Need help connecting two homes with VPN tunnel

[bjkuhl]

I need help connecting two Buffalo Dd-WRT routers running DD-WRT v3.0-r30354 std (08/22/16). I tried to follow instructions inhttps://wiki.dd-wrt.com/wiki/index.php/VPN_%28the_easy_way%29_v24%2B but I have not been successful. I have port forwarded, but my setting must be off. Attached are the logs. Your help will be much appreciated.


State
Server:
TAP Mode: Bridged
MAC Address:



Status
VPN Server Stats:
Client Remote IP:Port Bytes Received Bytes Sent Connected Since

VPN Server Routing Table
Client Virtual Address Real Address Last Ref


Log
Serverlog:

dh /tmp/openvpn/dh.pem ca /tmp/openvpn/ca.crt key /tmp/openvpn/key.pem keepalive 10 120 verb 3 mute 3 syslog writepid /var/run/openvpnd.pid management 127.0.0.1 14 management-log-cache 100 topology subnet script-security 2 port 1194 proto udp cipher bf-cbc auth sha256 client-connect /tmp/openvpn/clcon.sh client-disconnect /tmp/openvpn/cldiscon.sh client-config-dir /tmp/openvpn/ccd comp-lzo adaptive tls-server ifconfig-pool-persist /tmp/openvpn/ip-pool 86400 client-to-client fast-io tun-mtu 1500 mtu-disc yes server-bridge 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 dev tap2 mode server proto udp port 1194 dev tap0 server-bridge 10.22.0.1 255.255.0.0 10.22.0.50 10.22.0.100 # Gateway (VPN Server) Subnetmask Start-IP End-IP keepalive 10 120 daemon verb 5 client-to-client dh /tmp/openvpn/dh.pem ca /tmp/openvpn/ca.crt cert /tmp/openvpn/cert.pem key /tmp/openvpn/key.pem


State
Client: WAIT
TAP mode: Unbridged
MAC Address:
Local IP:
Firewall Protection: On

Status
VPN Client Stats
TUN/TAP read bytes 0
TUN/TAP write bytes 0
TCP/UDP read bytes 0
TCP/UDP write bytes 70
Auth read bytes 0
pre-compress bytes 0
post-compress bytes 0
pre-decompress bytes 0
post-decompress bytes 0

Log
Clientlog:
20180725 02:27:37 I OpenVPN 2.3.11 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Aug 22 2016
20180725 02:27:37 I library versions: OpenSSL 1.0.2h 3 May 2016 LZO 2.09
20180725 02:27:37 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16
20180725 02:27:37 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20180725 02:27:37 W WARNING: file '/tmp/openvpncl/client.key' is group or others accessible
20180725 02:27:37 W ******* WARNING *******: null cipher specified no encryption will be used
20180725 02:27:37 W ******* WARNING *******: null MAC specified no authentication will be used
20180725 02:27:37 Socket Buffers: R=[172032->172032] S=[172032->172032]
20180725 02:27:37 I UDPv4 link local: [undef]
20180725 02:27:37 I UDPv4 link remote: [AF_INET]68.224.17.117:1194
20180725 02:28:34 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20180725 02:28:34 D MANAGEMENT: CMD 'state'
20180725 02:28:34 MANAGEMENT: Client disconnected
20180725 02:28:34 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20180725 02:28:34 D MANAGEMENT: CMD 'state'
20180725 02:28:34 MANAGEMENT: Client disconnected
20180725 02:28:34 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20180725 02:28:34 D MANAGEMENT: CMD 'status 2'
20180725 02:28:34 MANAGEMENT: Client disconnected
20180725 02:28:34 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20180725 02:28:34 D MANAGEMENT: CMD 'log 500'
19700101 01:00:00

ca /tmp/openvpncl/ca.crt cert /tmp/openvpncl/client.crt key /tmp/openvpncl/client.key management 127.0.0.1 16 management-log-cache 100 verb 3 mute 3 syslog writepid /var/run/openvpncl.pid client resolv-retry infinite nobind persist-key persist-tun script-security 2 dev tap1 proto udp cipher none auth none remote 68.224.17.117 1194 comp-lzo adaptive tun-mtu 1500 mtu-disc yes fast-io remote-cert-tls server

[TinCanTech]

View Originalserver

dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
key /tmp/openvpn/key.pem
keepalive 10 120
verb 3
mute 3
syslog
writepid /var/run/openvpnd.pid
management 127.0.0.1 14
management-log-cache 100
topology subnet
script-security 2
port 1194
proto udp
cipher bf-cbc
auth sha256
client-connect /tmp/openvpn/clcon.sh
client-disconnect /tmp/openvpn/cldiscon.sh
client-config-dir /tmp/openvpn/ccd
comp-lzo adaptive
tls-server
ifconfig-pool-persist /tmp/openvpn/ip-pool 86400
client-to-client
fast-io
tun-mtu 1500
mtu-disc yes
server-bridge 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0
dev tap2
mode server
proto udp
port 1194
dev tap0
server-bridge 10.22.0.1 255.255.0.0 10.22.0.50 10.22.0.100
# Gateway (VPN Server) Subnetmask Start-IP End-IP
keepalive 10 120
daemon
verb 5
client-to-client
dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem

Just reading your actual server config it is obvious that you have not followed DD-WRT tutorials.

Try setting up the most basic VPN that you can on your routers and build up from there.

[MikeRobinson]

It's frustrating, I know ... Here's my little check-list:

(1) The two sides must have differing IP-address ranges. If home #1 uses 192.168.0.x, home #2's router (DHCP) must be doling-out addresses in a different range, such as 192.168.111.x. (This is a basic "TCP/IP routing" consideration, and OpenVPN is a router.)

(2) The routers on both sides must have static routing rules that will send traffic bearing the other side's IP-address ranges, and 10.8.0.x, to the OpenVPN service-process on their side, "as a gateway."

(2a) The routers also need to assign an unchanging IP-address to their OpenVPN machine, so that the static routes always work.

(3) "Once you get the dammed thing to connect," most of the remaining headaches are just "TCP/IP routing issues." And these follow the "hobbit principle" ... There and Back Again.

(4) The traceroute command is your best friend. It will explore the route, "hop by hop," and if it starts spitting-out rows of asterisks you know that there is no return route at that hop. (Traffic's getting there but doesn't know how to get back home.)