1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Help configuring SgtPepperKSU's VPN build

Discussion in 'Tomato Firmware' started by fryfrog, Jun 29, 2009.

  1. fryfrog

    fryfrog Network Guru Member

    Dear SgtPepperKSU,

    Your VPN build is totally awesome.

    So I'd like to build a small vpn network between a few networks. I'd like to connect 3 linksys routers on 3 different networks together as one. I'd like to be able to connect and ping around them all from anywhere to anywhere.

    Right now, I've got two of them setup and the client is able to ping the server's lan, but the server (and its lan) cannot ping the clients. Let me detail my setup, which I did initially setup ages ago with VPN in mind.

    Server: 10.0.1.0/255.255.255.0
    Client1: 10.0.2.0/255.255.255.0
    Future Client2: 10.0.3.0/255.255.0

    Server's Config:
    TUN / UDP, everything default.

    Server's Custom Config:
    Code:
    client-config-dir /jffs/ccd
    push "route 10.0.1.0 255.255.255.0"
    #push "route 10.0.2.0 255.255.255.0"
    route 10.0.2.0 255.255.255.0
    
    Client's Config:
    TUN / UDP, everything default.

    Contents of /jffs/ccd/client1:
    iroute 10.0.2.0 255.255.255.0

    So my problem is that if I uncomment the above line to push the 10.0.2.0 route, it breaks the 10.0.2.0 network, almost like it is ignoring the "iroute" entry in the /jffs/ccd/client1 file.

    The other problem is that with the above config (which works, mostly), I can ping from the 10.0.2.0 network to the 10.0.1.0 network, which is great... but I can't ping the other way, which is what I hope for.

    I will admit that I'm not very good with routes and I am new to openvpn, I've been reading various documents and am quite happy to read and explore more, please point me at what I might have missed.

    Is what I want to do possible?
     
  2. fryfrog

    fryfrog Network Guru Member

    Omg, that was so easy...

    the /jffs/ccd/client1 file had to be on the server, not the client. I feel so silly, but also glad that I figured it out :p
     
  3. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    client-config-dir is completely configurable via the GUI. Just check the "Manage client-specific options" in the server GUI, and fill out the table with LAN information for the two clients (make sure you check the client<-->client and push checkboxes to share the LANs between clients). Then, you should have full access between all three LANs with nothing in your custom configuration section. Just be sure to uncheck the "NAT" option on your clients.
     
  4. mpegmaster

    mpegmaster Addicted to LI Member

    Where does one find this VPN build at?

    Thanks & Cheers!
     
  5. SgtPepperKSU

    SgtPepperKSU Network Guru Member

  6. mpegmaster

    mpegmaster Addicted to LI Member

    SgtPepperKSU,

    I'm new at this... if this is a dump question, I'm trying to understand... ;^)

    I noticed the the... tomatovpn-ND-1.25vpn3.3.7z file just has the [1] one file... tomato-ND.trx.

    What router is this okay to apply too!

    Thanks & Cheers!!!
     
  7. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    I don't have a list of router models on hand (though, there are several forum threads here that go in to detail), but the gist is that if you ssh/telnet to your router and run
    Code:
    nvram get wl0_corerev
    and get back >=7 it is safe to run ND. If you get back >=9, you'll likely see a benefit by running ND.
     
  8. fryfrog

    fryfrog Network Guru Member

    Thanks, that made it even easier and is working great. Your hard work on OpenVPN and the GUI is really appreciated!
     

Share This Page