Pfsense to DD-wrt Open vpn
-
Is this even possible
Pfsense = open vpn server and the client would be a DD-WRT
if so let the forum know
thank you
Chase -
Is there any reason why not?
Try it?
-
Yea thats what i thought
will post the results
Chase -
I just set this up using DD-WRT V23 SP2 VPN on a WRT54GL V 1.1 router. It was easier than a client install on a PC and works perfect.
-
I also have made this work on multiple occasions.
-
i now have the hardware but i am running in to some routing issues and woudl like some input.
how are you seting up the tunnel? shared keys or pki?
thanks -
client to server: PKI
site-to-site: SKI -
cool thanks but
i am feeling really dumb using the DDWRT ( nice to have a small all in one unit) but i really prefer the Pfsense platform i just dont like to have another PC running in my house.i was trying to search the DDWRT forums and they are just short of worthless just looking for a static client script that i can run on the DDWRT to connect to the Pfsense
thank you
-
any one out there wanna give me a hand on this????? i am at wits end. if i cant get this to work then i will be talking to the Alix guys. and i will still be at ground zero using 2 boxes when i should only be using 1
-
what do you need to know?
where is the problem? -
Maybe if you said what you were actually trying to achieve and what your problems were?
I take it you've read the OpenVPN documentation, and the article on the DD-WRT wiki about creating a site-to-site VPN with DD-WRT and OpenVPN?
-
heres what i can do
pfsense = server
ddwrt = client
address pool for the vpn is 172.168.1.0/24pfsense has a ca based certs with i can get the ddwrt hook up to the pfsense and i can ping from the client side to the server side. and browse file shares on the server side.
when i am on the server side i can not ping or touch the client side.also i know that i can set a rule in the lan side for network 172.168.1.0/24.
what i need is a route from the server side to the client side so i can get the VOIP working.i have read all the DDWrt Ovpn and it is all worthless. i have gotten it all to work when i use the pfsense based vpn stuff and ti works great.
thank you for all your help.
Chase
-
Did you create on the pfSense a route to the subnet behind the client?
You should to take a look at the route and iroute commands.
http://openvpn.net/index.php/documentation/manuals/openvpn-20x-manpage.htmlAlso if you're doing it with a PKI you should add this to the client-specific options.
So that if the client connects with a different IP than usual the route changes accordingly. -
ok this is a little greek but at least this helps. do i plug the new commands in to the "custom options" area on the pfsense server?
thank you
-
For a site-to-site connection i would not do it with a PKI.
In a shared key setup you have defined IP's on both sides of the tunnel.
If you do it with a PKI the client becomes dynamically an IP assigned. –> you need client specific route commands.While setting up a shared key setup you have a config field "remote subnet" which automatically adds the route to the remote subnet.
-
yea i wish that i could do a Static key assignment on the ddwrt. as far as i can tell if you want to do that it is a royal pain in the rear. i currently have jsut the one ddwrt on the PKI with plans in the future for no other expandment. on that channel.
or if you know how to do the Static key on ddwrt to make the thing a client i am all ears for it. but all i could find was a how to on making it the server.
-
What keeps you from using the DD-WRT as SKI server?
Anyway. If you dont plan on using more that the DD-WRT as client you could as well make the route entries static.Do you still need help with getting the right command to add the routes?
Or where you able to get it running? -
What version of DD-WRT are you using?
I tried to understand your problem and looked into my DD-WRT v23 SPx implementation on a WRT54GL but couldn't find it at all. Are you using the x86 package on regular PC hardware or am I missing something?
I kinda stripped down my WRT54 to be an access point rather than a router, so things might not show up in the GUI. -
the ddwrt hardware version is a 2.0
the software version is dd-wrt.v23_vpn_wrt54gi would LOVE to make the DDwrt a client using a static key. what my problem is i dont know what commands i need to use to make it act as a client. i have read most of the documents on DDWRT's site and they are mostly set up for ddwrt to be the server.
So if any one has a link, on how to make the ddwrt a client using static keys PLEASE let me know.
Thank you Very muchChase
-
OK, I am running the generic/standard/whatever firmware, not the VPN version.
Makes sense… Thanks for the info!
