OpenVPN Site to Site Connection Using DD-WRT Capable Routers

This is the forum to post your config. Include diagrams, usage graphs, and all the other goodies to show off your network.
Post Reply
User avatar
somms
OpenVPN User
Posts: 21
Joined: Sun Aug 29, 2010 2:38 pm

OpenVPN Site to Site Connection Using DD-WRT Capable Routers

Post by somms » Sun Aug 29, 2010 2:53 pm

http://www.dd-wrt.com/phpBB2/viewtopic. ... ht=#391635

Basically lifted from above link over at DD-WRT forums but this OpenVPN bridged (tap) connection between physically seperated DD-WRT capable routers continues to work very well and clients on either end all act like they are on the same local LAN! :D

FWIW: WRT320N located at my daughter's dorm configured as OpenVPN client bridge backto OpenVPN server located at home(WRT310N)...works 100%!


Under Administration/Commands Tab

Startup:
openvpn --mktun --dev tap0
brctl addif br0 tap0
ifconfig tap0 0.0.0.0 promisc up

Firewall:
...nothing required since configured as client...


Under Services/VPN/OpenVPN Daemon

OpenVPN Daemon: Enable
Start OpenVPN: Wan Up

CA Cert: ca.crt

Certificate Revoke List: *blank*

Public Client Cert: client1.crt

Private Client Key: client1.key

DH PEM: *blank*

OpenVPN Config:
management localhost 5001
verb 0
up-delay
client
dev tap0
proto udp
remote your.dyndns.ipaddress 1194
ns-cert-type server
cipher BF-CBC
comp-lzo
nobind
float
mute-replay-warnings
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem

OpenVPN TLS Auth: *blank*


Notice configured as client using settings under 'OpenVPN Daemon' NOT 'OpenVPN Client' under Services/VPN GUI tab of DD-WRT!




WRT310N configured as OpenVPN server:


Under Administration/Commands Tab

Startup:
openvpn --mktun --dev tap0
brctl addif br0 tap0
ifconfig tap0 0.0.0.0 promisc up

Firewall:
iptables -I INPUT -p udp --dport 1194 -j ACCEPT
(currently my WRT310N's WAN is disabled with static 192.168.1.120 LAN IP & gateway set to 192.168.1.1 since it is behind WRT600N gateway router with port 1194 port forwarded to WRT310N so the firewall on WRT310N is actually blank!)


Under Services/VPN/OpenVPN Daemon

OpenVPN Daemon: Enable
Start OpenVPN: Wan Up

CA Cert: ca.crt

Certificate Revoke List: *blank*

Public Client Cert: server.crt

Private Client Key: server.key

DH PEM: dh1024.pem

OpenVPN Config:
server-bridge 192.168.1.1 255.255.255.0 192.168.1.225 192.168.1.234
management localhost 5001
verb 0
comp-lzo
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
push "persist-tun"
push "persist-key"
port 1194
cipher BF-CBC
dev tap0
proto udp
keepalive 10 60
max-clients 8
client-to-client
dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem

OpenVPN TLS Auth: *blank*

You may have to adjust above highlighted in bold depending on your network! :wink:

BTW: SPI Firewall still enabled on both routers since this does not affect OpenVPN bridge and 'management localhost 5001' config line set in each router allows for populating the OpenVPN tab under Status for each router's DD-WRT GUI: http://www.dd-wrt.com/phpBB2/viewtopic. ... ht=#393084
Last edited by somms on Mon Feb 20, 2012 9:36 pm, edited 2 times in total.
Image

User avatar
somms
OpenVPN User
Posts: 21
Joined: Sun Aug 29, 2010 2:38 pm

Re: OpenVPN Site to Site Connection Using DD-WRT Capable Rou

Post by somms » Sun Sep 19, 2010 7:24 am

Image

Image
Image

User avatar
somms
OpenVPN User
Posts: 21
Joined: Sun Aug 29, 2010 2:38 pm

Re: OpenVPN Site to Site Connection Using DD-WRT Capable Rou

Post by somms » Sun May 29, 2011 5:28 pm

http://www.dd-wrt.com/phpBB2/viewtopic. ... ht=#612668

Latest OpenVPN 2.2.0 included DD-WRT builds have blown the older build configs out of the water...OpenVPN support is simplified now thru DD-WRT's GUI...please see above link! :D
Image

ineedhelp
OpenVpn Newbie
Posts: 2
Joined: Sat Jun 18, 2011 10:30 pm

Re: OpenVPN Site to Site Connection Using DD-WRT Capable Rou

Post by ineedhelp » Sat Jun 18, 2011 10:33 pm

Hey there somms -- I am trying to do a similar thing but having trouble setting this up. Would you be interested in setting up my dd-wrt remotely, and I could pay you via paypal for your time? Please let me know -- and I will send you my email address.

pazure
OpenVpn Newbie
Posts: 1
Joined: Mon May 23, 2011 8:02 pm

Re: OpenVPN Site to Site Connection Using DD-WRT Capable Rou

Post by pazure » Thu Dec 15, 2011 5:08 am

This is an old thread, but users still look to it to copy and paste their configs, so I thought I'd make one quick typo correction. Where somms has

iptables -I INPUT -p upd --dport 1194 -j ACCEPT

it of course should be

iptables -I INPUT -p udp --dport 1194 -j ACCEPT

(the upd should be changed to udp).

Amazingly, after gnashing teeth for over a week now, I've finally gotten two routers (Asus RT-N16s) to OpenVPN in bridged mode thanks to somms. His suggestion of using OpenVPN Daemon instead of the OpenVPN client is what solved things for me. Now, you can directly edit the .conf file via GUI. I've now got all hosts on two bridged networks pinging each other. Thanks somms.

Why haven't I seen this suggestion on the DDWRT OpenVPN site?

raymond703
OpenVpn Newbie
Posts: 2
Joined: Thu Feb 02, 2012 11:58 am

Re: OpenVPN Site to Site Connection Using DD-WRT Capable Rou

Post by raymond703 » Thu Feb 02, 2012 12:02 pm

Hi ! dd-wrt expert !
If I use a LinkSys wrt54gs V3 as an OpenVpn server,
is it possible to support 15 clients with the same
hardware and dd-wrt firmware ?

raymond703
OpenVpn Newbie
Posts: 2
Joined: Thu Feb 02, 2012 11:58 am

Re: OpenVPN Site to Site Connection Using DD-WRT Capable Rou

Post by raymond703 » Thu Feb 02, 2012 12:07 pm

Is it possible to use wrt54gs V3 with dd-wrt
using OpenVpn as server
to support 15 router clients with same
hardware & firmware ?

james565
OpenVpn Newbie
Posts: 1
Joined: Mon Jun 25, 2012 1:03 pm

Re: OpenVPN Site to Site Connection Using DD-WRT Capable Rou

Post by james565 » Mon Jun 25, 2012 1:05 pm

That's a great question Raymond and I'd love to know the answer. Can anyone help please?


___________________
"Whatever the mind can conceive and believe, the mind can achieve."

Post Reply