pfSense Gold Subscription

Author Topic: Site to Site with DD-WRT (SOLVED)  (Read 1084 times)

0 Members and 1 Guest are viewing this topic.

Offline killmasta93

  • Sr. Member
  • ****
  • Posts: 585
  • Karma: +13/-0
    • View Profile
Site to Site with DD-WRT (SOLVED)
« on: March 18, 2017, 07:09:03 pm »
Hi, I was wondering if someone has successfully accomplished site to site as pfSense is running the OpenVPN server and the client DDWRT (R7000 Kongac). I was looking around many guides as most of them show as DDWRT running the server, this is what i got so far see pictures

The idea is i need Site A (pfSense Server) to ping Site B (DDWRT client) because on site B i have NAS which needs to be able to ping one of the servers which is in Site A

Thank you
« Last Edit: March 25, 2017, 04:57:31 pm by killmasta93 »

Offline killmasta93

  • Sr. Member
  • ****
  • Posts: 585
  • Karma: +13/-0
    • View Profile
Re: Site to Site with DD-WRT
« Reply #1 on: March 20, 2017, 12:08:08 pm »
Allright so i changed things a bit just The part im getting confused is the ca cert, public client cert and the private client key.

So i created on pfSense a CA called DDWRT and that CA i would put inside of the CA cert of DDWRT?

then in I created on pfSense a certificate server called DDWRT server. Then i would export from that the cert and the key paste in the public cert and private key?

Offline killmasta93

  • Sr. Member
  • ****
  • Posts: 585
  • Karma: +13/-0
    • View Profile
Re: Site to Site with DD-WRT
« Reply #2 on: March 20, 2017, 03:53:41 pm »
UPDATE:
So I fixed finally  the issue with the cert and now shows connected on both sides only issue that i cannot ping each other ex: pfSense is 192.168.3.254 should be able to ping DDWRT 192.168.1.251 or if any clients on the LAN of pfSense should be able to ping also 192.168.1.251

and the cert i configured like this:

the CA on pfSense which was DDWRT was placed on CA

Then created a client cert on pfSense and used the key and CA to place on DDWRT the Public Client Cert and the Private Client Key, after that on pfSense i needed to create a user and give that user the client cert also disabled TLS key

Offline killmasta93

  • Sr. Member
  • ****
  • Posts: 585
  • Karma: +13/-0
    • View Profile
Re: Site to Site with DD-WRT
« Reply #3 on: March 20, 2017, 05:15:56 pm »
UPDATE 2:

So i feel like im almost there, as the issue of the ping was that  i needed to check the Redirect Gateway on pfSense OpenVPN now DDWRT can ping pfSense but pfSense cannot ping DDWRT


Offline killmasta93

  • Sr. Member
  • ****
  • Posts: 585
  • Karma: +13/-0
    • View Profile
Re: Site to Site with DD-WRT
« Reply #4 on: March 21, 2017, 08:51:25 pm »
I guess the real question is " does anyone know how can i route the OpenVPN server to also ping DDWRT" i tried using routing tables but have had no luck :(

Offline viragomann

  • Hero Member
  • *****
  • Posts: 2555
  • Karma: +269/-1
    • View Profile
Re: Site to Site with DD-WRT
« Reply #5 on: March 22, 2017, 03:19:10 am »
You've set up a remote access server on pfSense, not a site-to-site.
??

Offline killmasta93

  • Sr. Member
  • ****
  • Posts: 585
  • Karma: +13/-0
    • View Profile
Re: Site to Site with DD-WRT
« Reply #6 on: March 22, 2017, 08:42:04 am »
im pretty sure its a site to site as everything shows connected i just cant understand why pfSense cannot contact DDWRT if there both connected

Offline viragomann

  • Hero Member
  • *****
  • Posts: 2555
  • Karma: +269/-1
    • View Profile
Re: Site to Site with DD-WRT
« Reply #7 on: March 22, 2017, 10:16:00 am »
Yeah, your upper screenshot of pfSense VPN server shows a remote access server, the lower one shows a site-to-site.

Is the DDWRT the default gateway in its LAN?

Offline killmasta93

  • Sr. Member
  • ****
  • Posts: 585
  • Karma: +13/-0
    • View Profile
Re: Site to Site with DD-WRT
« Reply #8 on: March 22, 2017, 11:23:29 am »
Thanks for the reply, yeah the upper one was a messed up, the second one is correct, when you say is the DDWRT the default gateway do you mean create a rule
or the default gateway of which the it gets from the OpenVPN? which it gets a 192.168.90.6
or the the gateway of the DDWRT which is 192.168.1.251


Thank you

Offline viragomann

  • Hero Member
  • *****
  • Posts: 2555
  • Karma: +269/-1
    • View Profile
Re: Site to Site with DD-WRT
« Reply #9 on: March 22, 2017, 11:50:31 am »
I asked if the DDWRT is the default gateway in the network behind (192.168.1.0/24).

Offline killmasta93

  • Sr. Member
  • ****
  • Posts: 585
  • Karma: +13/-0
    • View Profile
Re: Site to Site with DD-WRT
« Reply #10 on: March 22, 2017, 12:18:57 pm »
yes the DDWRT is the default gateway for the network 192.168.1.0/24


Offline viragomann

  • Hero Member
  • *****
  • Posts: 2555
  • Karma: +269/-1
    • View Profile
Re: Site to Site with DD-WRT
« Reply #11 on: March 22, 2017, 01:04:06 pm »
It seems that pfSense doesn't find the correct route to the network behind DDWRT.

Are you running multiple VPN instances on pfSense, both server and client?

Please post the IPv4 routing table from pfSense.

Offline killmasta93

  • Sr. Member
  • ****
  • Posts: 585
  • Karma: +13/-0
    • View Profile
Re: Site to Site with DD-WRT
« Reply #12 on: March 22, 2017, 05:37:30 pm »
Thank you for the reply,
as I am also running other OpenVPN servers but there are only remote for clients

See picture for the routing

Thank you
« Last Edit: March 22, 2017, 05:40:49 pm by killmasta93 »

Offline viragomann

  • Hero Member
  • *****
  • Posts: 2555
  • Karma: +269/-1
    • View Profile
Re: Site to Site with DD-WRT
« Reply #13 on: March 22, 2017, 06:21:42 pm »
As mentioned, it doesn't matter which kind of OpenVPN instances, if you run multiple and you haven't assigned separate interfaces to them all are handled as an unique interface group.

So for correct routing you have to assign an interface to the site-to-site server. Interface > assign
At available network ports select the site-to-site server and click Add, open the new interface and enable it, also enter a proper description and save it.

Offline killmasta93

  • Sr. Member
  • ****
  • Posts: 585
  • Karma: +13/-0
    • View Profile
Re: Site to Site with DD-WRT
« Reply #14 on: March 22, 2017, 06:49:14 pm »
Thanks for the reply so something like this? Assuming on DDWRT when it shows connected to remote address it must be the gateway? Would i also delete the Rule on openVPN for

    IPv4 *    192.168.90.0/24    *    *    *    *    none     


Thank you see pictures