openvpn server + ddwrt openvpn client



  • Hello all,

    I have a pfsense server with a single nic in use just as an Openvpn server.
    This server is placed in my local lan (192.168.0.61)
    my router has udp:1150 opened to the outside world (port 1150 is being used for this openvpn server)

    I also have a ddwrt router (cisco wrt160n v3 ddwrt: build 21061) that i want to use as a site to site vpn.

    as configured now the cisco can connect to the pfsense box, so that part of the thing works....

    The thing now: I cannot ping / reach networks on the other side..
    so pinging from local to remote fails and vice versa

    in the pfsense firewall alle traffic coming in is allowed

    Can someone tell me what am doing wrong: i have been struggling with this for 2 months now and am an bit fed up with it.....


    network lay out:

    home network: 192.168.0.x / 255.255.255.0
    tunnel network: 10.186.216.0 (want to change this to 192.168.66.x in the future)
    remote (cisco router) 192.168.10.0 / 255.255.255.0


    server config:
    tun
    port 1150
    interface wan
    protocol udp
    shared key

    ipv4 tunnel network: 10.186.216.0
    remote ipv4: 192.168.10.0/24

    Custom options:
    route 10.186.216.0 255.255.255.0
    route 192.168.10.0 255.255.255.0


    client side:

    Startup

    Move to writable directory and create scripts

    cd /tmp
    ln -s /usr/sbin/openvpn /tmp/myvpn

    Config for Site-to-Site wrt160n1-Home

    echo "

    here you would specify your pfsense WAN IP

    remote Home Wan
    proto udp
    port 1150
    dev tun1
    secret /tmp/static.key
    verb 3
    comp-lzo
    keepalive 15 60
    daemon
    cipher AES-256-CBC #needed !!!!
    " > wrt160n1-Home.conf

    Config for Static Key

    echo "

    2048 bit OpenVPN static key

    -----BEGIN OpenVPN Static key V1-----
    **KEY IS PLACED HERE
    -----END OpenVPN Static key V1-----
    " > static.key

    Create interfaces

    /tmp/myvpn --mktun --dev tun1
    ifconfig tun1 10.186.216.2 netmask 255.255.255.0 promisc up

    Create routes

    route add 192.168.0.0 netmask 255.255.255.0 gw 10.186.216.1
    route add 10.186.216.0 netmask 255.255.255.0 gw 10.186.216.1

    Initiate the tunnel

    sleep 5
    /tmp/myvpn --config wrt160n1-Home.conf

    Firewall

    iptables -I INPUT 2 -p udp --dport 1150 -j ACCEPT
    iptables -I FORWARD -i br0 -o tun1 -j ACCEPT
    iptables -I FORWARD -i tun1 -o br0 -j ACCEPT

    iptables -I INPUT 3 -i tun1 -p icmp -j ACCEPT
    iptables -I INPUT 1 -i tun1 -p tcp --dport 80 -j ACCEPT
    ptables -I INPUT 3 -i tun1 -p icmp -j ACCEPT
    iptables -I INPUT 1 -i tun1 -p tcp --dport 80 -j ACCEPT
    iptables -t nat -A POSTROUTING -j MASQUERADE


    The clientside config is something i found online and worked perfectly when the pfsense box is the firewall / router

    (ps. i have my reasons to use my router as a router and not the pfsense box)

    Thnks for your time ;)



  • on pfSense which is the server and the DDWRT is the client you need to add this part on the pfSense client override

    ifconfig-push 192.168.90.5 192.168.90.6
    iroute 192.168.1.0 255.255.255.0
    
    

    192.168.90.5/24 is my openvpn server and the 192.168.1.0/24 is my LAN which is behind pfSense change the IP depending to your config


 

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy