OpenVPN Site to Site Connection Using DD-WRT Capable Routers
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
- somms
- OpenVPN User
- Posts: 20
- Joined: Sun Aug 29, 2010 2:38 pm
OpenVPN Site to Site Connection Using DD-WRT Capable Routers
http://www.dd-wrt.com/phpBB2/viewtopic. ... ht=#391635
Basically lifted from above link over at DD-WRT forums but this OpenVPN bridged (tap) connection between physically seperated DD-WRT capable routers continues to work very well and clients on either end all act like they are on the same local LAN!
FWIW: WRT320N located at my daughter's dorm configured as OpenVPN client bridge backto OpenVPN server located at home(WRT310N)...works 100%!
Under Administration/Commands Tab
Startup:
openvpn --mktun --dev tap0
brctl addif br0 tap0
ifconfig tap0 0.0.0.0 promisc up
Firewall:
...nothing required since configured as client...
Under Services/VPN/OpenVPN Daemon
OpenVPN Daemon: Enable
Start OpenVPN: Wan Up
CA Cert: ca.crt
Certificate Revoke List: *blank*
Public Client Cert: client1.crt
Private Client Key: client1.key
DH PEM: *blank*
OpenVPN Config:
management localhost 5001
verb 0
up-delay
client
dev tap0
proto udp
remote your.dyndns.ipaddress 1194
ns-cert-type server
cipher BF-CBC
comp-lzo
nobind
float
mute-replay-warnings
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
OpenVPN TLS Auth: *blank*
Notice configured as client using settings under 'OpenVPN Daemon' NOT 'OpenVPN Client' under Services/VPN GUI tab of DD-WRT!
WRT310N configured as OpenVPN server:
Under Administration/Commands Tab
Startup:
openvpn --mktun --dev tap0
brctl addif br0 tap0
ifconfig tap0 0.0.0.0 promisc up
Firewall:
iptables -I INPUT -p udp --dport 1194 -j ACCEPT
(currently my WRT310N's WAN is disabled with static 192.168.1.120 LAN IP & gateway set to 192.168.1.1 since it is behind WRT600N gateway router with port 1194 port forwarded to WRT310N so the firewall on WRT310N is actually blank!)
Under Services/VPN/OpenVPN Daemon
OpenVPN Daemon: Enable
Start OpenVPN: Wan Up
CA Cert: ca.crt
Certificate Revoke List: *blank*
Public Client Cert: server.crt
Private Client Key: server.key
DH PEM: dh1024.pem
OpenVPN Config:
server-bridge 192.168.1.1 255.255.255.0 192.168.1.225 192.168.1.234
management localhost 5001
verb 0
comp-lzo
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
push "persist-tun"
push "persist-key"
port 1194
cipher BF-CBC
dev tap0
proto udp
keepalive 10 60
max-clients 8
client-to-client
dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
OpenVPN TLS Auth: *blank*
You may have to adjust above highlighted in bold depending on your network!
BTW: SPI Firewall still enabled on both routers since this does not affect OpenVPN bridge and 'management localhost 5001' config line set in each router allows for populating the OpenVPN tab under Status for each router's DD-WRT GUI: http://www.dd-wrt.com/phpBB2/viewtopic. ... ht=#393084
Basically lifted from above link over at DD-WRT forums but this OpenVPN bridged (tap) connection between physically seperated DD-WRT capable routers continues to work very well and clients on either end all act like they are on the same local LAN!
FWIW: WRT320N located at my daughter's dorm configured as OpenVPN client bridge backto OpenVPN server located at home(WRT310N)...works 100%!
Under Administration/Commands Tab
Startup:
openvpn --mktun --dev tap0
brctl addif br0 tap0
ifconfig tap0 0.0.0.0 promisc up
Firewall:
...nothing required since configured as client...
Under Services/VPN/OpenVPN Daemon
OpenVPN Daemon: Enable
Start OpenVPN: Wan Up
CA Cert: ca.crt
Certificate Revoke List: *blank*
Public Client Cert: client1.crt
Private Client Key: client1.key
DH PEM: *blank*
OpenVPN Config:
management localhost 5001
verb 0
up-delay
client
dev tap0
proto udp
remote your.dyndns.ipaddress 1194
ns-cert-type server
cipher BF-CBC
comp-lzo
nobind
float
mute-replay-warnings
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
OpenVPN TLS Auth: *blank*
Notice configured as client using settings under 'OpenVPN Daemon' NOT 'OpenVPN Client' under Services/VPN GUI tab of DD-WRT!
WRT310N configured as OpenVPN server:
Under Administration/Commands Tab
Startup:
openvpn --mktun --dev tap0
brctl addif br0 tap0
ifconfig tap0 0.0.0.0 promisc up
Firewall:
iptables -I INPUT -p udp --dport 1194 -j ACCEPT
(currently my WRT310N's WAN is disabled with static 192.168.1.120 LAN IP & gateway set to 192.168.1.1 since it is behind WRT600N gateway router with port 1194 port forwarded to WRT310N so the firewall on WRT310N is actually blank!)
Under Services/VPN/OpenVPN Daemon
OpenVPN Daemon: Enable
Start OpenVPN: Wan Up
CA Cert: ca.crt
Certificate Revoke List: *blank*
Public Client Cert: server.crt
Private Client Key: server.key
DH PEM: dh1024.pem
OpenVPN Config:
server-bridge 192.168.1.1 255.255.255.0 192.168.1.225 192.168.1.234
management localhost 5001
verb 0
comp-lzo
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
push "persist-tun"
push "persist-key"
port 1194
cipher BF-CBC
dev tap0
proto udp
keepalive 10 60
max-clients 8
client-to-client
dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
OpenVPN TLS Auth: *blank*
You may have to adjust above highlighted in bold depending on your network!
BTW: SPI Firewall still enabled on both routers since this does not affect OpenVPN bridge and 'management localhost 5001' config line set in each router allows for populating the OpenVPN tab under Status for each router's DD-WRT GUI: http://www.dd-wrt.com/phpBB2/viewtopic. ... ht=#393084
Last edited by somms on Mon Feb 20, 2012 9:36 pm, edited 2 times in total.
- somms
- OpenVPN User
- Posts: 20
- Joined: Sun Aug 29, 2010 2:38 pm
- somms
- OpenVPN User
- Posts: 20
- Joined: Sun Aug 29, 2010 2:38 pm
Re: OpenVPN Site to Site Connection Using DD-WRT Capable Rou
http://www.dd-wrt.com/phpBB2/viewtopic. ... ht=#612668
Latest OpenVPN 2.2.0 included DD-WRT builds have blown the older build configs out of the water...OpenVPN support is simplified now thru DD-WRT's GUI...please see above link!
Latest OpenVPN 2.2.0 included DD-WRT builds have blown the older build configs out of the water...OpenVPN support is simplified now thru DD-WRT's GUI...please see above link!
-
- OpenVpn Newbie
- Posts: 2
- Joined: Sat Jun 18, 2011 10:30 pm
Re: OpenVPN Site to Site Connection Using DD-WRT Capable Rou
Hey there somms -- I am trying to do a similar thing but having trouble setting this up. Would you be interested in setting up my dd-wrt remotely, and I could pay you via paypal for your time? Please let me know -- and I will send you my email address.
-
- OpenVpn Newbie
- Posts: 1
- Joined: Mon May 23, 2011 8:02 pm
Re: OpenVPN Site to Site Connection Using DD-WRT Capable Rou
This is an old thread, but users still look to it to copy and paste their configs, so I thought I'd make one quick typo correction. Where somms has
iptables -I INPUT -p upd --dport 1194 -j ACCEPT
it of course should be
iptables -I INPUT -p udp --dport 1194 -j ACCEPT
(the upd should be changed to udp).
Amazingly, after gnashing teeth for over a week now, I've finally gotten two routers (Asus RT-N16s) to OpenVPN in bridged mode thanks to somms. His suggestion of using OpenVPN Daemon instead of the OpenVPN client is what solved things for me. Now, you can directly edit the .conf file via GUI. I've now got all hosts on two bridged networks pinging each other. Thanks somms.
Why haven't I seen this suggestion on the DDWRT OpenVPN site?
iptables -I INPUT -p upd --dport 1194 -j ACCEPT
it of course should be
iptables -I INPUT -p udp --dport 1194 -j ACCEPT
(the upd should be changed to udp).
Amazingly, after gnashing teeth for over a week now, I've finally gotten two routers (Asus RT-N16s) to OpenVPN in bridged mode thanks to somms. His suggestion of using OpenVPN Daemon instead of the OpenVPN client is what solved things for me. Now, you can directly edit the .conf file via GUI. I've now got all hosts on two bridged networks pinging each other. Thanks somms.
Why haven't I seen this suggestion on the DDWRT OpenVPN site?
-
- OpenVpn Newbie
- Posts: 2
- Joined: Thu Feb 02, 2012 11:58 am
Re: OpenVPN Site to Site Connection Using DD-WRT Capable Rou
Hi ! dd-wrt expert !
If I use a LinkSys wrt54gs V3 as an OpenVpn server,
is it possible to support 15 clients with the same
hardware and dd-wrt firmware ?
If I use a LinkSys wrt54gs V3 as an OpenVpn server,
is it possible to support 15 clients with the same
hardware and dd-wrt firmware ?
-
- OpenVpn Newbie
- Posts: 2
- Joined: Thu Feb 02, 2012 11:58 am
Re: OpenVPN Site to Site Connection Using DD-WRT Capable Rou
Is it possible to use wrt54gs V3 with dd-wrt
using OpenVpn as server
to support 15 router clients with same
hardware & firmware ?
using OpenVpn as server
to support 15 router clients with same
hardware & firmware ?
-
- OpenVpn Newbie
- Posts: 1
- Joined: Mon Jun 25, 2012 1:03 pm