Page 1 of 1
vpn between two routers
Posted: Tue Apr 19, 2011 1:18 pm
by gettons
Hi all,
I have two openwrt routers on different locations I would like to link together through a vpn link which should let people browser each others' lan.
I know about bridged and routed modes, but I don't know which one would best fit in this environment.
Location A has 192.168.3.x/24 subnet and Location B has 192.168.1.x/24 subnet.
the openvpn server and client will be installed on the default gateway for each subnet so I don't need to set static routes on any of the clients I presume.
I am not sure , though, which mode it's better here.
I need people on location A to be able to access resources on Location B and the other way round.
Thanks
Re: vpn between two routers
Posted: Tue Apr 19, 2011 1:47 pm
by maikcat
hi there,
i strongly suggest you go with the routed mode..
Michael.
Re: vpn between two routers
Posted: Tue Apr 19, 2011 1:56 pm
by janjust
I'd go for routed mode with static shared keys, as you're connecting only 2 sites. This is by far the simplest setup.
Re: vpn between two routers
Posted: Tue Apr 19, 2011 1:58 pm
by gettons
Ok so with the routed mode It will create a new virtual interface on the router server for 192.168.10.x./24 let's say.
I.e. Openvpn server ( location A ) will give the openvpn client ( location B ) an ip address 192.168.10.2 and clients on location A ( subnet 192.168.3.x/24 ) will be able to ping 192.168.10.2 host without having to add any static route ( cause the default gw is the same host as the openvpn server ).
My question is: how do I access clients on location B ( 192.168.1.x/24 ) from clients on Location A ( 192.168.3.x/24 )? Do I have to set static routes on both the openvpn routers?
edited to change the below once I realized the error
Do I have to set static routes on the openvpn client router?
to
Do I have to set static routes on both the openvpn routers?
Re: vpn between two routers
Posted: Tue Apr 19, 2011 2:00 pm
by janjust
Do I have to set static routes on the openvpn client router?
yes. If the dd-wrt boxes are also the default gateways then add
on one end and
on the other.
Re: vpn between two routers
Posted: Tue Apr 19, 2011 2:28 pm
by gettons
Cool.
I got it.
Last question is: I presume the only way to make this setup work would be to set one end as client and one and as server, so for example if the client crashes without rebooting, it won't try to reconnect to the server.
Is there not a way to get rid of this client/server setup and enstablish a permanent tunnel between the two? ( both of them trying to establish a connection to the other end regardless of which one is the server/client as soon as the internet connection is working again on both ).
Re: vpn between two routers
Posted: Tue Apr 19, 2011 3:08 pm
by janjust
in static key mode you can configure both ends to keep reconnecting to each other - otherwise add a little wrapper script to restart openvpn if the VPN drops.
Re: vpn between two routers
Posted: Tue Apr 19, 2011 3:47 pm
by gettons
janjust wrote:in static key mode you can configure both ends to keep reconnecting to each other - otherwise add a little wrapper script to restart openvpn if the VPN drops.
Would you mind to point me to the right config/option to make use of the automatic reconnecting wrapper when I use static key mode?
At the moment I know the config statement
secret static.key
Cheers
Re: vpn between two routers
Posted: Wed Apr 20, 2011 6:21 am
by janjust
buy my book and read chapter 1
Try something like
Code: Select all
persist-tun
persist-key
keepalive 10 60
ping-timer-rem