• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1345
  • Last Modified:

DD-WRT VPN tunnel between 2 offices

I have installed a WRT54G2 with DD-WRT VPN version installed in our main office.  We have installed an identical one in our satellite office.  Both are setup and reporting to No-ip for DDNS.

192.168.1.x is the main office.  Setup a route to 192.168.2.x that uses the satellite No-ip name.
192.168.2.x is the satellite office.  Setup a route to 192.168.1.x that uses main office No-ip name.

The main office is the VPN server and the sattelite is a client router.

When I browse or ping from either side, I cannot get to the other side.  Any ideas of what to check would be appreciated.
0
hydrazi
Asked:
hydrazi
2 Solutions
 
MikeKaneCommented:
HAve you followed this guide: http://www.dd-wrt.com/wiki/index.php/OpenVPN_-_Site-to-Site_routed_VPN_between_two_routers

If the tunnel builds, but there is no traffic, you probably need to concentrate on the IPTables and filtered IP lists for the sites.  
0
 
shadowmantxCommented:
It will be best to setup site to site VPN.  Then check the vpn log and it will give you an error code that will help with troubleshooting.
0
 
hydraziAuthor Commented:
Alright, I will give the site to site with OPENVPN a try
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
onlyamir007Commented:
did you try PPTP connection ??
0
 
hydraziAuthor Commented:
Yes, I believe I tried the PPTP.  I went on vacation and now I am back.  I am going to look into it tomorrow.  SOrry for the delay.
0
 
hydraziAuthor Commented:
Ok, so I setup OpenVPN routed between the two sites wit different subnets.
I setup syslog to tell me if there are issues and this is what I get:

03-14-2011      10:30:59      Daemon.Notice      192.168.1.1      Mar 14 09:31:00 pppd[1221]: pppd 2.4.4 started by root, uid 0
03-14-2011      10:30:59      Daemon.Info      192.168.1.1      Mar 14 09:31:00 pptpd[1220]: CTRL: Starting call (launching pppd, opening GRE)
03-14-2011      10:30:58      Daemon.Info      192.168.1.1      Mar 14 09:30:59 pptpd[1220]: CTRL: Client 50.75.36.188 control connection started
03-14-2011      10:30:52      Daemon.Info      192.168.1.1      Mar 14 09:30:52 pptpd[1211]: CTRL: Client 50.75.36.188 control connection finished
03-14-2011      10:30:52      Daemon.Debug      192.168.1.1      Mar 14 09:30:52 pptpd[1211]: CTRL: Reaping child PPP[1212]
03-14-2011      10:30:52      Daemon.Error      192.168.1.1      Mar 14 09:30:52 pptpd[1211]: CTRL: PTY read or GRE write failed (pty,gre)=(9,10)
03-14-2011      10:30:52      Daemon.Error      192.168.1.1      Mar 14 09:30:52 pptpd[1211]: GRE: read(fd=9,buffer=420c6c,len=8196) from PTY failed: status = -1 error = Input/output error, usually caused by unexpected termination of pppd, check option syntax and pppd logs
03-14-2011      10:30:52      Daemon.Info      192.168.1.1      Mar 14 09:30:52 pppd[1212]: Exit.
03-14-2011      10:30:48      Daemon.Notice      192.168.1.1      Mar 14 09:30:48 pppd[1212]: pppd 2.4.4 started by root, uid 0
0
 
QlemoC++ DeveloperCommented:
Your syslog shows errors for PPTP/GRE, not OpenVPN. OpenVPN uses SSL.
0
 
hydraziAuthor Commented:
So, something else is trying to start and shouldn't be?
0
 
hydraziAuthor Commented:
Ok, so what you are saying is that having PPTP VPN Passthrough enabled is not correct?
0
 
QlemoC++ DeveloperCommented:
PPTP PassThru is not related - it is used if you need ot manage incoming PPTP calls, and forward them to another router, instead of letting the DD-WRT box handle it.

Your Syslog snippet looks kind of strange, but that just might be the PPTP daemon restarting, which we can ignore. But you might want to switch off the pppd daemon, if you do not use it for PPTP.

I cannot see any OpenVPN logging in Syslog. Either OpenVPN is configured to log into files (if the log keyword is used in the config file), or it is not started. With the configuration showed in above link, OpenVPN connection is initiated on reboot only. Since in daemon mode it should then run all the time, trying to connect to the other side. In that particular configuration there isn't a particular server or client, both sides try to connect actively.
0
 
hydraziAuthor Commented:
Is there any way that I can verify that OpenVPN is working then?  Or do I just have to connect to one network and check to see if I can ping a machine on the other side?
0
 
QlemoC++ DeveloperCommented:
My *nux knowledge is rusty, but you should be able to see whether the process runs (e.g. using ps). If it runs, it should try to connect to the other site. Since you do not see anything in Syslog, I suspect OpenVPN is not running at all.
0
 
hydraziAuthor Commented:
All help was appreciated.  The error was in the router install, had to reflash them both and then reconfigure and it worked.
0
 
hydraziAuthor Commented:
I am ready to award points
0

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now