vpn between two routers

Need help configuring your VPN? Just post here and you'll get that help.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
gettons
OpenVpn Newbie
Posts: 4
Joined: Tue Apr 19, 2011 1:12 pm

vpn between two routers

Post by gettons » Tue Apr 19, 2011 1:18 pm

Hi all,

I have two openwrt routers on different locations I would like to link together through a vpn link which should let people browser each others' lan.
I know about bridged and routed modes, but I don't know which one would best fit in this environment.

Location A has 192.168.3.x/24 subnet and Location B has 192.168.1.x/24 subnet.
the openvpn server and client will be installed on the default gateway for each subnet so I don't need to set static routes on any of the clients I presume.

I am not sure , though, which mode it's better here.
I need people on location A to be able to access resources on Location B and the other way round.




Thanks

User avatar
maikcat
Forum Team
Posts: 4202
Joined: Wed Jan 12, 2011 9:23 am
Location: Athens,Greece
Contact:

Re: vpn between two routers

Post by maikcat » Tue Apr 19, 2011 1:47 pm

hi there,


i strongly suggest you go with the routed mode..

Michael.
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)

Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)

"objects in mirror are losing"

User avatar
janjust
Forum Team
Posts: 2703
Joined: Fri Aug 20, 2010 2:57 pm
Location: Amsterdam
Contact:

Re: vpn between two routers

Post by janjust » Tue Apr 19, 2011 1:56 pm

I'd go for routed mode with static shared keys, as you're connecting only 2 sites. This is by far the simplest setup.

gettons
OpenVpn Newbie
Posts: 4
Joined: Tue Apr 19, 2011 1:12 pm

Re: vpn between two routers

Post by gettons » Tue Apr 19, 2011 1:58 pm

Ok so with the routed mode It will create a new virtual interface on the router server for 192.168.10.x./24 let's say.

I.e. Openvpn server ( location A ) will give the openvpn client ( location B ) an ip address 192.168.10.2 and clients on location A ( subnet 192.168.3.x/24 ) will be able to ping 192.168.10.2 host without having to add any static route ( cause the default gw is the same host as the openvpn server ).

My question is: how do I access clients on location B ( 192.168.1.x/24 ) from clients on Location A ( 192.168.3.x/24 )? Do I have to set static routes on both the openvpn routers?



edited to change the below once I realized the error

Do I have to set static routes on the openvpn client router?
to
Do I have to set static routes on both the openvpn routers?
Last edited by gettons on Tue Apr 19, 2011 2:02 pm, edited 2 times in total.

User avatar
janjust
Forum Team
Posts: 2703
Joined: Fri Aug 20, 2010 2:57 pm
Location: Amsterdam
Contact:

Re: vpn between two routers

Post by janjust » Tue Apr 19, 2011 2:00 pm

Do I have to set static routes on the openvpn client router?
yes. If the dd-wrt boxes are also the default gateways then add

Code: Select all

route 192.168.1.0 255.255.255.0
on one end and

Code: Select all

route 192.168.3.0 255.255.255.0
on the other.

gettons
OpenVpn Newbie
Posts: 4
Joined: Tue Apr 19, 2011 1:12 pm

Re: vpn between two routers

Post by gettons » Tue Apr 19, 2011 2:28 pm

Cool.
I got it.
Last question is: I presume the only way to make this setup work would be to set one end as client and one and as server, so for example if the client crashes without rebooting, it won't try to reconnect to the server.
Is there not a way to get rid of this client/server setup and enstablish a permanent tunnel between the two? ( both of them trying to establish a connection to the other end regardless of which one is the server/client as soon as the internet connection is working again on both ).

User avatar
janjust
Forum Team
Posts: 2703
Joined: Fri Aug 20, 2010 2:57 pm
Location: Amsterdam
Contact:

Re: vpn between two routers

Post by janjust » Tue Apr 19, 2011 3:08 pm

in static key mode you can configure both ends to keep reconnecting to each other - otherwise add a little wrapper script to restart openvpn if the VPN drops.

gettons
OpenVpn Newbie
Posts: 4
Joined: Tue Apr 19, 2011 1:12 pm

Re: vpn between two routers

Post by gettons » Tue Apr 19, 2011 3:47 pm

janjust wrote:in static key mode you can configure both ends to keep reconnecting to each other - otherwise add a little wrapper script to restart openvpn if the VPN drops.

Would you mind to point me to the right config/option to make use of the automatic reconnecting wrapper when I use static key mode?
At the moment I know the config statement
secret static.key


Cheers

User avatar
janjust
Forum Team
Posts: 2703
Joined: Fri Aug 20, 2010 2:57 pm
Location: Amsterdam
Contact:

Re: vpn between two routers

Post by janjust » Wed Apr 20, 2011 6:21 am

buy my book and read chapter 1 :)

Try something like

Code: Select all

persist-tun
persist-key
keepalive 10 60
ping-timer-rem

Post Reply