VPN Tunnel between DD-wrt routers Connecting but not working

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking
Author Message
mikevkrell
DD-WRT Novice


Joined: 23 Jul 2012
Posts: 10

PostPosted: Mon Jul 23, 2012 20:44    Post subject: VPN Tunnel between DD-wrt routers Connecting but not working Reply with quote
So i followed these instructions here near perfectly and i am not able to ping anything on the other network.

http://www.dd-wrt.com/wiki/index.php/Point-to-Point_PPTP_Tunneling_with_two_DD-WRT

when i go to the STATUS-LAN page on the router that is acting as the PPTP server i can see my client connection from the Client Router. I would assume that means that the PPTP connection is working proerly, but the routing is not.

I set up the static routes, but no luck. Does this guide work for anyone else? I would think this is a pretty common thing to do, but from looking around there doesnt seem to be a definite solution.

Any help would be greatly appreciated.

Thanks
Sponsor
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 2004

PostPosted: Mon Jul 23, 2012 21:21    Post subject: Reply with quote
Does it minimally work from the PPTP client side? IOW, is it only a routing problem on the PPTP server side?

P.S. Unfortunately you can’t always trust the wiki's/guides. They're often old, have errors, or things just change underneath them making them obsolete. FWIW, I made a quick scan and it *appears* to be right. As you can imagine w/ these things, all you have to do is make the slightly error and things don’t work. And that makes it really hard to diagnose, esp. for someone else.

Also, realize, you *could* setup a VPN server and client on each router as an alternative. It ends up giving you the same results. And it avoids having to deal w/ the routing manually. That's really all this config is doing; saving you the trouble of duplicating VPN servers and clients. The config proposed in that wiki also means the VPN can only be established in one direction. That *may* be a disadvantage in some situations!
mikevkrell
DD-WRT Novice


Joined: 23 Jul 2012
Posts: 10

PostPosted: Mon Jul 23, 2012 21:38    Post subject: Reply with quote
I cant seem to get to anything from the client side. I haven't really tested from the server side to the client because i am not there.

When i look at the "Connected PPTP Clients" at the bottom of the LAN Page this is what is see.



pppo - [MySecretUsername] - 192.168.2.1 - [RemoteIP]

the 192.168.2.1 address is actually the local IP address of the client router. The Router IP is The WAN Address of the client router. is that right?
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 2004

PostPosted: Mon Jul 23, 2012 22:06    Post subject: Reply with quote
I've seen a lot of ppl having problems w/ dd-wrt’s PPTP implementation lately, and I'm not sure why. I helped a guy only a few days ago with similar problems. After examining my PPTP server (running on a tomato router) and his, I noticed some differences and gave him some iptables changes (for the PPTP server side) that seemed to work.

iptables -I INPUT -i ppp+ -j ACCEPT
iptables -I FORWARD -i ppp+ -j ACCEPT
iptables -I FORWARD -o ppp+ -j ACCEPT

I suggest you try it as well. Just open a terminal session and execute them. They won’t survive a reboot unless you add them to the startup scripts. It’s worth a try.
mikevkrell
DD-WRT Novice


Joined: 23 Jul 2012
Posts: 10

PostPosted: Tue Jul 24, 2012 18:48    Post subject: Reply with quote
i ran those commands in a terminal session and it made no difference sadly.
mikevkrell
DD-WRT Novice


Joined: 23 Jul 2012
Posts: 10

PostPosted: Tue Jul 24, 2012 19:28    Post subject: Reply with quote
am i better off doing this with OpenVPN?
kevinds
DD-WRT Novice


Joined: 02 Jan 2008
Posts: 43

PostPosted: Tue Jul 24, 2012 20:49    Post subject: Reply with quote
I personally like PPTP only for a single host connecting to network,

IPSEC or OpenVPN for subnet to subnet.
mikevkrell
DD-WRT Novice


Joined: 23 Jul 2012
Posts: 10

PostPosted: Tue Jul 24, 2012 21:03    Post subject: Reply with quote
well i am doing subnet to subnet aren't if i am connecting two routers?
kevinds
DD-WRT Novice


Joined: 02 Jan 2008
Posts: 43

PostPosted: Wed Jul 25, 2012 0:33    Post subject: Reply with quote
Correct

Easiest way to think of a subnet is a group of addresses.

You may want to give OpenVPN a try.
mikevkrell
DD-WRT Novice


Joined: 23 Jul 2012
Posts: 10

PostPosted: Fri Jul 27, 2012 2:14    Post subject: Reply with quote
I am looking at OpenVPN. One of the router's is a Asus RT-N12B which has -mini installed on it. Is there any way to get OpenVPN on that?
mikevkrell
DD-WRT Novice


Joined: 23 Jul 2012
Posts: 10

PostPosted: Fri Aug 10, 2012 2:26    Post subject: anyone? Reply with quote
anyone?
KSoze
DD-WRT Novice


Joined: 25 Sep 2011
Posts: 43

PostPosted: Fri Aug 10, 2012 7:53    Post subject: Reply with quote
kevinds wrote:
Correct

Easiest way to think of a subnet is a group of addresses.

You may want to give OpenVPN a try.


That is NOT correct. You can most certainly have two routers or 100 and one subnet.

Subnet is not necessarily a group of addresses all it does is determine the network and host portions of the addresses and where the IP header and footer start and stop.

It provides the structure for an IP packet.
mikevkrell
DD-WRT Novice


Joined: 23 Jul 2012
Posts: 10

PostPosted: Fri Aug 10, 2012 14:44    Post subject: Reply with quote
sorry to be a pain. but can someone tell me if there is a way to get OpenVPN on a Asus RT-N12B (-mini) ?

Thanks
ITandWebGuy
DD-WRT Novice


Joined: 16 Jul 2012
Posts: 3

PostPosted: Mon Aug 13, 2012 3:18    Post subject: pptp vpn routing only works with dhcp address Reply with quote
I too have followed the documentation for a pptp vpn and got it to work nearly perfectly with 1 exception, routing beteen the end points only occurs if the address has been assigned by the dhcp server. My set up is between a main office (vpn server) and a small sales office (vpn client). At the main office i have a file server set up with a static ip on the same subnet as the vpn server. At the sales office all clients receive ip addresses via the dhcp server. The machines at the sales office can get the files off the server, but from the file server, on the vpn server side, i cannot ping any of the machines at the sales office or see the printer which has a web server to monitor consumable usage. At the main office I also have a few clients whose IP address comes from the ddwrt server box and those clients can ping the machines at the sales office and see the printer consumables.. I believe this is a firewall isue but im not sure what needs to be put in the firewall to allow all nodes in the subnet, even those not from the dhcp server, to "see" the other side of the vpn. Any help is appreciated.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum