DD-WRT Client to pfSense
-
I'm trying to do a site to site VPN where DD-WRT is the client and the server is pfsense. I added a static key entry for this one site in pfsense. I do occasionally see it try to connect but I suspect i have an in issue on the DD-WRT side.
Also I setup a tunnel address with a /30 on pfsense and dd-wrt. I also stated my local address and the remote address.
What am I doing wrong? I've attached pics
-
Nothing?
I would have really liked to use pfsense at the other end in which case I know it would work but it's for the old folks and they don't have much bandwidth and don't want to spend any money and I had the DD-WRT lying around. -
from just a glance at your setting I can tell you that 445 is BAD choice for trying to setup a vpn. Many isp would block this port since it used in windows file sharing.
https://support.microsoft.com/en-us/kb/204279
Direct hosting of SMB over TCP/IPEven though your trying to use it over UDP.. Not a good choice.
-
Nothing?
I would have really liked to use pfsense at the other end in which case I know it would work but it's for the old folks and they don't have much bandwidth and don't want to spend any money and I had the DD-WRT lying around.Some of us take a break on Sundays…
I've done a setup with a Tomato client. My pfSense side was similar to yours. On the Tomato side, it was configured as a client, specifying the server address. I had to add the routes to the custom config section. Looks like the layout is different on DDWRT, I don't see the same fields but maybe it helps. I just searched for information on OpenVPN with Tomato when I set mine up. I'm sure there is information on DDWRT out there if you search.
-
Thanks for the advice. I will choose a different port. Also, the reason I can't find much on DD-WRT is because the newer versions have more of the VPN stuff "baked in" to the GUI so no need to add more commands, scripts, or firewall entries. However, there is much less info on the new versions and so I cannot find what the parameters are that are built in and not built in.
-
Yeah, well.. DD-WRT is a bit of a mess, when it comes to proper versioning. Only when you get to the forum they tell you to not use that version their website tells you to use. For most devices it seems it depends on the persons involved, whether there is any development. For some devices you really need the latest dev version, and for others you need the "stable" versions 'cause nothing else works.
Anyway, when I find a version that works well enough on that device I tend to call it quits. I have never gotten OpenVPN to work, and I would be impressed if you have. This is not to steer you away from trying, by the way.
-
I did once static key openvpn to work long ago. Needed scripts and what not but it did work. Also, PPTP server managed to work pretty easy too. I almost wanted to say that DD-WRT was pfSense-lite but now that I use it again I don't think so. It did, however, get me into messing with the router at home so now I'm on a firebox. Not to mention, I do a fair amount of networking at work.
-
I've managed to setup a few DD-WRT to pfSense OpenVPN links over the years and the experience has definitely improved.
My earliest attempts (still working after 8+ years!) with Linksys routers involved scripting and other kludges to survive a reboot.My latest was with a pair of ASUS N66RT's allowing access to the owners office server(s) from two remote locations.
The latest DD-WRT made it feasible to implement the whole thing through the GUI - no scripts required.That said, it's always an experience to find the most reliable firmware version to match the device you've got.
I've tended to go for units with more Flash/RAM to avoid the feature "squeeze" of smaller units.All in all the setups have been very reliable.
I would still rather find a small box to run pfSense, but where that doesn't work DD-WRT keeps things at least reasonably sane…..
