Site to Site with DD-WRT (SOLVED)
-
Thanks for the reply, yeah the upper one was a messed up, the second one is correct, when you say is the DDWRT the default gateway do you mean create a rule
or the default gateway of which the it gets from the OpenVPN? which it gets a 192.168.90.6
or the the gateway of the DDWRT which is 192.168.1.251Thank you
-
I asked if the DDWRT is the default gateway in the network behind (192.168.1.0/24).
-
yes the DDWRT is the default gateway for the network 192.168.1.0/24
-
It seems that pfSense doesn't find the correct route to the network behind DDWRT.
Are you running multiple VPN instances on pfSense, both server and client?
Please post the IPv4 routing table from pfSense.
-
Thank you for the reply,
as I am also running other OpenVPN servers but there are only remote for clientsSee picture for the routing
Thank you
-
As mentioned, it doesn't matter which kind of OpenVPN instances, if you run multiple and you haven't assigned separate interfaces to them all are handled as an unique interface group.
So for correct routing you have to assign an interface to the site-to-site server. Interface > assign
At available network ports select the site-to-site server and click Add, open the new interface and enable it, also enter a proper description and save it. -
Thanks for the reply so something like this? Assuming on DDWRT when it shows connected to remote address it must be the gateway? Would i also delete the Rule on openVPN for
IPv4 * 192.168.90.0/24 * * * * none
Thank you see pictures
-
Yes, but don't set an IP address on the interface, just enable it. IP has to be set to "None"!
-
Thanks for the reply So configured to none but still nothing :(
Thank you
-
Have you tried to reboot pfSense?
If it still doesn't work after reboot make a packet capture on the SitetoSite interface and select ICMP protocol while you try a ping to the DDWRT. Maybe there is something wrong with the NAT.
Post the capture output, please. -
Thanks for the reply
here is the packet capture
from the packet capture only showed these lines
20:12:56.238295 IP 192.168.90.1 > 192.168.1.251: ICMP echo request, id 4676, seq 0, length 64 20:12:57.253548 IP 192.168.90.1 > 192.168.1.251: ICMP echo request, id 4676, seq 1, length 64 20:12:58.256451 IP 192.168.90.1 > 192.168.1.251: ICMP echo request, id 4676, seq 2, length 64
packet capture
http://www.filedropper.com/openvpn
Thank you again
-
So you get no responses from DDWRT, though the pings come from the VPN server which is connected directly to the DDWRTs interface.
I think DDWRT blocks the access. Check its firewall rules. -
This is not a DDWRT forum.
-
Thanks for the reply,
@derelict, your correct but as i posted on the DDWRT forums i got yelled at saying its a server issue with pfSense
@viragomann
so this means that the routing is correct on the server side? just want to make sure before i start messing with Iptables on DDWRTThank you
-
The routes look well, 192.168.1.0/24 points to the vpn client. So this subnet is routed over the vpn as the packet capture on vpn server interface shows. You should see the exactly same packets on the clients vpn interface.
-
Thanks for the reply, as i was investigating on DDWRT as they told me it this also i even turn off the firewall of DDWRT so i think it might be something with the routes
you have to add a static route for the OpenVPN client's local IP network to the OpenVPN server config, and use iroute to inform the OpenVPN server that that static route is associated w/ that OpenVPN client. You must address this issue before devices on the OpenVPN server side can initiate connections to devices on the OpenVPN client side.
-
I have a working set up which I believe is similar to yours. I am in the process of upgrading from dd-wrt to pfsense with site-to-site OpenVPN.
On the server end I have pfsense running OpenVPN server on subnet 10.0.1.1/24. On the client I have dd-wrt running OpenVPN client on 192.168.122.1/24.
In order to route useful traffic over my VPN it was necessary to add the following directive to pfsense => OpenVPN => Server => Advanced Configuration => Custom options
push "route 10.0.1.0 255.255.255.0"
Also, in pfsense => OpenVPN => Client Specific Overrides => I created an entry with the Common Name (CN) of the client. In that entry Client Settings => Advanced has:
iroute 192.168.122.0 255.255.255.0
The first directive allows stations on the client lan to see assets on the server's lan. The second directive allows stations on the server lan to see assets on the client lan.
Hope this helps.
-
Thank you for the reply as i think this might be it but not sure its not working so my OpenVPN server on pfSense is 192.168.90.0/24
and on advance didAlso my pfSense LAN is 192.168.3.0/24
push "route 192.168.90.0 255.255.255.0";
then on client overide added at the bottom this i also added the static IP just to see if it was working the client override which it was
push "route 192.168.1.0 255.255.255.0"; ifconfig-push 192.168.90.8 192.168.90.5;
Then rebooted pfSense but still pfSense cannot ping DDWRT BUT DDWRT can ping pfSense
I also turned off on DDWRT the firewall just to make sure
Thank you see pictures
-
In your setup I suggest:
push "route 192.168.3.0 255.255.255.0"
as the server option and
iroute 192.168.1.0 255.255.255.0
in the client specific override.
-
Thanks for the reply so i finally solved the issue while reading how OpenVPN works,
OpenVPN uses this table
[ 1, 2] [ 5, 6] [ 9, 10] [ 13, 14] [ 17, 18] [ 21, 22] [ 25, 26] [ 29, 30] [ 33, 34] [ 37, 38] [ 41, 42] [ 45, 46] [ 49, 50] [ 53, 54] [ 57, 58] [ 61, 62] [ 65, 66] [ 69, 70] [ 73, 74] [ 77, 78] [ 81, 82] [ 85, 86] [ 89, 90] [ 93, 94] [ 97, 98] [101,102] [105,106] [109,110] [113,114] [117,118]
Meaning if my config on OpenVPN server is ifconfig 192.168.90.1 192.168.90.2
so then i needed to give my client overide this, the client gets 192.168.90.5 and the gateway is 192.168.90.6
ifconfig-push 192.168.90.5 192.168.90.6 iroute 192.168.1.0 255.255.255.0
Felt so silly after one week
Now pfSense can ping DDWRT so at the end it was not DDWRT issue
Hope this helps someone else
-
Mine is working now too.. thanks a lot. ;D
@killmasta93:Thanks for the reply so i finally solved the issue while reading how OpenVPN works,
OpenVPN uses this table
[ 1, 2] [ 5, 6] [ 9, 10] [ 13, 14] [ 17, 18] [ 21, 22] [ 25, 26] [ 29, 30] [ 33, 34] [ 37, 38] [ 41, 42] [ 45, 46] [ 49, 50] [ 53, 54] [ 57, 58] [ 61, 62] [ 65, 66] [ 69, 70] [ 73, 74] [ 77, 78] [ 81, 82] [ 85, 86] [ 89, 90] [ 93, 94] [ 97, 98] [101,102] [105,106] [109,110] [113,114] [117,118]
Meaning if my config on OpenVPN server is ifconfig 192.168.90.1 192.168.90.2
so then i needed to give my client overide this, the client gets 192.168.90.5 and the gateway is 192.168.90.6
ifconfig-push 192.168.90.5 192.168.90.6 iroute 192.168.1.0 255.255.255.0
Felt so silly after one week
Now pfSense can ping DDWRT so at the end it was not DDWRT issue
Hope this helps someone else