Site to site DDWRT with pfSense

killmasta93

Hi,
I was wondering if someone has accomplish this? As I read few sites some people had accomplished pfsense as the server and the client ddwrt. But what im trying to do is something simple but ended up being complicated or odd, Im trying to open ports of a nas which is behind DDWRT running the NAT and the information is in another site which is behind pfSense. The idea is that the server would do backups weekly to an external NAS. I thought opening the ports on ddwrt 445 137-139 would make my life easier but for some odd reason it wont open, only port 80, so then i thought about site to site. My question is if i implement site to site which should be the server and which should be the client? As the idea the server (192.168.1.253) which is behind pfsense would need to contact the NAS (192.168.0.135) which is behind DDWRT.

These are the ports running on the NAS  used NMAP

Scanning 192.168.0.135 [1000 ports]

Discovered open port 139/tcp on 192.168.0.135

Discovered open port 111/tcp on 192.168.0.135

Discovered open port 443/tcp on 192.168.0.135

Discovered open port 80/tcp on 192.168.0.135

Discovered open port 445/tcp on 192.168.0.135

Discovered open port 22/tcp on 192.168.0.135

Discovered open port 548/tcp on 192.168.0.135

Discovered open port 631/tcp on 192.168.0.135

Discovered open port 873/tcp on 192.168.0.135

Discovered open port 3260/tcp on 192.168.0.135

Thank you

Soyokaze

Yeah, totally acomplishable, I've had a whole bunch of dd-wrt (~10 at least) routers acting as clients for ROBO a few years ago.
Regarding your situation:
1st - try to move to FTP, if your backup software allows, SMB over internet is awfull and prone for malfunction.
2nd - dd-wrt definitely should be openvpn client.

killmasta93

Thanks for the reply, so pfsense is the openvpn server and I would configure ddwrt as the client? But i need to be able to ping it within the pfsense LAN or is that possible

Thank you

Soyokaze

While pinging OpenVPN tunnel IPs is not reliable, you should always get reply from LAN interface of other router.
If your pfsense would sit in your main office and you properly configure push routes - your routing will allow that.

killmasta93

So if i understood correctly,
Or what im trying to accomplish

pfSense is the OpenVPN server and the DDWRT is the OpenVPN client

Also using Site to site does it affect the users from either side the navigation? as slow or laggy?

See picture

Thank you

Soyokaze

Yes, this is correct configuration.

No, except if you use extremely weak platform for dd-wrt.

killmasta93

Thanks for the reply, so the DDWRT i would be using is r7000 kongac 2/26/17 should be enough to send around every week 36gigs .zip files?

Soyokaze

I don't know how this HW performs.
Ask at dd-wrt forums for observed OpenVPN throughput.

Also, you may need to adjust settings on tunnel if you observe low performance, search for "valdikss openvpn fragment"