Site to Site VPN with dd-wrt



  • Hi all,

    So I've been trying to set up a site to site VPN with pfsense (2.1) on one (server) end and a dd-wrt (v24 July 2013) router on the other (client).

    I've been trying to follow these tutorials:

    https://doc.pfsense.org/index.php/OpenVPN_Site-to-Site_PKI_(SSL)

    http://glycogen.net/2012/12/01/pfsense-openvpn-server-with-dd-wrt-clients/

    http://forum.pfsense.org/index.php?topic=48667.0

    ~~I appear to have a connection established but I cannot talk between the two networks.

    Couple things. I have both my local and remote network fields on my pfsense blank and have done those in the advanced options because the dd-wrt box needs a gateway parameter to the route command.

    Also, the dd-wrt box fails to apply that route unless I via a startup script create a TUN device, which I have done that the route appears to have succeeded.

    From what I understand it is the iroute command that makes the LAN to LAN communication work.

    What I see in the dd-wrt status is two certificate checks for the depth of 1 (0 & 1), but they both appear to have the same common name which would be the case for the CA and the server, but not for the server and client. This kind of implies to me that the client overrides in pfsense are not happening.

    All I know is that I can currently my dd-wrt network can "ping" the pfsense gateway address and the pfsense network can "ping" the dd-wrt gateway. But it can't ping any other devices.~~

    I know this is a long shot, but if someone has some answers or questions that would be appreciated.

    Thanks!

    *** EDIT ***

    I think I wrote too much up above. So I will summarize here:

    #1 Using DD-Wrt you HAVE to create a TUN device via a startup script.

    #2 I have a connection established, but the server keeps seeing "inactivity timeout" –ping-restart, which means it can't get a ping back from the client LAN network.

    #3 A client LAN computer can "ping" the server LAN gateway and a server LAN computer can "ping" the client LAN gateway.

    #4 The client LAN computers cannot ping any server LAN computers and vice versa.

    #5 I do know that the Client Override is being used (i.e. the "iroute" command is being used).

    #6 On my OpenVPN rules on the server side I have an any any any rule.

    What am I missing?