[Mostly Working] OpenVPN Vyatta to DD-WRT

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking
Author Message
kevinds
DD-WRT Novice


Joined: 02 Jan 2008
Posts: 43

PostPosted: Fri Jul 20, 2012 4:06    Post subject: [Mostly Working] OpenVPN Vyatta to DD-WRT Reply with quote
I am trying to connect my uncle's house to mine, some of his computers connect to mine for some things, file sharing, AV updates, and the like.

The computers that need it, have been connecting themselves with a service script using PPTP to my network.

I want to change this so their router (WRT400n) running DD-WRT does a site-to-site, non-NAT'd VPN.


I used most of the Client2 configuration from here,
http://www.dd-wrt.com/wiki/index.php/OpenVPN_-_Site-to-Site_routed_VPN_between_two_routers

And the Vyatta configuration from here,
http://www.vyatta.com/downloads/documentation/VC6.4/Vyatta-VPN_R6.4_v01.pdf



Vyatta:
Code:

vyatta@vyatta# show interfaces openvpn vtun1
 local-address 172.16.1.1 {
 }
 local-port 2000
 mode site-to-site
 remote-address 172.16.1.2
 remote-host uncle.mooo.com
 remote-port 2000
 shared-secret-key-file /config/auth/uncle



DD-WRT Startup:
Code:

# Move to writable directory and create scripts
cd /tmp
ln -s /usr/sbin/openvpn /tmp/myvpn

# Config for Site-to-Site SiteA-SiteB
echo "
remote here.mooo.com 2000
proto udp         
port 2000
dev tun0
secret /tmp/static.key
verb 3
keepalive 15 60
daemon
" > SiteA-SiteB.conf

# Config for Static Key
echo "
-----BEGIN OpenVPN Static key V1-----
aeb68165149e096d8f04252dd22fe67d
dd15d8c87e8a577c5c14ebd1ef0bf0b6
0e1d652f91fe66ed3774505e641936dd
458a6db60fb36b969d8bcd37803cf1d3
6d49383ec2daa1d2ae70e3ca49b950a4
bba985940e5e4a15fac702cbcf47f9d0
39f7939980bbb63d2964bb6216471162
0a519fe25d1e0d48044a1ad85dc94758
af6f7b7c52ccaaefa3d013fcbf621366
5ea18d9dc36c3b2a9ac277a9903998fe
45e10b0f79fd443727c3f30278981b3d
0fa525ad843645b4acc28969450bd601
4ce774aba0e830149489dc1592741580
fbd3cd24cc7baa68e06b3e3aedae2565
a36b8a3f687ddbb78411740d755249cf
45c0617c215b66eabc72f60f47b32c64
-----END OpenVPN Static key V1-----
" > static.key

# Create interfaces
/tmp/myvpn --mktun --dev tun0
ifconfig tun0 172.16.1.2 netmask 255.255.255.0 promisc up

# Create routes
route add -net 192.168.5.0 netmask 255.255.255.0 gw 172.16.1.1

# Initiate the tunnel
sleep 5
/tmp/myvpn --config SiteA-SiteB.conf


DD-WRT Firewall:
Code:

# Open firewall holes
iptables -I INPUT 2 -p udp --dport 2000 -j ACCEPT
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT



SysLOG Output:

Code:

07-19-2012   21:19:41   User.Info   24.1.1.164   Jul 19 21:19:40 syslog: vpn modules : ip_nat_pptp successfully loaded
07-19-2012   21:19:41   User.Info   24.1.1.164   Jul 19 21:19:40 syslog: vpn modules : ip_conntrack_pptp successfully loaded
07-19-2012   21:19:41   User.Info   24.1.1.164   Jul 19 21:19:40 syslog: vpn modules : ip_nat_proto_gre successfully loaded
07-19-2012   21:19:41   User.Info   24.1.1.164   Jul 19 21:19:40 syslog: vpn modules : ip_conntrack_proto_gre successfully loaded
07-19-2012   21:19:41   User.Info   24.1.1.164   Jul 19 21:19:40 syslog: vpn modules : vpn modules successfully unloaded
07-19-2012   21:19:40   User.Info   24.1.1.164   Jul 19 21:19:39 syslog: vpn modules : ip_nat_pptp successfully loaded
07-19-2012   21:19:40   User.Info   24.1.1.164   Jul 19 21:19:39 syslog: vpn modules : ip_conntrack_pptp successfully loaded
07-19-2012   21:19:40   User.Info   24.1.1.164   Jul 19 21:19:39 syslog: vpn modules : ip_nat_proto_gre successfully loaded
07-19-2012   21:19:40   User.Info   24.1.1.164   Jul 19 21:19:39 syslog: vpn modules : ip_conntrack_proto_gre successfully loaded
07-19-2012   21:19:40   User.Info   24.1.1.164   Jul 19 21:19:39 syslog: klogd : klog daemon successfully started
07-19-2012   21:19:40   User.Notice   24.1.1.164   Jul 19 21:19:39 kernel: klogd started: BusyBox v1.13.4 (2010-08-07 05:22:59 CEST)
07-19-2012   21:19:40   System0.Info   24.1.1.164   Jul 19 21:19:39 dropbear[31451]: Running in background
07-19-2012   21:19:40   User.Info   24.1.1.164   Jul 19 21:19:39 syslog: dropbear : ssh daemon successfully started
07-19-2012   21:19:40   User.Info   24.1.1.164   Jul 19 21:19:39 syslog: dropbear : ssh daemon hanging, send SIGKILL
07-19-2012   21:19:40   User.Notice   24.1.1.164   Jul 19 21:19:39 kernel: klogd: exiting
07-19-2012   21:19:40   User.Info   24.1.1.164   Jul 19 21:19:39 syslog: klogd : kernel log daemon successfully stopped
07-19-2012   21:19:39   User.Info   24.1.1.164   Jul 19 21:19:38 syslog: dropbear : ssh daemon successfully stopped
07-19-2012   21:19:39   User.Info   24.1.1.164   Jul 19 21:19:38 syslog: dropbear : ssh daemon hanging, send SIGKILL
07-19-2012   21:19:39   User.Info   24.1.1.164   Jul 19 21:19:38 syslog: dnsmasq : dnsmasq daemon successfully started
07-19-2012   21:19:39   User.Info   24.1.1.164   Jul 19 21:19:38 syslog: dnsmasq : dnsmasq daemon hanging, send SIGKILL
07-19-2012   21:19:39   User.Info   24.1.1.164   Jul 19 21:19:38 syslog: vpn modules : ip_nat_pptp successfully loaded
07-19-2012   21:19:39   User.Info   24.1.1.164   Jul 19 21:19:38 syslog: vpn modules : ip_conntrack_pptp successfully loaded
07-19-2012   21:19:39   User.Info   24.1.1.164   Jul 19 21:19:38 syslog: vpn modules : ip_nat_proto_gre successfully loaded
07-19-2012   21:19:39   User.Info   24.1.1.164   Jul 19 21:19:38 syslog: vpn modules : ip_conntrack_proto_gre successfully loaded
07-19-2012   21:19:39   User.Info   24.1.1.164   Jul 19 21:19:38 syslog: vpn modules : vpn modules successfully unloaded
07-19-2012   21:19:39   System0.Info   24.1.1.164   Jul 19 21:19:38 dropbear[940]: premature exit: Terminated by signal
07-19-2012   21:19:39   System0.Info   24.1.1.164   Jul 19 21:19:38 dropbear[2353]: exit after auth (root): Terminated by signal
07-19-2012   21:19:39   User.Info   24.1.1.164   Jul 19 21:19:38 syslog: dropbear : ssh daemon successfully stopped
07-19-2012   21:19:39   User.Info   24.1.1.164   Jul 19 21:19:38 syslog: dnsmasq : dnsmasq daemon successfully stopped
07-19-2012   21:19:39   User.Info   24.1.1.164   Jul 19 21:19:38 syslog: ttraff : traffic counter daemon successfully started
07-19-2012   21:19:39   User.Debug   24.1.1.164   Jul 19 21:19:38 syslog: ttraff: data collection started
07-19-2012   21:19:39   User.Info   24.1.1.164   Jul 19 21:19:38 syslog: ttraff : traffic counter daemon hanging, send SIGKILL
07-19-2012   21:19:39   User.Info   24.1.1.164   Jul 19 21:19:38 syslog: vpn modules : ip_nat_pptp successfully loaded
07-19-2012   21:19:39   User.Info   24.1.1.164   Jul 19 21:19:38 syslog: vpn modules : ip_conntrack_pptp successfully loaded
07-19-2012   21:19:39   User.Info   24.1.1.164   Jul 19 21:19:38 syslog: vpn modules : ip_nat_proto_gre successfully loaded
07-19-2012   21:19:39   User.Info   24.1.1.164   Jul 19 21:19:38 syslog: vpn modules : ip_conntrack_proto_gre successfully loaded
07-19-2012   21:19:39   User.Info   24.1.1.164   Jul 19 21:19:38 syslog: vpn modules : vpn modules successfully unloaded
07-19-2012   21:19:38   User.Warning   24.1.1.164   Jul 19 21:19:37 kernel: [42949380.280000] ath_mimo_hal: module license 'Proprietary' taints kernel.
07-19-2012   21:19:38   User.Warning   24.1.1.164   Jul 19 21:19:37 kernel: [42949380.150000] Writing 6
07-19-2012   21:19:38   User.Warning   24.1.1.164   Jul 19 21:19:37 kernel: [42949380.150000] AG7100: WAN Rx Hang Detected 1 times!



I can not figure out why this is not working, can ping the local tunnel IP from both sides, but not the remote.
Can not access any services on the other router's LAN IP, from either side, nor any devices connected to either side.

The logs do not indicate to me why this is failing, nor what I am doing wrong.

If there is a way to get more detailed log output, I would love to know how.

Thank you very much for any time given to this.


Last edited by kevinds on Mon Jul 30, 2012 2:16; edited 2 times in total
Sponsor
kevinds
DD-WRT Novice


Joined: 02 Jan 2008
Posts: 43

PostPosted: Fri Jul 20, 2012 7:36    Post subject: Reply with quote
I finally got VPN data from SysLOG,

Code:

07-19-2012   23:49:42   Daemon.Notice   24.1.1.164   Jul 19 23:49:41 openvpn[1413]: UDPv4 link remote: 184.1.1.90:2000
07-19-2012   23:49:42   Daemon.Notice   24.1.1.164   Jul 19 23:49:41 openvpn[1413]: UDPv4 link local (bound): [undef]:2000
07-19-2012   23:49:42   Daemon.Notice   24.1.1.164   Jul 19 23:49:41 openvpn[1413]: Socket Buffers: R=[114688->131072] S=[114688->131072]
07-19-2012   23:49:42   Daemon.Notice   24.1.1.164   Jul 19 23:49:41 openvpn[1413]: Data Channel MTU parms [ L:1545 D:1450 EF:45 EB:135 ET:0 EL:0 AF:3/1 ]
07-19-2012   23:49:42   Daemon.Notice   24.1.1.164   Jul 19 23:49:41 openvpn[1413]: TUN/TAP TX queue length set to 100
07-19-2012   23:49:42   Daemon.Notice   24.1.1.164   Jul 19 23:49:41 openvpn[1413]: TUN/TAP device tun0 opened
07-19-2012   23:49:42   Daemon.Notice   24.1.1.164   Jul 19 23:49:41 openvpn[1413]: LZO compression initialized
07-19-2012   23:49:42   Daemon.Notice   24.1.1.164   Jul 19 23:49:41 openvpn[1413]: Static Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
07-19-2012   23:49:42   Daemon.Notice   24.1.1.164   Jul 19 23:49:41 openvpn[1413]: Static Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
07-19-2012   23:49:42   Daemon.Notice   24.1.1.164   Jul 19 23:49:41 openvpn[1413]: Static Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
07-19-2012   23:49:42   Daemon.Notice   24.1.1.164   Jul 19 23:49:41 openvpn[1413]: Static Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
07-19-2012   23:49:42   Daemon.Warning   24.1.1.164   Jul 19 23:49:41 openvpn[1413]: WARNING: file '/tmp/static.key' is group or others accessible
07-19-2012   23:49:40   Daemon.Notice   24.1.1.164   Jul 19 23:49:39 openvpn[1413]: Restart pause, 2 second(s)
07-19-2012   23:49:40   Daemon.Notice   24.1.1.164   Jul 19 23:49:39 openvpn[1413]: SIGUSR1[soft,ping-restart] received, process restarting
07-19-2012   23:49:40   Daemon.Notice   24.1.1.164   Jul 19 23:49:39 openvpn[1413]: Closing TUN/TAP interface
07-19-2012   23:49:40   Daemon.Notice   24.1.1.164   Jul 19 23:49:39 openvpn[1413]: TCP/UDP: Closing socket
07-19-2012   23:49:40   Daemon.Notice   24.1.1.164   Jul 19 23:49:39 openvpn[1413]: Inactivity timeout (--ping-restart), restarting
07-19-2012   23:48:40   Daemon.Notice   24.1.1.164   Jul 19 23:48:39 openvpn[1413]: UDPv4 link remote: 184.1.1.90:2000
07-19-2012   23:48:40   Daemon.Notice   24.1.1.164   Jul 19 23:48:39 openvpn[1413]: UDPv4 link local (bound): [undef]:2000
07-19-2012   23:48:40   Daemon.Notice   24.1.1.164   Jul 19 23:48:39 openvpn[1413]: Socket Buffers: R=[114688->131072] S=[114688->131072]
07-19-2012   23:48:40   Daemon.Notice   24.1.1.164   Jul 19 23:48:39 openvpn[1413]: Data Channel MTU parms [ L:1545 D:1450 EF:45 EB:135 ET:0 EL:0 AF:3/1 ]
07-19-2012   23:48:40   Daemon.Notice   24.1.1.164   Jul 19 23:48:39 openvpn[1413]: TUN/TAP TX queue length set to 100
07-19-2012   23:48:40   Daemon.Notice   24.1.1.164   Jul 19 23:48:39 openvpn[1413]: TUN/TAP device tun0 opened
07-19-2012   23:48:40   Daemon.Notice   24.1.1.164   Jul 19 23:48:39 openvpn[1413]: LZO compression initialized
07-19-2012   23:48:40   Daemon.Notice   24.1.1.164   Jul 19 23:48:39 openvpn[1413]: Static Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
07-19-2012   23:48:40   Daemon.Notice   24.1.1.164   Jul 19 23:48:39 openvpn[1413]: Static Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
07-19-2012   23:48:40   Daemon.Notice   24.1.1.164   Jul 19 23:48:39 openvpn[1413]: Static Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
07-19-2012   23:48:40   Daemon.Notice   24.1.1.164   Jul 19 23:48:39 openvpn[1413]: Static Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
07-19-2012   23:48:40   Daemon.Warning   24.1.1.164   Jul 19 23:48:39 openvpn[1413]: WARNING: file '/tmp/static.key' is group or others accessible
07-19-2012   23:48:38   Daemon.Notice   24.1.1.164   Jul 19 23:48:37 openvpn[1413]: Restart pause, 2 second(s)
07-19-2012   23:48:38   Daemon.Notice   24.1.1.164   Jul 19 23:48:37 openvpn[1413]: SIGUSR1[soft,ping-restart] received, process restarting
07-19-2012   23:48:38   Daemon.Notice   24.1.1.164   Jul 19 23:48:37 openvpn[1413]: Closing TUN/TAP interface
07-19-2012   23:48:38   Daemon.Notice   24.1.1.164   Jul 19 23:48:37 openvpn[1413]: TCP/UDP: Closing socket
07-19-2012   23:48:38   Daemon.Notice   24.1.1.164   Jul 19 23:48:37 openvpn[1413]: Inactivity timeout (--ping-restart), restarting
07-19-2012   23:47:38   Daemon.Notice   24.1.1.164   Jul 19 23:47:37 openvpn[1413]: UDPv4 link local (bound): [undef]:2000
07-19-2012   23:47:38   Daemon.Notice   24.1.1.164   Jul 19 23:47:37 openvpn[1413]: UDPv4 link remote: 184.1.1.90:2000
07-19-2012   23:47:38   Daemon.Notice   24.1.1.164   Jul 19 23:47:37 openvpn[1413]: Socket Buffers: R=[114688->131072] S=[114688->131072]
07-19-2012   23:47:38   Daemon.Notice   24.1.1.164   Jul 19 23:47:37 openvpn[1413]: Data Channel MTU parms [ L:1545 D:1450 EF:45 EB:135 ET:0 EL:0 AF:3/1 ]
07-19-2012   23:47:38   Daemon.Notice   24.1.1.164   Jul 19 23:47:37 openvpn[1413]: TUN/TAP TX queue length set to 100
07-19-2012   23:47:38   Daemon.Notice   24.1.1.164   Jul 19 23:47:37 openvpn[1413]: TUN/TAP device tun0 opened



The only thing I am seeing that is semi-relivant is
Inactivity timeout (--ping-restart), restarting


Not sure if it matters, here.mooo.com is a static IP address with a DNS name, uncle.mooo.com is a dynamic IP, that I have seen change up to 4 times a day, but hasn't in the last day.
Sash
DD-WRT Guru


Joined: 20 Sep 2006
Posts: 17348
Location: Hesse/Germany

PostPosted: Fri Jul 20, 2012 12:38    Post subject: Reply with quote
show the vyatta openvpn config file content. thats what u need. everything else is crystall ball guessing
_________________
Forum Guidelines...How to get help
&
Forum Rules
&
RTFM/STFW
&
Throw some buzzwords into the WIKI search Exclamation
_________________
I'm NOT rude, just offer pure facts!
_________________
Atheros (TP-Link & Clones, etc ) debrick service in EU
_________________
Guide on HowTo be Safe, Secure and Protect Your Online Anonymity!
_________________
Andreas Baumert: "Kundige Menschen befragen Fachleute, ohne ihnen auf die Nerven zu gehen. Sie stellen keine Fragen, die sie mit etwas Fleiß und Lektüre selber beantworten können. Sie wissen, auf welche Quellen es ankommt,und wie man sich Zugang zu ihnen verschafft."
kevinds
DD-WRT Novice


Joined: 02 Jan 2008
Posts: 43

PostPosted: Sat Jul 21, 2012 3:58    Post subject: Reply with quote
07-19-2012 23:49:42 Daemon.Notice 24.1.1.164 Jul 19 23:49:41 openvpn[1413]: LZO compression initialized


This was the key,

LZO compression in DD-WRT, when it wasn't supposed to, deleted the config posted above, and re-submitted it.

It is kind of working being that it is up, but depending what I do, it simply quits,

192.168.200.1 is dd-wrt in the remote location,

I can ping it, and a computer on the other side, but if I try and browse to 192.168.200.1 in a browser, the VPN dies, pings fail to both the router and computer.

Could the compression cause this?


Edit: After leaving and coming back 10 minutes, the Info page did eventually load, but took more than 3 minutes, clicking Adminstration took 2 minutes to load and again, pings failed during.
Sash
DD-WRT Guru


Joined: 20 Sep 2006
Posts: 17348
Location: Hesse/Germany

PostPosted: Sat Jul 21, 2012 11:43    Post subject: Reply with quote
upgrade 1st


and gimme a working ddwrt setup 4 vyatta to add to the wiki

_________________
Forum Guidelines...How to get help
&
Forum Rules
&
RTFM/STFW
&
Throw some buzzwords into the WIKI search Exclamation
_________________
I'm NOT rude, just offer pure facts!
_________________
Atheros (TP-Link & Clones, etc ) debrick service in EU
_________________
Guide on HowTo be Safe, Secure and Protect Your Online Anonymity!
_________________
Andreas Baumert: "Kundige Menschen befragen Fachleute, ohne ihnen auf die Nerven zu gehen. Sie stellen keine Fragen, die sie mit etwas Fleiß und Lektüre selber beantworten können. Sie wissen, auf welche Quellen es ankommt,und wie man sich Zugang zu ihnen verschafft."
kevinds
DD-WRT Novice


Joined: 02 Jan 2008
Posts: 43

PostPosted: Sat Jul 21, 2012 11:47    Post subject: Reply with quote
Upgrade? as in fix? Or software upgrade?

DD-WRT is 14896 Vyatta is 6.4

Actually, there are only a couple lines missing from vyatta - generating the key and the static route
kevinds
DD-WRT Novice


Joined: 02 Jan 2008
Posts: 43

PostPosted: Sat Jul 21, 2012 17:15    Post subject: Reply with quote
I turned the compression on,

Helped load the dd-wrt pages in about half the time, but still painfully slow and pings drop while IE and FireFox try and get data from the router.

Pinging the far end's tunnel IP, the internal router IP, an internal host's IP, and the WAN IP.

WAN IP never drops, but the others stop.

Going to try some more testing later on.


-I hope that someone in the future who finds this will get some good infomation Smile

I need an opinion though, when Sash asked for a working DDWRT and Vyatta config, should I post my partially working one here, or just when it is working 100%?
Sash
DD-WRT Guru


Joined: 20 Sep 2006
Posts: 17348
Location: Hesse/Germany

PostPosted: Sun Jul 22, 2012 12:34    Post subject: Reply with quote
read:
_________________
Forum Guidelines...How to get help
&
Forum Rules
&
RTFM/STFW
&
Throw some buzzwords into the WIKI search Exclamation
_________________
I'm NOT rude, just offer pure facts!
_________________
Atheros (TP-Link & Clones, etc ) debrick service in EU
_________________
Guide on HowTo be Safe, Secure and Protect Your Online Anonymity!
_________________
Andreas Baumert: "Kundige Menschen befragen Fachleute, ohne ihnen auf die Nerven zu gehen. Sie stellen keine Fragen, die sie mit etwas Fleiß und Lektüre selber beantworten können. Sie wissen, auf welche Quellen es ankommt,und wie man sich Zugang zu ihnen verschafft."
kevinds
DD-WRT Novice


Joined: 02 Jan 2008
Posts: 43

PostPosted: Sun Jul 22, 2012 18:46    Post subject: Reply with quote
@Sash I am sure you post Read: many times a day Smile

No amount of reading seems to be helping me get any closer to a solution in this case though.

I am still stuck on Upgrade 1st...

Router Database has 14896 as the latest. The Wiki Page has 14289.

Searching the general internet for firmware for the WRT400n, I found this thread. Mentions a number of builds that brick this model. Bricking a remote router will not be good.

Near the end it mentions two things of value to me, 18024 works, and that my VPN problems might not be my configuration.
Quote:
the openVPN implementation is a bit shoddy for the latest firmware in the router database


Searching for 18024 in Google brings one download link, and gives infomation on several bugs. I am going to hope there are newer builds that correct them, but I am unable to find any infomation on which builds will work.

Other Downloads "The router database is the preferred source for firmwares and related files."

Because I can not find this infomation I will directly ask, What are the un-prefered ways to find builds?
kevinds
DD-WRT Novice


Joined: 02 Jan 2008
Posts: 43

PostPosted: Sun Jul 29, 2012 18:51    Post subject: Reply with quote
@Sash here is the working configuration


Setup:
here.vpn.com Vyatta Router Internal IP 192.168.0.0/24 Tunnel IP 172.16.2.1
there.vpn.com DD-WRT Router Internal IP 192.168.100.0/24 Tunnel IP 172.16.2.2


Vyatta 6.4:
Code:

generate openvpn key /config/auth/there.vpn.com

configure

set interfaces openvpn vtun2
set interfaces openvpn vtun2 local-address 172.16.2.1
set interfaces openvpn vtun2 local-port 2000
set interfaces openvpn vtun2 mode site-to-site
set interfaces openvpn vtun2 openvpn-option --comp-lzo
set interfaces openvpn vtun2 remote-address 172.16.2.2
set interfaces openvpn vtun2 remote-host there.vpn.com
set interfaces openvpn vtun2 remote-port 2000
set interfaces openvpn vtun2 shared-secret-key-file there.vpn.com

set protocols static interface-route 192.168.100.0/24 next-hop-interface vtun2

commit
save



I had to login as root to read the /config/auth/there.vpn.com file for the key generated for the DD-WRT side.



DD-WRT WRT400n 14896:

Startup:
Code:

# Move to writable directory and create scripts
cd /tmp
ln -s /usr/sbin/openvpn /tmp/myvpn

# Config for Site-to-Site SiteA-SiteB
echo "
remote here.vpn.com 2000
proto udp         
port 2000
dev tun0
comp-lzo
secret /tmp/static.key
verb 3
keepalive 15 60
daemon
" > SiteA-SiteB.conf

# Config for Static Key
echo "
-----BEGIN OpenVPN Static key V1-----
bd44c91d6d08a3f8cce11c1f43fab4c9
20c6e0750404645f2c7470ab0a80b586
c9141b183f7020fa40c8a33f4f9de4f3
530674515f8b0929d3306c1a6bde37f7
c0c804b04943de2278025ac55da53941
2e2a15963f8618cb40ef8f50017ed19d
5887917a4b885cc40a506d8d2d8a610f
f263efa6f9701495e3ad65c158d69748
2ed536944f73e38fcf68e9163e70ff23
1d23c601bac13af9642fb449e3d41e41
4059aaf8b5f43c4f222d1b3e0276677f
5f757483b52c87fd6caa175d290477b3
c14b5d09e1605d432d21ec5a64de78fa
d35cf4161bd513a06bf6b06bf64bb08f
6e195faa06be8029d13c9dab6ce6e271
a17bd0f1a7800ddea6546926e2bcb411
-----END OpenVPN Static key V1-----
" > static.key

# Create interfaces
/tmp/myvpn --mktun --dev tun0
ifconfig tun0 172.16.2.2 netmask 255.255.255.0 promisc up

# Create routes
route add -net 192.168.0.0 netmask 255.255.255.0 gw 172.16.2.1

# Initiate the tunnel
sleep 5
/tmp/myvpn --config SiteA-SiteB.conf



Firewall:
Code:

# Open firewall holes
iptables -I INPUT 2 -p udp --dport 2000 -j ACCEPT
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT




This works with one bug with OpenVPN for this build. Accessing the DD-WRT router using it's internal addresses 192.168.100.1 or 172.16.2.2 in this case, the VPN all but dies. Examples accessing the DD-WRT's status page, logging into DD-WRT with SSH.

Using the WAN IP to do the same has no issues.


Last edited by kevinds on Mon Jul 30, 2012 23:28; edited 2 times in total
Sash
DD-WRT Guru


Joined: 20 Sep 2006
Posts: 17348
Location: Hesse/Germany

PostPosted: Sun Jul 29, 2012 20:27    Post subject: Reply with quote
havent read my signature... Wink
_________________
Forum Guidelines...How to get help
&
Forum Rules
&
RTFM/STFW
&
Throw some buzzwords into the WIKI search Exclamation
_________________
I'm NOT rude, just offer pure facts!
_________________
Atheros (TP-Link & Clones, etc ) debrick service in EU
_________________
Guide on HowTo be Safe, Secure and Protect Your Online Anonymity!
_________________
Andreas Baumert: "Kundige Menschen befragen Fachleute, ohne ihnen auf die Nerven zu gehen. Sie stellen keine Fragen, die sie mit etwas Fleiß und Lektüre selber beantworten können. Sie wissen, auf welche Quellen es ankommt,und wie man sich Zugang zu ihnen verschafft."
kevinds
DD-WRT Novice


Joined: 02 Jan 2008
Posts: 43

PostPosted: Mon Jul 30, 2012 2:14    Post subject: Reply with quote
I'm not sure which article in your signature is related, but...

Quote:

and gimme a working ddwrt setup 4 vyatta to add to the wiki


As requested, a working dd-wrt setup for vyatta.

Right now Google Search of

openvpn dd-wrt vyatta

This thead is the first hit, so it should help some others now.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum