OpenVPN between pfsense and WRT54G



  • Hi all,

    I do have a question about setting up OpenVPN between a Linksys WRT54G (DD-WRT) at remote site and a pfsense box here.

    Here is the network diagram.


    *From the disgram, the WRT54G has been shipped to remote site and replaced by a normal switch. Thus, PC2 and Network Printer are now in 192.168.10.0/24 network

    I am still digesting sticky posts to learn OpenVPN.

    Apart from the codes in WRT54G of OpenVPN, I have found there are some differences in settings.

    In WRT54G OpenVPN setting, I only need one static key which was generated by using this command

     openvpn --genkey --secret static.key 
    

    However, I am not sure what kind of Cryptography did it use. and for Interface IP and Remote network, I am a bit confusing about what is what.

    Also, CA certificate, Client certificate and client keys, I can only leaved them blank below. as a newbie fo Lunix and VPN, can anyone let me know what are they and what should I put in?

    The biggest problem is not what I don't know but is I do not know what I should know….........

    Thanks for reading and please give me a hint!

    Aldo



  • pfSense is FreeBSD and not Linux.

    If you're after a site-to-site setup you only need the shared key.
    Certificates/client-server-key are only needed in a PKI.

    Probably the best point to start with OpenVPN is http://openVPN.net

    Read a bit in the HOWTO's and take a look at the example-config-files.
    pfSense is just a GUI to create such a config file.



  • Hi thanks for replying!

    Yes FreeBSD is not Lunix, but the CLI just look exactly the same to me. I only used DOS for a while, a complete MS "slave"  ;D

    Here is the openVPN configure I can find from the WRT54G

    
    # Move to writable directory and create scripts
    cd /tmp
    ln -s /usr/sbin/openvpn /tmp/myvpn
    
    # Config for Site-to-Site Client2-Server
    echo "
    remote 123.456.789.321
    proto udp          
    port 1999
    dev tun0
    secret /tmp/static.key
    verb 3
    comp-lzo
    keepalive 15 60
    daemon
    " > Client2-Server.conf
    
    # Config for Static Key
    echo "
    -----BEGIN OpenVPN Static key V1-----
    ****************************
    
    -----END OpenVPN Static key V1-----
    " > static.key
    
    # Create interfaces
    /tmp/myvpn --mktun --dev tun0
    ifconfig tun0 10.0.2.2 netmask 255.255.255.0 promisc up
    
    # Create routes
    route add -net 192.168.0.0 netmask 255.255.255.0 gw 10.0.2.1
    route add -net 192.168.1.0 netmask 255.255.255.0 gw 10.0.2.1
    
    # Initiate the tunnel
    sleep 5
    /tmp/myvpn --config Client2-Server.conf
    
    

    It created a tunnel to 10.0.2.2, may I assumed this will be the Remote Network? Or in CIDR format, it can be write like 10.0.2.0/24?

    Thanks again! Now finding the HOWTO

    Aldo

    @GruensFroeschli:

    pfSense is FreeBSD and not Linux.

    If you're after a site-to-site setup you only need the shared key.
    Certificates/client-server-key are only needed in a PKI.

    Probably the best point to start with OpenVPN is http://openVPN.net

    Read a bit in the HOWTO's and take a look at the example-config-files.
    pfSense is just a GUI to create such a config file.



  • i know this is not recommended but i am using the same setup for pfsense as a server and the ddwrt as the client.

    is there any way that i can just assign an (vpn ip) to the ddwrt and then set a static route of 192.168.1.0/24 and use the vpn ip as the gateway?

    i would like to do this because i really like the fact that the ddwrt is a good platform for soho but a real pain in the ass to get the right syntax in for vpn site to site connect.


Log in to reply