Talk:OpenVPN - Site-to-Site routed VPN between two routers

From DD-WRT Wiki

Jump to: navigation, search

Why don't you use "server net mask" openvpn configuration directive for setting addresses on tunnel?

Why don't you use "route net mask" openvpn configuration directive to add routes to your remote network?

By using these two you could invoke openvpn just once and would not need any extra commands! --Monas 18:12, 28 December 2007 (CET)

I have a special situation where I need the VPN on the server to go to an isolated port. I'm pretty sure this should be possible but I'm not yet into it far enough to be able to figure it out on my own. Any help would be greatly appreciated. I'll be happy to document my experience and post it back here. - Edwin

[edit] some about mtu ovpn

hi there! bad english, sorry..

did my ovpn tube by 2 dd-wrt devices with dd-wrt-vpn-generic. some non-friendly environment - Moscow corbina/beeline req's pptp for auth my access, and I want ovpn tunnel to +1 site... pptp client in dd-wrt is not very advanced, imho, (only static srv ip, no srv fqdn - but in isp net dns roundrobin, balancing etc...) most scripts, how-to's that i find is poor, or too old, etc...

So I have to:

1. site1, real ip, unlim use di-824vup+ as pptp isp-client / gateway +, behind dir-320/dd-wrt-vpn-generic as ovpn tunnel host, "server" / calee part, +publish custom ovpn port on 824

2. site2 - NAPT, unlim, but all pptp, l2tp, ipsec standard ports are blocked by isp (imho... attempts 824+824 & its 3 protocols failed,,, hands.sys? brain.sys? customize ports is unreal - too dumb hw/firmw)

54GL+dd-wrt-vpn-generic as "calier" / client

++ routes etc...

result - pings ok, telnet ok, smb / win shares seems ~ok... rdp, http, ftp - fail problem was in mtu size in tun0...

helps: fragment 1400 mssfix in startup script on both http://www.wandin.net/dotclear/index.php?post/2009/01/08/OpenVPN-MTU-Size

_____ all this topic just for context, and should be deleted, but in step-by-step man this hint will saves some time for next people, I wish )

Respect to autor


Hi there again! I have to move some sites of prev post cheme, so it look like main post part2-advanced - "multiple vpn tunn" but - I have instead 2 servers on end poins (cliets on main post) with real IP, and 1 client behind NAPT with 2 tuns to its servers... Again, 1st endpoint with real IP - (routed, no vpn\pppoe etc) works ok, directly, but 2nd endpoint - ISP PPPoE / DHCP-static... Cannot establish 2nd tun to... As temporary I will have to again set cascade 824 as gate, 320 as ovpn srv, publish ovpn port on 824... Who can help me setup routing by 320 only, PPPoE tunnel to OVPN ?

What's wrong?

Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 172.16.34.56 * 255.255.255.252 U 0 0 0 vlan1

10.31.31.0 * 255.255.255.0 U 0 0 0 tun1

10.33.33.0 * 255.255.255.0 U 0 0 0 tun3

10.1.1.0 10.31.31.1 255.255.255.0 UG 0 0 0 tun1

10.1.2.0 * 255.255.255.0 U 0 0 0 br0

10.1.3.0 10.33.33.1 255.255.255.0 UG 0 0 0 tun3

169.254.0.0 * 255.255.0.0 U 0 0 0 br0

127.0.0.0 * 255.0.0.0 U 0 0 0 lo

default 172.16.34.57 0.0.0.0 UG 0 0 0 vlan1