration showed in above link, OpenVPN connection is initiated on reboot only. Since in daemon mode it should then run all the time, trying to connect to the other side. In that particular configuration there isn't a particular server or client, both sides try to connect actively.
0
 

Author Comment

by:hydrazi
Comment Utility
Is there any way that I can verify that OpenVPN is working then?  Or do I just have to connect to one network and check to see if I can ping a machine on the other side?
0
 
LVL 68

Expert Comment

by:Qlemo
Comment Utility
My *nux knowledge is rusty, but you should be able to see whether the process runs (e.g. using ps). If it runs, it should try to connect to the other site. Since you do not see anything in Syslog, I suspect OpenVPN is not running at all.
0
 

Author Comment

by:hydrazi
Comment Utility
All help was appreciated.  The error was in the router install, had to reflash them both and then reconfigure and it worked.
0
 

Author Comment

by:hydrazi
Comment Utility
I am ready to award points
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now