Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Site to Site VPN with dd-wrt

    OpenVPN
    1
    1
    2605
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      broncoBrad last edited by

      Hi all,

      So I've been trying to set up a site to site VPN with pfsense (2.1) on one (server) end and a dd-wrt (v24 July 2013) router on the other (client).

      I've been trying to follow these tutorials:

      https://doc.pfsense.org/index.php/OpenVPN_Site-to-Site_PKI_(SSL)

      http://glycogen.net/2012/12/01/pfsense-openvpn-server-with-dd-wrt-clients/

      http://forum.pfsense.org/index.php?topic=48667.0

      ~~I appear to have a connection established but I cannot talk between the two networks.

      Couple things. I have both my local and remote network fields on my pfsense blank and have done those in the advanced options because the dd-wrt box needs a gateway parameter to the route command.

      Also, the dd-wrt box fails to apply that route unless I via a startup script create a TUN device, which I have done that the route appears to have succeeded.

      From what I understand it is the iroute command that makes the LAN to LAN communication work.

      What I see in the dd-wrt status is two certificate checks for the depth of 1 (0 & 1), but they both appear to have the same common name which would be the case for the CA and the server, but not for the server and client. This kind of implies to me that the client overrides in pfsense are not happening.

      All I know is that I can currently my dd-wrt network can "ping" the pfsense gateway address and the pfsense network can "ping" the dd-wrt gateway. But it can't ping any other devices.~~

      I know this is a long shot, but if someone has some answers or questions that would be appreciated.

      Thanks!

      *** EDIT ***

      I think I wrote too much up above. So I will summarize here:

      #1 Using DD-Wrt you HAVE to create a TUN device via a startup script.

      #2 I have a connection established, but the server keeps seeing "inactivity timeout" –ping-restart, which means it can't get a ping back from the client LAN network.

      #3 A client LAN computer can "ping" the server LAN gateway and a server LAN computer can "ping" the client LAN gateway.

      #4 The client LAN computers cannot ping any server LAN computers and vice versa.

      #5 I do know that the Client Override is being used (i.e. the "iroute" command is being used).

      #6 On my OpenVPN rules on the server side I have an any any any rule.

      What am I missing?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post

      Products

      • Platform Overview
      • TNSR
      • pfSense
      • Appliances

      Services

      • Training
      • Professional Services

      Support

      • Subscription Plans
      • Contact Support
      • Product Lifecycle
      • Documentation

      News

      • Media Coverage
      • Press
      • Events

      Resources

      • Blog
      • FAQ
      • Find a Partner
      • Resource Library
      • Security Information

      Company

      • About Us
      • Careers
      • Partners
      • Contact Us
      • Legal
      Our Mission

      We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

      Subscribe to our Newsletter

      Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

      © 2021 Rubicon Communications, LLC | Privacy Policy