[tsk.kamath]

Hi,

I have been using DD-WRT ports for Linksys 160Nv3 for over last one year, We have a new requirements to create Site-to-Site VPN Tunnel.

I have flashed DD-WRT v24-sp2 (04/23/10) vpn-small build 14311 to 2 of my WRT160Nv3.

Router A: is configured as Server and Router B is Configured as Client and laptop as road warrior the network is as follows

PC(192.168.1.2 to 192.168.1.20) ---Router A (192.168.1.1) ---TP-Link ADSL(with 1194 port forwarded and 1194 port Trigger enabled-Static IP) ----Internet

Internet ----TP-Link ADSL(with 1194 port forwarded and 1194 port Trigger enabled-Dynanic IP with Dyndns)---Router B (192.168.2.1)---PC(192.168.2.2 to 192.168.2.20)

Internet--- UMTS--- laptop with Win7 (OpenVNP & TAP Win32 v9) 192.168.3.2 and also the firewall opened for port 1194 UDP and Firewall disabled on TAPv9

Server Configuration Files are as follows: (Router A)
Config Server
push "route 192.168.1.0 255.255.255.0
“server 192.168.66.0 255.255.255.0
dev tun0
proto udp
keepalive 10 120
dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
comp-lzo
# Only use crl-verify if you are using the revoke list - otherwise leave it commented out
# crl-verify /tmp/openvpn/ca.crl
# management parameter allows DD-WRT's OpenVPN Status web page to access the server's management port
# port must be 5001 for scripts embedded in firmware to work
management localhost 5001

Firewall
iptables -I INPUT 1 -p udp --dport 1194 -j ACCEPT
iptables -I FORWARD 1 --source 192.168.66.0/24 -j ACCEPT

The Certificates have been generated and copied pasted in the correct sections of GUI for OpenVPN Server in VNP tab of Services Tab

Client Configuration Files are as follows: (Router B)

This is GUI configuration and has been configured for Static IP of SITE A (server), TUN, etc. I have used client1.crt and client1.key

Firewall

iptables -I INPUT 1 -p udp --dport 1194 -j ACCEPT
iptables -I FORWARD 1 --source 192.168.66.0/24 -j ACCEPT

Laptop Configuration Files are as follows: (in the Client.ovpn)

client
;dev tap dev tun
;dev-node MyTap
;proto tcp
proto udp
; xxx.xxx.xxx.xxx is the static IP of Site A
remote xxx.xxx.xxx.xxx 1194
;remote my-server-2 1194
;remote-random
resolv-retry infinite
nobind
;user nobody
;group nobody
persist-key
persist-tun
;http-proxy-retry
# retry on connection failures
;http-proxy [proxy server] [proxy port #]
;mute-replay-warnings
ca ca.crt
cert client2.crt
key client2.key
;ns-cert-type server
;tls-auth ta.key 1
;cipher x
comp-lzo
verb 3
;mute 20
------ end of details ---

The router B Client connects to the Server Router A and also the laptop connect to the Router A, The openVPN Server Assign them TUN IP - 192.168.66.6 and 192.168.66.10 respectively.

All PC in the client LAN (192.168.2.2 to 192.168.2.20) are able to ping all or any of the PC behind the server (192.168.1.2 to 192.168.1.20)

The laptop is able to ping the all or any of the PC behind the server (192.168.1.2 to 192.168.1.20)

The Issues are

1. I cannot ping the the Client PC (192.168.2.2 to 192.168.2.20) or the Laptop (192.168.3.100) from the server Site A ( router A)

2. I cannot ping
a) from the server the openVPN IP nos 192.168.66.6 ot 192.168.66.10 and
b) from the Client Site(PC) or Road Warrior laptop the Server 192.168.66.1

this is not a critical requirements: because the server and client do linkup as and when router reboot and hence the link is always established. Hence i do not require to reach the VPN IP's. but would like to know if this is a concern

A) The Primary concern is para(1) above.. this installation is demo site for VoIP and Security Camera, hence all edge devices in both site A and B should be visible to both sides. Any Help is high appreciated

B) While we are it, the forum informs that the version available is
a) dd-wrt.v24-14929_NEWD-2_K2.6_openvpn_small
b) dd-wrt.v24-14929_NEWD-2_K2.6_openvpn
c) dd-wrt.v24-14929_NEWD-2_K2.6_mini_wrt160nv3

do you recommend that i change from DD-WRT v24-sp2 (04/23/10) vpn-small build 14311, if yes which of the above do you recommend.

C) A update on the forum for the firewall in the server, will this help...? And should I use this in the Server Router and also the Client Router

iptables -I INPUT 1 -p udp --dport 1194 -j ACCEPT
iptables -N VPN
iptables -F VPN
iptables -I INPUT -i tun0 -j VPN
iptables -I FORWARD -i tun0 -j VPN
iptables -A VPN -i tun0 -o br0 -j ACCEPT
iptables -I POSTROUTING -t nat -o tun0 -j RETURN

Ok, I am quite a newbie to Linux and hence have limited knowledge on these iptables etc.. pls do help to resolve this issue because not knowing IPTABLES use will make the whole installation very very susceptible to attacks and misuses on the internet

Thanks in advance for any help and suggestion..

Regards
Srikanth Kamath
http://tskamath.blogspot.com/

Btw: the Wiki requires a complete overhaul.. Pls inform if you would like any help on that..I would be glad to help out

[tsk.kamath]

Hi,

I guess the forum Guru are busy celebrating Ester or making money..

I have solved the issue and have fully understood the way the system works. Like all other post from 2006, I confirm this forum require a full rewrite because the information is scattered all around and require Artificially Intelligence to comprehend the possibilities and workaround.

ISSUE 1