Talk:OpenVPN - Site-to-Site Bridged VPN Between Two Routers

From DD-WRT Wiki

Jump to: navigation, search


[edit] Same subnets doesn't work

When I connect to a router that has same subnet 192.168.1.x as the router I can connected to locally, I cannot ping any remote machine, or the remote router. If I set the remote router to 192.168.2.x, then everything works fine. (I am talking about connecting from a client machine to a remote router, I haven't tried router to router because I couldn't get it going when I followed this guides steps). - Jeffman 22:49, 9 Jul 2007 (CEST)

[edit] Help!

We have put in all the information exactly how it shows in the instructions. one router is 192.168.1.X and the other is 192.168.11.X. Still cant ping any hosts on the remote side. Is there a way to check the status? Anything will help. Thanks

[edit] Solution

The two routers have to be in the same sub-domain for the bridging to work, make both of them in the 11.x subdomain or the 1.x subdomain. Then make sure that the DHCP servers on each end issue IP addresses that do not overlap with those on the other end. (Added by xnok)

[edit] Frame sizes?

I've used L2TPv3 on Cisco before and always ran into the same problem - it didn't support frame sizes around 1500. Since L3 packet + VPN overhead usually pushes it over the MTU threshold for the Internet, I need some way to fragment packets (errr...frames) either after or before it's bridged through the tunnel.

Does this method support that? If not, can it be tweaked further?

Solution: I got the same problem, but after I assign Server to and client to everything work fine for me. I could ping both PC behind both Routers.

[edit] OpenVPN is running at both ends, but I still can't connect

Make sure you have the "remote x.y.z" in your server config. If you have a dynamic IP, use a dynamic DNS service like to give your machines names. Finally, make sure on the DDNS setup page that both routers have successfully upated the DDNS database.

[edit] Any other tips to debug?

  • Enable SSH on the routers and login. cd to /tmp and look at the config files and dns resolution files.
  • If you still can't find the problem, try running openvpn directly with the config file on the router interactively (remove the "daemon" directive). You may also want to increase the verbosity level to 5 or 8. I find this easier than trying to use the syslog.
  • Try running openvpn with each one of the directives in the config file separately. This will catch any misspellings.
  • Make sure your DNS entries are upto date.
  • Make sure that port 1194 is open (or what ever port you picked)
  • Check the time (on the upper right corner) of the routers. Both routers have to be approximately at the same time. An easy way to synchronize the two routers is to use NTP (on Setup page). Be sure to use the same time zone and daylight savings time settings.
  • When all else fails, post to the dd-wrt forums!

[edit] Server hosts can't ping client hosts

The only issue I am currently having is that hosts on the client network can ping hosts on the server network, but not the other way around. A host on the server network can ping the router on the client side though. I have icmp filtering on both routers turned off. Any ideas?