Pfsense to DD-wrt Open vpn

chazers18

ok this is a little greek but at least this helps. do i plug the new commands in to the "custom options" area on the pfsense server?

thank you

GruensFroeschli

For a site-to-site connection i would not do it with a PKI.
In a shared key setup you have defined IP's on both sides of the tunnel.
If you do it with a PKI the client becomes dynamically an IP assigned. –> you need client specific route commands.

While setting up a shared key setup you have a config field "remote subnet" which automatically adds the route to the remote subnet.

chazers18

yea i wish that i could do a Static key assignment on the ddwrt. as far as i can tell if you want to do that it is a royal pain in the rear. i currently have jsut the one ddwrt on the PKI with plans in the future for no other expandment. on that channel.

or if you know how to do the Static key on ddwrt to make the thing a client i am all ears for it. but all i could find was a how to on making it the server.

GruensFroeschli

What keeps you from using the DD-WRT as SKI server?
Anyway. If you dont plan on using more that the DD-WRT as client you could as well make the route entries static.

Do you still need help with getting the right command to add the routes?
Or where you able to get it running?

jahonix

What version of DD-WRT are you using?
I tried to understand your problem and looked into my DD-WRT v23 SPx implementation on a WRT54GL but couldn't find it at all. Are you using the x86 package on regular PC hardware or am I missing something?
I kinda stripped down my WRT54 to be an access point rather than a router, so things might not show up in the GUI.

chazers18

the ddwrt hardware version is a 2.0
the software version is dd-wrt.v23_vpn_wrt54g

i would LOVE to make the DDwrt a client using a static key. what my problem is i dont know what commands i need to use to make it act as a client. i have read most of the documents on DDWRT's site and they are mostly set up for ddwrt to be the server.

So if any one has a link, on how to make the ddwrt a client using static keys PLEASE let me know.
Thank you Very much

Chase

jahonix

OK, I am running the generic/standard/whatever firmware, not the VPN version.
Makes sense… Thanks for the info!

Cry Havok

@chazers18:

So if any one has a link, on how to make the ddwrt a client using static keys PLEASE let me know.

I'd suggest you ask on the DD-WRT forums, where you're far more likely to reach people who know DD-WRT ;)

On the other hand, both DD-WRT and pfSense work under VMWare etc, so if I find the time over the next couple of weeks I'll see if I can work out if DD-WRT needs anything special beyond the instructions in the OpenVPN documentation.

chazers18

Thank you Guys you are all great.

i will work with some of the scripting that i know how to do and post the results also.

Again THANK YOU!! :)

chazers18

@chazers18:

Thank you Guys you are all great.

i will work with some of the scripting that i know how to do and post the results also.

Again THANK YOU!! :)

now from a window pc couldnt i just create a static key and with winscp ssh in to the ddwrt thing and place the static key in there under one of the permanet files. and then just run this command?

echo "dev tap
link-mtu 1492
remote public IP
resolv-retry infinite

ifconfig 192.168.1.0 255.255.255.252
client
–---BEGIN OpenVPN Static key V1-----
  ...INSERT YOUR OWN CONTENT HERE...
  -----END OpenVPN Static key V1-----
" > /tmp/static.key

#ca /tmp/openvpn/ca.crt
#cert /tmp/openvpn/client.crt
#key /tmp/openvpn/client.key
#comp-lzo
persist-tun
persist-key
verb 3
cipher AES-256-CBC" > /tmp/openvpn/openvpn.conf

killall openvpn
openvpn --config /tmp/openvpn/openvpn.conf