PPTP Tunneling

From DD-WRT Wiki

(Difference between revisions)
Jump to: navigation, search
Revision as of 23:27, 1 October 2006 (edit)
Coperton (Talk | contribs)
(For Both Routers)
← Previous diff
Revision as of 01:47, 2 October 2006 (edit) (undo)
Whiteboy (Talk | contribs)
(fixed formatting etc.)
Next diff →
Line 1: Line 1:
-==Point-to-Point Tunneling with two DD-WRT==+= Point-to-Point Tunneling with two DD-WRT =
- +
The configuration below was tested using two WRT54G (Hardware v2.2) and DD-WRT v23 SP1 std. The configuration below was tested using two WRT54G (Hardware v2.2) and DD-WRT v23 SP1 std.
- 
- 
{| border=1 cellspacing=0 cellpadding=5 {| border=1 cellspacing=0 cellpadding=5
-|'''Note: In firmware V23SP2 final not work this vpn tunel check bugtracker ID 0001811'''+|'''Note: In v23SP2 Final this configuration does not work. Please check bugtracker ID 0001811'''
|} |}
- +== Scenario ==
- +
-===Scenario===+
- +
*Network A in location "a" *Network A in location "a"
Line 46: Line 40:
=== For Both Routers === === For Both Routers ===
- 
# Goto "Administration" tab and "Management" sub-tab # Goto "Administration" tab and "Management" sub-tab
# Enable DNSmasq and Local DNS # Enable DNSmasq and Local DNS
Line 55: Line 48:
http://img237.imageshack.us/img237/9766/loopbackzs4.jpg http://img237.imageshack.us/img237/9766/loopbackzs4.jpg
- 
'''Note:''' Loopback must be disable because VPN doesn't always work when it is enabled. '''Note:''' Loopback must be disable because VPN doesn't always work when it is enabled.
- 
http://img366.imageshack.us/img366/1888/ipfiltersettingssq5.jpg http://img366.imageshack.us/img366/1888/ipfiltersettingssq5.jpg
Line 65: Line 56:
==== Router B > VPN > Router A ==== ==== Router B > VPN > Router A ====
- 
# Goto "Administration" tab and "Services" sub-tab # Goto "Administration" tab and "Services" sub-tab
# Enable PPTP Server # Enable PPTP Server
Line 74: Line 64:
==== Router A > VPN > Router B ==== ==== Router A > VPN > Router B ====
- 
# Goto "Administration" tab and "Services" sub-tab # Goto "Administration" tab and "Services" sub-tab
# Enable PPTP Client # Enable PPTP Client
Line 92: Line 81:
==== Router A > VPN > Router B ==== ==== Router A > VPN > Router B ====
- 
# Goto "Administration" tab and "Services" sub-tab # Goto "Administration" tab and "Services" sub-tab
# Enable PPTP Server # Enable PPTP Server
Line 101: Line 89:
==== Router B > VPN > Router A ==== ==== Router B > VPN > Router A ====
- 
# Goto "Administration" tab and "Services" sub-tab # Goto "Administration" tab and "Services" sub-tab
# Enable PPTP Client # Enable PPTP Client
Line 116: Line 103:
http://img73.imageshack.us/img73/4391/ruteadorb3nn.jpg http://img73.imageshack.us/img73/4391/ruteadorb3nn.jpg
-== Notes ==+===== Notes =====
- +
* The subnets should not intersect each other (i.e. The third octet of direction IP (192.168.thirdoctet.1) of the network A must be different of the network B. * The subnets should not intersect each other (i.e. The third octet of direction IP (192.168.thirdoctet.1) of the network A must be different of the network B.
* The range of Client IP(s) must be outside the range of DHCP clients. * The range of Client IP(s) must be outside the range of DHCP clients.
Line 125: Line 111:
== Monitoring == == Monitoring ==
- 
To monitoring and guarantee the connection you can setup Watchdog. The following instructions will setup watchdog to monitor the connection every five minutes (update: works better with 9999 seconds). To monitoring and guarantee the connection you can setup Watchdog. The following instructions will setup watchdog to monitor the connection every five minutes (update: works better with 9999 seconds).
Line 137: Line 122:
http://img201.imageshack.us/img201/9416/keepaliveye2.jpg http://img201.imageshack.us/img201/9416/keepaliveye2.jpg
-== Final words==+== Final Words==
*Some times the connection takes minutes in completing itself (more or less 30 minutes), some times is instantaneous. *Some times the connection takes minutes in completing itself (more or less 30 minutes), some times is instantaneous.
Line 175: Line 160:
Your vpn tunnel must be established and working!!! Your vpn tunnel must be established and working!!!
-== Another way to make VPN tunnel==+== Useful Links ==
- +
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=1767 http://www.dd-wrt.com/phpBB2/viewtopic.php?t=1767
- 
- 
-== Useful Links == 
- 
http://www.dd-wrt.com/dd-wrtv2/bugtracker/ http://www.dd-wrt.com/dd-wrtv2/bugtracker/
[[PPTP_Server_Configuration]] [[PPTP_Server_Configuration]]
- 
[[HOW_TO_configure_a_WINDOWS_BOX_to_make_a_VPN_Connection_to_linksys]] [[HOW_TO_configure_a_WINDOWS_BOX_to_make_a_VPN_Connection_to_linksys]]
-[[Category:advanced HOWTO]]+[[Category:Advanced HOWTO]]
[[Category:English documentation]] [[Category:English documentation]]

Revision as of 01:47, 2 October 2006

Contents

Point-to-Point Tunneling with two DD-WRT

The configuration below was tested using two WRT54G (Hardware v2.2) and DD-WRT v23 SP1 std.

Note: In v23SP2 Final this configuration does not work. Please check bugtracker ID 0001811

Scenario

  • Network A in location "a"
Router A address 192.168.1.1
DHCP range 192.168.1.100-150
Dyndns address "direccion_de_A.dyndns.org"


  • Network B in location "b"
Router B address 192.168.2.1
DHCP range 192.168.2.100-150
Dyndns address "direccion_de_B.dyndns.org"


The purpose of this setup is to connect to any IP Address on network A or B from network A or B.

Configuration

For Both Routers

  1. Goto "Administration" tab and "Management" sub-tab
  2. Enable DNSmasq and Local DNS
  3. Disable Loopback
  4. Set Maximum Ports:4096
  5. Set TCP Timeout: 3600
  6. Set UDP Timeout: 3600

http://img237.imageshack.us/img237/9766/loopbackzs4.jpg

Note: Loopback must be disable because VPN doesn't always work when it is enabled.

http://img366.imageshack.us/img366/1888/ipfiltersettingssq5.jpg

For Router A

Router B > VPN > Router A

  1. Goto "Administration" tab and "Services" sub-tab
  2. Enable PPTP Server
  3. Set "Server IP or DNS Name" to "192.168.1.1"
  4. Set "Client IP(s)" to "192.168.1.200-250"
  5. Set "CHAP-Secrets" to "usernameA * passwordA *"
  6. Apply Changes

Router A > VPN > Router B

  1. Goto "Administration" tab and "Services" sub-tab
  2. Enable PPTP Client
  3. Set "Server IP or DNS Name" to the location of Server B (direccion_de_B.dyndns.org)
  4. Set "Remote Subnet" to "192.168.2.0"
  5. Set "Remote Subnet Mask" to 255.255.255.0
  6. Set "MPPE Encryption" to "mppe required"
  7. Set "MTU" to 1450
  8. Set MRU to 1450
  9. Set Username to usernameB
  10. Set password to passwordB
  11. Apply Changes

http://img162.imageshack.us/img162/22/ruteadora6ir.jpg

For Router B

Router A > VPN > Router B

  1. Goto "Administration" tab and "Services" sub-tab
  2. Enable PPTP Server
  3. Set "Server IP or DNS Name" to "192.168.2.1"
  4. Set "Client IP(s)" to 192.168.2.200-250"
  5. Set "CHAP-Secrets" to "usernameB * passwordB *"
  6. Apply Changes

Router B > VPN > Router A

  1. Goto "Administration" tab and "Services" sub-tab
  2. Enable PPTP Client
  3. Set "Server IP or DNS Name" to the location of Server A (direccion_de_A.dyndns.org)
  4. Set "Remote Subnet" to "192.168.1.0"
  5. Set "Remote Subnet Mask" to 255.255.255.0
  6. Set "MPPE Encryption" to "mppe required"
  7. Set "MTU" to 1450
  8. Set MRU to 1450
  9. Set Username to usernameA
  10. Set password to passwordA
  11. Apply Changes

http://img73.imageshack.us/img73/4391/ruteadorb3nn.jpg

Notes
  • The subnets should not intersect each other (i.e. The third octet of direction IP (192.168.thirdoctet.1) of the network A must be different of the network B.
  • The range of Client IP(s) must be outside the range of DHCP clients.
  • In the example the IP range that occurred for clients vpn ("Client IP(s)") was 192.168.x.200-250 therefore 51 VPN clients allowed
  • This is a whammie if you miss it. Don't forget to enable "PPTP Passthrough" if you are using the SPI firewall as found on the SECURITY tab.

Monitoring

To monitoring and guarantee the connection you can setup Watchdog. The following instructions will setup watchdog to monitor the connection every five minutes (update: works better with 9999 seconds).

On both routers:

  1. Goto "Administration" tab and "Keep Alive" sub-tab.
  2. Enable Watchdog
  3. Set "Interval" to 300
  4. Set IP Addresses to "192.168.1.200 192.168.2.200"

http://img201.imageshack.us/img201/9416/keepaliveye2.jpg

Final Words

  • Some times the connection takes minutes in completing itself (more or less 30 minutes), some times is instantaneous.
  • You can check routing table in setup tab, advanced routing subtab, show routing table botton

if there are 6 lines like:

WAN_IP_ADRESS 255.255.255.255 0.0.0.0 WAN
192.168.Y.1 255.255.255.255 0.0.0.0 WAN
192.168.X.200 255.255.255.255 0.0.0.0 WAN
192.168.Y.0 255.255.255.0 0.0.0.0 WAN
192.168.X.0 255.255.255.0 0.0.0.0 LAN & WLAN
0.0.0.0 0.0.0.0 WAN_IP_ADRESS WAN

Your vpn tunnel must be established and working!!!

Useful Links

http://www.dd-wrt.com/phpBB2/viewtopic.php?t=1767 http://www.dd-wrt.com/dd-wrtv2/bugtracker/

PPTP_Server_Configuration HOW_TO_configure_a_WINDOWS_BOX_to_make_a_VPN_Connection_to_linksys