openvpn server + ddwrt openvpn client

dutchie

Hello all,

I have a pfsense server with a single nic in use just as an Openvpn server.
This server is placed in my local lan (192.168.0.61)
my router has udp:1150 opened to the outside world (port 1150 is being used for this openvpn server)

I also have a ddwrt router (cisco wrt160n v3 ddwrt: build 21061) that i want to use as a site to site vpn.

as configured now the cisco can connect to the pfsense box, so that part of the thing works....

The thing now: I cannot ping / reach networks on the other side..
so pinging from local to remote fails and vice versa

in the pfsense firewall alle traffic coming in is allowed

Can someone tell me what am doing wrong: i have been struggling with this for 2 months now and am an bit fed up with it.....

---

network lay out:

home network: 192.168.0.x / 255.255.255.0
tunnel network: 10.186.216.0 (want to change this to 192.168.66.x in the future)
remote (cisco router) 192.168.10.0 / 255.255.255.0

---

server config:
tun
port 1150
interface wan
protocol udp
shared key

ipv4 tunnel network: 10.186.216.0
remote ipv4: 192.168.10.0/24

Custom options:
route 10.186.216.0 255.255.255.0
route 192.168.10.0 255.255.255.0

---

client side:

Startup

Move to writable directory and create scripts

cd /tmp
ln -s /usr/sbin/openvpn /tmp/myvpn

Config for Site-to-Site wrt160n1-Home

echo "

here you would specify your pfsense WAN IP

remote Home Wan
proto udp
port 1150
dev tun1
secret /tmp/static.key
verb 3
comp-lzo
keepalive 15 60
daemon
cipher AES-256-CBC #needed !!!!
" > wrt160n1-Home.conf

Config for Static Key

echo "

2048 bit OpenVPN static key

-----BEGIN OpenVPN Static key V1-----
**KEY IS PLACED HERE
-----END OpenVPN Static key V1-----
" > static.key

Create interfaces

/tmp/myvpn --mktun --dev tun1
ifconfig tun1 10.186.216.2 netmask 255.255.255.0 promisc up

Create routes

route add 192.168.0.0 netmask 255.255.255.0 gw 10.186.216.1
route add 10.186.216.0 netmask 255.255.255.0 gw 10.186.216.1

Initiate the tunnel

sleep 5
/tmp/myvpn --config wrt160n1-Home.conf

Firewall

iptables -I INPUT 2 -p udp --dport 1150 -j ACCEPT
iptables -I FORWARD -i br0 -o tun1 -j ACCEPT
iptables -I FORWARD -i tun1 -o br0 -j ACCEPT

iptables -I INPUT 3 -i tun1 -p icmp -j ACCEPT
iptables -I INPUT 1 -i tun1 -p tcp --dport 80 -j ACCEPT
ptables -I INPUT 3 -i tun1 -p icmp -j ACCEPT
iptables -I INPUT 1 -i tun1 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A POSTROUTING -j MASQUERADE

---

The clientside config is something i found online and worked perfectly when the pfsense box is the firewall / router

(ps. i have my reasons to use my router as a router and not the pfsense box)

Thnks for your time ;)

killmasta93

on pfSense which is the server and the DDWRT is the client you need to add this part on the pfSense client override

ifconfig-push 192.168.90.5 192.168.90.6
iroute 192.168.1.0 255.255.255.0

192.168.90.5/24 is my openvpn server and the 192.168.1.0/24 is my LAN which is behind pfSense change the IP depending to your config