OpenVPN between pfsense and WRT54G

aldochiu · May 5, 2008, 9:29 AM

Hi all,

I do have a question about setting up OpenVPN between a Linksys WRT54G (DD-WRT) at remote site and a pfsense box here.

Here is the network diagram.

*From the disgram, the WRT54G has been shipped to remote site and replaced by a normal switch. Thus, PC2 and Network Printer are now in 192.168.10.0/24 network

I am still digesting sticky posts to learn OpenVPN.

Apart from the codes in WRT54G of OpenVPN, I have found there are some differences in settings.

In WRT54G OpenVPN setting, I only need one static key which was generated by using this command

 openvpn --genkey --secret static.key

However, I am not sure what kind of Cryptography did it use. and for Interface IP and Remote network, I am a bit confusing about what is what.

Also, CA certificate, Client certificate and client keys, I can only leaved them blank below. as a newbie fo Lunix and VPN, can anyone let me know what are they and what should I put in?

The biggest problem is not what I don't know but is I do not know what I should know….........

Thanks for reading and please give me a hint!

Aldo

GruensFroeschli · May 5, 2008, 10:26 AM

pfSense is FreeBSD and not Linux.

If you're after a site-to-site setup you only need the shared key.
Certificates/client-server-key are only needed in a PKI.

Probably the best point to start with OpenVPN is http://openVPN.net

Read a bit in the HOWTO's and take a look at the example-config-files.
pfSense is just a GUI to create such a config file.

aldochiu · May 5, 2008, 6:42 PM

Hi thanks for replying!

Yes FreeBSD is not Lunix, but the CLI just look exactly the same to me. I only used DOS for a while, a complete MS "slave" ;D

Here is the openVPN configure I can find from the WRT54G


# Move to writable directory and create scripts
cd /tmp
ln -s /usr/sbin/openvpn /tmp/myvpn

# Config for Site-to-Site Client2-Server
echo "
remote 123.456.789.321
proto udp          
port 1999
dev tun0
secret /tmp/static.key
verb 3
comp-lzo
keepalive 15 60
daemon
" > Client2-Server.conf

# Config for Static Key
echo "
-----BEGIN OpenVPN Static key V1-----
****************************

-----END OpenVPN Static key V1-----
" > static.key

# Create interfaces
/tmp/myvpn --mktun --dev tun0
ifconfig tun0 10.0.2.2 netmask 255.255.255.0 promisc up

# Create routes
route add -net 192.168.0.0 netmask 255.255.255.0 gw 10.0.2.1
route add -net 192.168.1.0 netmask 255.255.255.0 gw 10.0.2.1

# Initiate the tunnel
sleep 5
/tmp/myvpn --config Client2-Server.conf

It created a tunnel to 10.0.2.2, may I assumed this will be the Remote Network? Or in CIDR format, it can be write like 10.0.2.0/24?

Thanks again! Now finding the HOWTO

Aldo

@GruensFroeschli:

pfSense is FreeBSD and not Linux.

If you're after a site-to-site setup you only need the shared key.
Certificates/client-server-key are only needed in a PKI.

Probably the best point to start with OpenVPN is http://openVPN.net

Read a bit in the HOWTO's and take a look at the example-config-files.
pfSense is just a GUI to create such a config file.

chazers18 · May 14, 2008, 7:06 PM

i know this is not recommended but i am using the same setup for pfsense as a server and the ddwrt as the client.

is there any way that i can just assign an (vpn ip) to the ddwrt and then set a static route of 192.168.1.0/24 and use the vpn ip as the gateway?

i would like to do this because i really like the fact that the ddwrt is a good platform for soho but a real pain in the ass to get the right syntax in for vpn site to site connect.