Site to Site Tunnel

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking
Goto page 1, 2  Next
Author Message
jshdcooper
DD-WRT Novice


Joined: 21 Oct 2015
Posts: 1

PostPosted: Wed Oct 21, 2015 17:30    Post subject: Site to Site Tunnel Reply with quote
Forgive me for what is probably a subject beat to death, but I'm new the to DD-WRT Community.

I've searched through documentation about setting up a site to site VPN, and all tutorials seem to require a VPN service to get this done.

I was under the impression that DD-WRT supported site to site vpn set up with a PSK. Is this not the case? I have experience setting up IPSEC VPNs on enterprise level equipment, but have a friend who needs a simple, secure point to point VPN for his new business.

Before we commit to purchasing his new network equipment, I wanted to make sure we could get this done.

Thanks, and sorry for the potential repost. I just didn't see anything in my searches that explained.
Sponsor
svoelkel
DD-WRT Novice


Joined: 08 Sep 2015
Posts: 18
Location: Jasper, Indiana

PostPosted: Fri Oct 23, 2015 20:38    Post subject: I use PPTP Reply with quote
DD-WRT has capabilities built-in for using PPTP VPNs.

The PPTP SERVER end of the connection will handle multiple connections, either from other networks (such as other DD-WRT routers), or from a single hosts (such as a PC or Android).

The CLIENT end, however, will only handle a single connection.

It is allowed to have both PPTP SERVER and PPTP CLIENT functions active in a router at the same time.

I have all of this working very nicely in a system that includes 5 DD-WRT routers. All can communicate to each other, but I had to set up one of the routers to act a HUB, since DD-WRT does not support multi-CLIENT operation.

Everything has been very reliable.

FYI, I used a password generator to create 14-character extra-ugly passwords. 14 characters is the max length that is accepted.

I would be happy to share any additional information; just ask.

_________________
======
Sam V.
stoney li
DD-WRT User


Joined: 12 Apr 2013
Posts: 248

PostPosted: Fri Oct 23, 2015 21:26    Post subject: Re: I use PPTP Reply with quote
svoelkel,
What version of DD-WRT you have for the PPTP server/client? Even with the latest dd-wrt, the PPTP server on the dd-wrt server has the wrong routing table setup for the client connection from a remote DD-WRT PPTP client. The local IP address for the remote DD-WRT client shows the LAN IP address of the remote DD-WRT router on the PPTP server.
Thanks,

--stoney

svoelkel wrote:
DD-WRT has capabilities built-in for using PPTP VPNs.

The PPTP SERVER end of the connection will handle multiple connections, either from other networks (such as other DD-WRT routers), or from a single hosts (such as a PC or Android).

The CLIENT end, however, will only handle a single connection.

It is allowed to have both PPTP SERVER and PPTP CLIENT functions active in a router at the same time.

I have all of this working very nicely in a system that includes 5 DD-WRT routers. All can communicate to each other, but I had to set up one of the routers to act a HUB, since DD-WRT does not support multi-CLIENT operation.

Everything has been very reliable.

FYI, I used a password generator to create 14-character extra-ugly passwords. 14 characters is the max length that is accepted.

I would be happy to share any additional information; just ask.
svoelkel
DD-WRT Novice


Joined: 08 Sep 2015
Posts: 18
Location: Jasper, Indiana

PostPosted: Fri Oct 23, 2015 22:40    Post subject: Reply with quote
Equipment I am using includes:

Netgear R6300, dd-wrt v3.0-r27783 giga
TP-Link Archer C7 v2, dd-wrt v3.0-r27783 std
TP-Link TL-WDR3600 v1, dd-wrt v24-sp2 std - build 21061
TP-Link TL-WDR3600 v1, dd-wrt v3.0-r27858 std

(It is not convenient to check the versions of the software in the 5th router at the moment.)

After you set up the information for CLIENT in one router and for SERVER in the other router, you still have to enter routing information here:
Setup >> Advanced Routing



I am out of time for today; I will respond in greater detail tomorrow.

_________________
======
Sam V.
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6189
Location: Romerike, Norway

PostPosted: Sat Oct 24, 2015 7:56    Post subject: Reply with quote
This one is for bridging. You would have used routed though (tun0):
http://www.dd-wrt.com/wiki/index.php/OpenVPN_-_Site-to-Site_Bridged_VPN_Between_Two_Routers

http://www.coertvonk.com/technology/networking/dd-wrt-and-openvpn-5591


You need 3 ip sub-nets, site-A, site-B and one for the tunnel.
svoelkel
DD-WRT Novice


Joined: 08 Sep 2015
Posts: 18
Location: Jasper, Indiana

PostPosted: Sat Oct 24, 2015 16:46    Post subject: A good PPTP tutorial Reply with quote
Stoney,

Here is a link to a PPTP tutorial that helped me a lot:

http://www.dd-wrt.com/wiki/index.php/Point-to-Point_PPTP_Tunneling_with_two_DD-WRT

I would suggest that you follow it for setting up your site-to-site VPN.

I have noticed that at the SERVER end of the PPTP connection, you can see the status of the link here:

Status >> LAN

At the bottom on the page is a section titled Connected PPTP Clients. If a client has successfully connected, there will be a line of data in this section.

The CLIENT end of the PPTP connection does not have any indicator in the GUI to show PPTP connection status. If you have command-line access (via PuTTY) then you can issue a command to see the status of the interfaces with this command:

root@MyRouter:~# ifconfig

or to see the status of a specific interface:

root@MyRouter:~# ifconfig ppp0

Routes in the route table do not contain routes to the foreign subnets until a VPN is established to that subnet. Once the VPN connection is made, dd-wrt will update the route table with the data that you placed in the Advanced Routing section.

_________________
======
Sam V.
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6189
Location: Romerike, Norway

PostPosted: Sat Oct 24, 2015 17:53    Post subject: Reply with quote
I wouldn't used PPTP. It's an old insecure protocol.
OpenVPN is much better.
stoney li
DD-WRT User


Joined: 12 Apr 2013
Posts: 248

PostPosted: Sun Oct 25, 2015 23:01    Post subject: Re: A good PPTP tutorial Reply with quote
Svoelkel,
Thanks for the info. I can set up a PPTP connection between 2 dd-wrt routers. The only problem I have now is that the server STATUS/LAN/Connected PPTP Clients shows wrong "Local IP" for the PPTP connected:

Interface Username Local IP Remote IP Delete
ppp0 testvpn 192.168.0.1 xxx.yyy.zzz.aaa

The "local IP" should be the IP address allocated by the PPTP server (or an IP address on the pptp server LAN). Did you see the similar issue? How do you resolve it?
Thanks,

--stoney

svoelkel wrote:
Stoney,

Here is a link to a PPTP tutorial that helped me a lot:

http://www.dd-wrt.com/wiki/index.php/Point-to-Point_PPTP_Tunneling_with_two_DD-WRT

I would suggest that you follow it for setting up your site-to-site VPN.

I have noticed that at the SERVER end of the PPTP connection, you can see the status of the link here:

Status >> LAN

At the bottom on the page is a section titled Connected PPTP Clients. If a client has successfully connected, there will be a line of data in this section.

The CLIENT end of the PPTP connection does not have any indicator in the GUI to show PPTP connection status. If you have command-line access (via PuTTY) then you can issue a command to see the status of the interfaces with this command:

root@MyRouter:~# ifconfig

or to see the status of a specific interface:

root@MyRouter:~# ifconfig ppp0

Routes in the route table do not contain routes to the foreign subnets until a VPN is established to that subnet. Once the VPN connection is made, dd-wrt will update the route table with the data that you placed in the Advanced Routing section.
svoelkel
DD-WRT Novice


Joined: 08 Sep 2015
Posts: 18
Location: Jasper, Indiana

PostPosted: Mon Oct 26, 2015 15:12    Post subject: Connected PPTP Clients info Reply with quote
Stoney,

The Connected PPTP Clients Local IP information seems better designed to display connection information of a single host (such as a desktop PC, or Android) rather than connection information of another subnet.

When connecting with a single host, the Connected PPTP Clients Local IP will accurately display the local IP of the connected host. However, whenever you are making connection to another site, the connection is actually to a complete sub-net, or even possibly multiple sub-nets. In such a case, no local IP is assigned to the foreign sub-net. I can't explain why the IP address of the foreign router is displayed here, but I suppose that is better than it being blank.

Regardless of the misleading display of the Local IP, there should still be a path between the two sites. You should be able to ping from any host on site #1 to any host on site #2, and vice versa.

If pinging is not possible, then you may have incorrect entries in Advanced Routings on either or both sites.

You may also encounter devices that have their ping feature disabled; if you can't ping it locally, then you certainly won't be able to ping it across the VPN. Also, beware of Windows ver 8.0 (and later) as by default they will respond to a ping on the local subnet, but their firewall settings prevent ping response from foreign subnets. Even after opening up the firewall on a Windows 8.0 host, I have not been able to get them to respond to a ping from a foreign subnet. My advice is to find something other than a Windows 8.0 PC for ping testing.

If your ping tests are successful, then your mission is complete; if they fail, then more troubleshooting is needed.

Also, be aware that some older routers with older versions of DD-WRT simply do not work. For example, I have a Netgear WNDR3400 with DD-WRT v24-sp2 build 21061 mini that appears to make a VPN connection, but will never pass any data. I have given up on this router and this version of DD-WRT. There is always some possibility that you may have one of these dud combinations that will not work with VPN.

Let us know the results of the ping tests.

_________________
======
Sam V.
kylevaughan
DD-WRT Novice


Joined: 26 Oct 2015
Posts: 9

PostPosted: Tue Oct 27, 2015 3:24    Post subject: Reply with quote
Hello, I am also looking to do this same sort of setup.

I have 2 routers with dd-wrt on them

I have set one up as a server and the other up as a client. And regardless of what I try they simply will not connect to each other.

The server accept connections from remote computers fine and the client can connect to my windows and linux boxes running pptp vpns just fine, but they just wont talk to each other.

I have tried the tutorial in the links above to no avail. I have even tried reversing the roles making the server a client and the client a server and still get the same result.

The will establish a vpn with any other machine / cellphone but just won't work with each other.

I have a small business and I simply want to bridge my network at home with the network at the office so that they are essentially 1 network. It seems like it should be easy to do but I have been racking my brain for the past 12 hours and just can't get it to work.

Any ideas? I can provide more detailed info if needed.

Thanks.
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6189
Location: Romerike, Norway

PostPosted: Tue Oct 27, 2015 6:34    Post subject: Reply with quote
Is there any activity at the VPN Status screen?
kylevaughan
DD-WRT Novice


Joined: 26 Oct 2015
Posts: 9

PostPosted: Tue Oct 27, 2015 6:56    Post subject: Reply with quote
I dont see that there is a vpn status screen. If there is where would I find it?
svoelkel
DD-WRT Novice


Joined: 08 Sep 2015
Posts: 18
Location: Jasper, Indiana

PostPosted: Tue Oct 27, 2015 18:36    Post subject: Check CHAP-Secrets entry Reply with quote
kylevaughan,

This is a remote possibility, but easy to check.

When connecting to a PPTP SERVER with a single host (a PC or Android), the CHAP-Secret entry may take either of 2 different formats:

username * password *

or

username * password <specific Local IP Address>


In the first case, the final asterisk tells the system to pick a Local IP from the IP range that was entered in the Client IP(s) field in the PPTP Server setup. In the second case, the Local IP assigned WILL BE the IP listed here; hence a way of assigning a static IP to a VPN Client.

Either format works if the client is a single host, but if the client is another site, then only the first format is acceptable. If you are using the second format and trying to make a site-to-site connection, it simply will not connect.

Since you indicate that you can connect single-client to server, but not site-to-server, this may be your problem.

Also, what versions of DD-WRT are you using?

_________________
======
Sam V.
svoelkel
DD-WRT Novice


Joined: 08 Sep 2015
Posts: 18
Location: Jasper, Indiana

PostPosted: Tue Oct 27, 2015 18:51    Post subject: Look in syslog message file for hints Reply with quote
kylevaughan,

Look at the DD-WRT syslog message file where there may be a hint as to what the problem is. This file is located at:

root@MyRouter:/tmp/var/log/messages

I use the PuTTY program for logging in to view the messages file. If you need help logging in and viewing the file, just ask.

_________________
======
Sam V.
kylevaughan
DD-WRT Novice


Joined: 26 Oct 2015
Posts: 9

PostPosted: Wed Oct 28, 2015 0:15    Post subject: Reply with quote
svoelkel,

Thank you for your help.

I am using the format

username * password *

on the server.

the server is running DD-WRT v24-sp2 (12/22/14) std
the client is running DD-WRT v24-sp2 (08/07/10) vpn

again I have tried to reverse the roles with still no luck. They simply won't connect to each other.

Also I have no idea how to find the syslogs.
I have putty and am familiar with SSH, but I can't seem to enable SSH on either router, the only thing I can connect to is TTY which I have no idea how to use.

essentially all I want to do is bridge these 2 sites so that any machine on site A can ping any machine on site B and vice versa but I just can't get it to work.

I also have a ubuntu server machine on both ends as well with pptp and I couldn't make it work with them either.

the best I could get is site A DD-WRT connects to site B ubuntu VPN and then I can ping everything on site B from site A, but still not the other way around.

I've been reading and trying things for literally 2 days and at this point I don't really care how its accomplished, using DD-WRT or the ubuntu servers. I just want my sites bridged with traffic going both ways.

Thank you for any help you can give.
Goto page 1, 2  Next Display posts from previous:    Page 1 of 2
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum