How do I use DD-WRT v24+ as OpenVPN CLIENT to connect to pfsense 1.2.3 OpenVPN Server from behind a ROUTER obviously being Natted?

How do I use DD-WRT v24+ as OpenVPN CLIENT to connect to pfsense 1.2.3 OpenVPN Server from behind a ROUTER obviously being Natted?

That's the basic question above, here are the details of what I'm working with:

Site 1 (sight I am at):

Proposed New Addition: DD-WRT router (TL-WR1043ND v1.8) running latest v24 (I want to use this from inside my current network to hand out IP addresses via wired and wireless that tunnel all traffic through the remote OpenVPN network).

pfSense 1.2.3 router (I'm just passing through this so just ignore this and pretend were dealing with any old plain vanilla NATTED connection like as if I was in a hotel room somewhere.)  Local IP range is 192.168.1.0/24.

Important Note: I can already properly connect to site #2 from my laptop behind Site #1's pfsense box using OpenVPN client on Windows 7 laptop and all traffic is redirected through the tunnel successfully.  Here is what my OpenVPN file looks like:

float
port 1198
dev tun
;dev-node tap0
proto tcp-client
remote 99.99.99.99 1198
ping 10
persist-tun
persist-key
tls-client
client
ca ca.crt
cert client_1.crt
key client_1.key
ns-cert-type server
comp-lzo
verb 4

Open in new window



Site 2 (sight I want to connect to):

pfSense 1.2.3 router on a STATIC IP address say 99.99.99.98 for a placeholder.   I've attached my OpenVPN server configuration snapshot for this site.
Snapshot of my pfsense OpenVPN configuration
Like I said connection from my laptop from ANYWHERE on the internet with the OpenVPN client to this pfsense box works perfectly.

Nothing shows up under the DD-WRT router under Status->OpenVPN.

Here is what shows up on the pfsense box OpenVPN log repeatedly (connection never completes):

Dec 30 08:41:19      openvpn[57991]: Re-using SSL/TLS context
Dec 30 08:41:19      openvpn[57991]: LZO compression initialized
Dec 30 08:41:19      openvpn[57991]: TCP connection established with 64.202.189.170:15647
Dec 30 08:41:19      openvpn[57991]: TCPv4_SERVER link local: [undef]
Dec 30 08:41:19      openvpn[57991]: TCPv4_SERVER link remote: 64.202.189.170:15647
Dec 30 08:41:20      openvpn[57991]: 64.202.189.170:15647 Connection reset, restarting [-1]


Anybody know the magical configuration to make this work?
LVL 1
wfninpaAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

monasCommented:
You'd better check pfSense's logs. They may give you a clue about why the connection is dropped.

Also, it may help to temporarily increase verb to 5 on dd-wrt side.
0
wfninpaAuthor Commented:
My pfsense logs are shown here already.  Dd-wrt shows nothing for status, there are no logs on the dd-wrt side and how do I even specify verb 5 on the dd-wrt side.  I listed my openvpn windows 7 client config to assist, is that what made you suggest increasing it to verb 5 on the dd-wrt side?  Is that even possible?  If so how?
0
monasCommented:
You can telnet/ssh to dd-wrt box. Generated config file is in /tmp/openvpncl/openvpn.conf file. You can edit it using vi editor and kill openvpn process and start it from command line. If you'll omit --daemon option, then you'll get all the logs in your telnet/ssh window. This way you'll find much more information what is going on.
0
Top Threats of Q1 & How to Defend Against Them

WEBINAR: Join WatchGuard CTO and our Threat Research Team on Aug. 2nd to hear the findings from our Q1 Internet Security Report! Learn more about the top threats detected in the first quarter and how you can defend your business against them!

wfninpaAuthor Commented:
Okay I will give that a try.  Can you see anything wrong with my configuration from what I have posted?
0
monasCommented:
Nothing wrong so far.

One thing to check could be the field "Public Server Cert" in dd-wrt's OpenVPN config. There should be CA's public cert. I have no idea why dd-wrt's authors named that field this way.

If that doesn't help -- then just logs on dd-wrt side can help.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
wfninpaAuthor Commented:
Confusingly labeled.  You were right.  Got them in the right place.  Thank you.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.