Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Success: OpenVPN Site-to-Site using dd-wrt (client) > pfsense-2.x (server)

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 2 Posters 19.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      df
      last edited by

      So first, this assumes your pfsense2.x has more less the following settings:

      1) Pfsense config

      In Firewall Rules > WAN
      Allow UDP from ANY to 1194

      In VPN > OpenVPN > Server
      Server Mode: Peer to Peer (Shared Key)
      Protocol: UDP
      Device Mode: tun
      Interface: <your wan="" interface="">Local port: 1194
      Description: <whatever>Shared Key: <will be="" generated="" automagically,="" you="" will="" need="" it="" for="" dd-wrt="" config="">Encryption algorithm: AES-128-CBC
      Hardware Crypto: No Hardware

      Tunel Network: <pick 24="" something="" outside="" of="" site1="" or="" site2,="" in="" my="" case:="" 10.0.148.0="">Local Network: <in 24="" my="" case="" lan="" subnet:="" 10.0.144.0="">Remote Network: <in 24="" my="" case="" the="" subnet="" on="" dd-wrt="" client="" side:="" 10.10.1.0="">Concurrent connections: 1
      Compression: Checked

      Once created, go back to Firewall > Rules > OpenVPN
      Add a rule from any to any using any protocol (but please tighten this after ensuring the setup works..)

      2) dd-wrt config

      I found many tutorials, but eventually this one made my day (albeit a minor editing) http://www.dd-wrt.com/wiki/index.php/OpenVPN_-_Site-to-Site_routed_VPN_between_two_routers#Client_Configuration

      Which leaves us with, as startup script:

      # Move to writable directory and create scripts
cd /tmp
ln -s /usr/sbin/openvpn /tmp/myvpn

# Config for Site-to-Site SiteA-SiteB
echo "
# here you would specify your pfsense WAN IP
remote x.x.x.x 1194
proto udp
port 1194
dev tun0
secret /tmp/static.key
verb 3
comp-lzo
keepalive 15 60
daemon
cipher AES-128-CBC #needed !!!!
" > SiteA-SiteB.conf

# Config for Static Key
echo "
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
 <you will="" find="" the="" content="" of="" key="" in="" pfsense,="" go="" back="" to="" vpn="">OpenVPN > Server, edit your newly created server, you will find the PSK there..
-----END OpenVPN Static key V1-----
" > static.key

# Create interfaces
/tmp/myvpn --mktun --dev tun0
# notice here i am picking an arbitrary adress for tun0, in my case 10.0.148.2
ifconfig tun0 10.0.148.2 netmask 255.255.255.0 promisc up

# Create routes
# Notice the first 10.0.144.0 being my pfsense LAN, the second 10.0.148.1 being the openvpn gateway
route add -net 10.0.144.0 netmask 255.255.255.0 gw 10.0.148.1

# Initiate the tunnel
sleep 5
/tmp/myvpn --config SiteA-SiteB.conf</you>

      And as firewall script

      # Open firewall holes
iptables -I INPUT 2 -p udp --dport 1194 -j ACCEPT
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT

      Once done, reboot, and try pinging a host on the pfsense-side from within the dd-wrt box.. should work..
      Really.. ;)</in></in></pick></will></whatever></your>

      1 Reply Last reply Reply Quote 0
      • R
        romst
        last edited by

        In this config you can't access from pfsense subnet to dd-wrt router to manage via web or ping, only telnet.
        But some code maybe added to dd-wrt router firewall script:

        iptables -I INPUT 3 -i tun0 -p icmp -j ACCEPT
        iptables -I INPUT 1 -i tun0 -p tcp –dport 80 -j ACCEPT

        and saved.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.