Site to Site with DD-WRT (SOLVED)
-
Have you tried to reboot pfSense?
If it still doesn't work after reboot make a packet capture on the SitetoSite interface and select ICMP protocol while you try a ping to the DDWRT. Maybe there is something wrong with the NAT.
Post the capture output, please. -
Thanks for the reply
here is the packet capture
from the packet capture only showed these lines
20:12:56.238295 IP 192.168.90.1 > 192.168.1.251: ICMP echo request, id 4676, seq 0, length 64 20:12:57.253548 IP 192.168.90.1 > 192.168.1.251: ICMP echo request, id 4676, seq 1, length 64 20:12:58.256451 IP 192.168.90.1 > 192.168.1.251: ICMP echo request, id 4676, seq 2, length 64
packet capture
http://www.filedropper.com/openvpn
Thank you again
-
So you get no responses from DDWRT, though the pings come from the VPN server which is connected directly to the DDWRTs interface.
I think DDWRT blocks the access. Check its firewall rules. -
This is not a DDWRT forum.
-
Thanks for the reply,
@derelict, your correct but as i posted on the DDWRT forums i got yelled at saying its a server issue with pfSense
@viragomann
so this means that the routing is correct on the server side? just want to make sure before i start messing with Iptables on DDWRTThank you
-
The routes look well, 192.168.1.0/24 points to the vpn client. So this subnet is routed over the vpn as the packet capture on vpn server interface shows. You should see the exactly same packets on the clients vpn interface.
-
Thanks for the reply, as i was investigating on DDWRT as they told me it this also i even turn off the firewall of DDWRT so i think it might be something with the routes
you have to add a static route for the OpenVPN client's local IP network to the OpenVPN server config, and use iroute to inform the OpenVPN server that that static route is associated w/ that OpenVPN client. You must address this issue before devices on the OpenVPN server side can initiate connections to devices on the OpenVPN client side.
-
I have a working set up which I believe is similar to yours. I am in the process of upgrading from dd-wrt to pfsense with site-to-site OpenVPN.
On the server end I have pfsense running OpenVPN server on subnet 10.0.1.1/24. On the client I have dd-wrt running OpenVPN client on 192.168.122.1/24.
In order to route useful traffic over my VPN it was necessary to add the following directive to pfsense => OpenVPN => Server => Advanced Configuration => Custom options
push "route 10.0.1.0 255.255.255.0"
Also, in pfsense => OpenVPN => Client Specific Overrides => I created an entry with the Common Name (CN) of the client. In that entry Client Settings => Advanced has:
iroute 192.168.122.0 255.255.255.0
The first directive allows stations on the client lan to see assets on the server's lan. The second directive allows stations on the server lan to see assets on the client lan.
Hope this helps.
-
Thank you for the reply as i think this might be it but not sure its not working so my OpenVPN server on pfSense is 192.168.90.0/24
and on advance didAlso my pfSense LAN is 192.168.3.0/24
push "route 192.168.90.0 255.255.255.0";
then on client overide added at the bottom this i also added the static IP just to see if it was working the client override which it was
push "route 192.168.1.0 255.255.255.0"; ifconfig-push 192.168.90.8 192.168.90.5;
Then rebooted pfSense but still pfSense cannot ping DDWRT BUT DDWRT can ping pfSense
I also turned off on DDWRT the firewall just to make sure
Thank you see pictures
-
In your setup I suggest:
push "route 192.168.3.0 255.255.255.0"
as the server option and
iroute 192.168.1.0 255.255.255.0
in the client specific override.
-
Thanks for the reply so i finally solved the issue while reading how OpenVPN works,
OpenVPN uses this table
[ 1, 2] [ 5, 6] [ 9, 10] [ 13, 14] [ 17, 18] [ 21, 22] [ 25, 26] [ 29, 30] [ 33, 34] [ 37, 38] [ 41, 42] [ 45, 46] [ 49, 50] [ 53, 54] [ 57, 58] [ 61, 62] [ 65, 66] [ 69, 70] [ 73, 74] [ 77, 78] [ 81, 82] [ 85, 86] [ 89, 90] [ 93, 94] [ 97, 98] [101,102] [105,106] [109,110] [113,114] [117,118]
Meaning if my config on OpenVPN server is ifconfig 192.168.90.1 192.168.90.2
so then i needed to give my client overide this, the client gets 192.168.90.5 and the gateway is 192.168.90.6
ifconfig-push 192.168.90.5 192.168.90.6 iroute 192.168.1.0 255.255.255.0
Felt so silly after one week
Now pfSense can ping DDWRT so at the end it was not DDWRT issue
Hope this helps someone else
-
Mine is working now too.. thanks a lot. ;D
@killmasta93:Thanks for the reply so i finally solved the issue while reading how OpenVPN works,
OpenVPN uses this table
[ 1, 2] [ 5, 6] [ 9, 10] [ 13, 14] [ 17, 18] [ 21, 22] [ 25, 26] [ 29, 30] [ 33, 34] [ 37, 38] [ 41, 42] [ 45, 46] [ 49, 50] [ 53, 54] [ 57, 58] [ 61, 62] [ 65, 66] [ 69, 70] [ 73, 74] [ 77, 78] [ 81, 82] [ 85, 86] [ 89, 90] [ 93, 94] [ 97, 98] [101,102] [105,106] [109,110] [113,114] [117,118]
Meaning if my config on OpenVPN server is ifconfig 192.168.90.1 192.168.90.2
so then i needed to give my client overide this, the client gets 192.168.90.5 and the gateway is 192.168.90.6
ifconfig-push 192.168.90.5 192.168.90.6 iroute 192.168.1.0 255.255.255.0
Felt so silly after one week
Now pfSense can ping DDWRT so at the end it was not DDWRT issue
Hope this helps someone else