Site to Site with DD-WRT (SOLVED)

killmasta93

Thanks for the reply

here is the packet capture

from the packet capture only showed these lines

20:12:56.238295 IP 192.168.90.1 > 192.168.1.251: ICMP echo request, id 4676, seq 0, length 64
20:12:57.253548 IP 192.168.90.1 > 192.168.1.251: ICMP echo request, id 4676, seq 1, length 64
20:12:58.256451 IP 192.168.90.1 > 192.168.1.251: ICMP echo request, id 4676, seq 2, length 64

packet capture

http://www.filedropper.com/openvpn

Thank you again

viragomann

So you get no responses from DDWRT, though the pings come from the VPN server which is connected directly to the DDWRTs interface.
I think DDWRT blocks the access. Check its firewall rules.

Derelict

This is not a DDWRT forum.

killmasta93

Thanks for the reply,

@derelict, your correct but as i posted on the DDWRT forums i got yelled at saying its a server issue with pfSense

@viragomann
so this means that the routing is correct on the server side? just want to make sure before i start messing with Iptables on DDWRT

Thank you

viragomann

The routes look well, 192.168.1.0/24 points to the vpn client. So this subnet is routed over the vpn as the packet capture on vpn server interface shows. You should see the exactly same packets on the clients vpn interface.

killmasta93

Thanks for the reply, as i was investigating on DDWRT as they told me it this also i even turn off the firewall of DDWRT so i think it might be something with the routes

you have to add a static route for the OpenVPN client's local IP network to the OpenVPN server config, and use iroute to inform the OpenVPN server that that static route is associated w/ that OpenVPN client. You must address this issue before devices on the OpenVPN server side can initiate connections to devices on the OpenVPN client side.

piperspace

I have a working set up which I believe is similar to yours. I am in the process of upgrading from dd-wrt to pfsense with site-to-site OpenVPN.

On the server end I have pfsense running OpenVPN server on subnet 10.0.1.1/24. On the client I have dd-wrt running OpenVPN client on 192.168.122.1/24.

In order to route useful traffic over my VPN it was necessary to add the following directive to pfsense => OpenVPN => Server => Advanced Configuration => Custom options

push "route 10.0.1.0 255.255.255.0"

Also, in pfsense => OpenVPN => Client Specific Overrides => I created an entry with the Common Name (CN) of the client. In that entry Client Settings => Advanced has:

iroute 192.168.122.0 255.255.255.0

The first directive allows stations on the client lan to see assets on the server's lan. The second directive allows stations on the server lan to see assets on the client lan.

Hope this helps.

killmasta93

Thank you for the reply as i think this might be it but not sure its not working so my OpenVPN server on pfSense is 192.168.90.0/24
and on advance did

Also my pfSense LAN is 192.168.3.0/24

push "route 192.168.90.0 255.255.255.0";

then on client overide added at the bottom this i also added the static IP just to see if it was working the client override which it was

push "route 192.168.1.0 255.255.255.0";  
ifconfig-push 192.168.90.8 192.168.90.5;

Then rebooted pfSense but still pfSense cannot ping DDWRT BUT DDWRT can ping pfSense

I also turned off on DDWRT the firewall just to make sure

Thank you see pictures

Clipboarder.2017.03.25-006.png_thumb

Clipboarder.2017.03.25-009.png

Clipboarder.2017.03.24-004.png

Clipboarder.2017.03.25-008.png

Clipboarder.2017.03.25-007.png

piperspace

In your setup I suggest:

push "route 192.168.3.0 255.255.255.0"

as the server option and

iroute 192.168.1.0 255.255.255.0

in the client specific override.

killmasta93

Thanks for the reply so i finally solved the issue while reading how OpenVPN works,

OpenVPN uses this table

[  1,  2] [  5,  6] [  9, 10] [ 13, 14] [ 17, 18]
[ 21, 22] [ 25, 26] [ 29, 30] [ 33, 34] [ 37, 38]
[ 41, 42] [ 45, 46] [ 49, 50] [ 53, 54] [ 57, 58]
[ 61, 62] [ 65, 66] [ 69, 70] [ 73, 74] [ 77, 78]
[ 81, 82] [ 85, 86] [ 89, 90] [ 93, 94] [ 97, 98]
[101,102] [105,106] [109,110] [113,114] [117,118]

Meaning if my config on OpenVPN server is ifconfig 192.168.90.1 192.168.90.2

so then i needed to give my client overide this, the client gets 192.168.90.5 and the gateway is 192.168.90.6

ifconfig-push 192.168.90.5 192.168.90.6
iroute 192.168.1.0 255.255.255.0

Felt so silly after one week

Now pfSense can ping DDWRT so at the end it was not DDWRT issue

Hope this helps someone else

clint08

Mine is working now too.. thanks a lot. ;D
@killmasta93:

Thanks for the reply so i finally solved the issue while reading how OpenVPN works,

OpenVPN uses this table
[  1,  2] [  5,  6] [  9, 10] [ 13, 14] [ 17, 18]
[ 21, 22] [ 25, 26] [ 29, 30] [ 33, 34] [ 37, 38]
[ 41, 42] [ 45, 46] [ 49, 50] [ 53, 54] [ 57, 58]
[ 61, 62] [ 65, 66] [ 69, 70] [ 73, 74] [ 77, 78]
[ 81, 82] [ 85, 86] [ 89, 90] [ 93, 94] [ 97, 98]
[101,102] [105,106] [109,110] [113,114] [117,118]
Meaning if my config on OpenVPN server is ifconfig 192.168.90.1 192.168.90.2

so then i needed to give my client overide this, the client gets 192.168.90.5 and the gateway is 192.168.90.6
ifconfig-push 192.168.90.5 192.168.90.6
iroute 192.168.1.0 255.255.255.0
Felt so silly after one week

Now pfSense can ping DDWRT so at the end it was not DDWRT issue

Hope this helps someone else