openvpn server + ddwrt openvpn client
-
Hello all,
I have a pfsense server with a single nic in use just as an Openvpn server.
This server is placed in my local lan (192.168.0.61)
my router has udp:1150 opened to the outside world (port 1150 is being used for this openvpn server)I also have a ddwrt router (cisco wrt160n v3 ddwrt: build 21061) that i want to use as a site to site vpn.
as configured now the cisco can connect to the pfsense box, so that part of the thing works....
The thing now: I cannot ping / reach networks on the other side..
so pinging from local to remote fails and vice versain the pfsense firewall alle traffic coming in is allowed
Can someone tell me what am doing wrong: i have been struggling with this for 2 months now and am an bit fed up with it.....
network lay out:
home network: 192.168.0.x / 255.255.255.0
tunnel network: 10.186.216.0 (want to change this to 192.168.66.x in the future)
remote (cisco router) 192.168.10.0 / 255.255.255.0
server config:
tun
port 1150
interface wan
protocol udp
shared keyipv4 tunnel network: 10.186.216.0
remote ipv4: 192.168.10.0/24Custom options:
route 10.186.216.0 255.255.255.0
route 192.168.10.0 255.255.255.0
client side:
Startup
Move to writable directory and create scripts
cd /tmp
ln -s /usr/sbin/openvpn /tmp/myvpnConfig for Site-to-Site wrt160n1-Home
echo "
here you would specify your pfsense WAN IP
remote Home Wan
proto udp
port 1150
dev tun1
secret /tmp/static.key
verb 3
comp-lzo
keepalive 15 60
daemon
cipher AES-256-CBC #needed !!!!
" > wrt160n1-Home.confConfig for Static Key
echo "
2048 bit OpenVPN static key
-----BEGIN OpenVPN Static key V1-----
**KEY IS PLACED HERE
-----END OpenVPN Static key V1-----
" > static.keyCreate interfaces
/tmp/myvpn --mktun --dev tun1
ifconfig tun1 10.186.216.2 netmask 255.255.255.0 promisc upCreate routes
route add 192.168.0.0 netmask 255.255.255.0 gw 10.186.216.1
route add 10.186.216.0 netmask 255.255.255.0 gw 10.186.216.1Initiate the tunnel
sleep 5
/tmp/myvpn --config wrt160n1-Home.confFirewall
iptables -I INPUT 2 -p udp --dport 1150 -j ACCEPT
iptables -I FORWARD -i br0 -o tun1 -j ACCEPT
iptables -I FORWARD -i tun1 -o br0 -j ACCEPTiptables -I INPUT 3 -i tun1 -p icmp -j ACCEPT
iptables -I INPUT 1 -i tun1 -p tcp --dport 80 -j ACCEPT
ptables -I INPUT 3 -i tun1 -p icmp -j ACCEPT
iptables -I INPUT 1 -i tun1 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A POSTROUTING -j MASQUERADE
The clientside config is something i found online and worked perfectly when the pfsense box is the firewall / router
(ps. i have my reasons to use my router as a router and not the pfsense box)
Thnks for your time ;)
-
on pfSense which is the server and the DDWRT is the client you need to add this part on the pfSense client override
ifconfig-push 192.168.90.5 192.168.90.6 iroute 192.168.1.0 255.255.255.0
192.168.90.5/24 is my openvpn server and the 192.168.1.0/24 is my LAN which is behind pfSense change the IP depending to your config