1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Help with site-to-site VPN

Discussion in 'Tomato Firmware' started by sgoldwa, Apr 2, 2008.

  1. sgoldwa

    sgoldwa LI Guru Member

    Hi there,
    I have been struggling with setting up a site-to-site VPN for almost 2 days now, and thought I would reach out to you to see if you could help.

    I found a script in a DD-WRT forum that I am trying to use with Tomato due to Tomato's superior QoS. When I telnet into both of the sites and view the log files, I do see “Initialization Sequence Completed†on both ends, but I cannot ping either way.

    Here is what I have on each end ….

    ___________
    SERVER (Buffalo WHR-HP54G), located in Los Angeles


    (Under the INIT tab, I have…)

    sleep 5
    insmod tun.o


    ____________

    (Under the WAN UP tab, I have…)


    # Move to writable directory and create scripts
    cd /tmp
    ln -s /usr/sbin/openvpn /tmp/myvpn

    # Config for Site-to-Site SiteA-SiteB
    echo "
    remote 67.XX.95.XX # I put XXs in here for anonymity, that is not what I have in the actual script
    proto udp
    port 2000
    log /tmp/openvpn.log
    dev tun0
    secret /tmp/static.key
    verb 3
    comp-lzo
    keepalive 15 60
    daemon
    " > SiteA-SiteB.conf

    # Config for Static Key, I put XXs in some of the lines here for anonymity, that is not what I have in the actual script

    echo "
    -----BEGIN OpenVPN Static key V1-----
    f825d10e732fcef07c4992add7233b93
    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    90eef44fccf6b7e7dbc3304326631eff
    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    445bad47dddc438eca5e507b16fae273
    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    ae1a5d6b10e798c2ab3f758ac59899b8
    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    8663ef18cc3cef23e34ded2e14211f10
    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    f60364a7940c5966a821a136856067b8
    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    730b5ed7bf9dfa9db6ebac735e9ee53f
    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    aaeda5e5b1aba189d47737b95f9f798c
    cc81e3e3fd52da33a2781eb4255f7bce
    -----END OpenVPN Static key V1-----
    " > static.key

    # Create interfaces
    /tmp/myvpn --mktun --dev tun0
    ifconfig tun0 10.0.0.1 netmask 255.255.255.0 promisc up

    # Create routes
    route add -net 192.168.0.1 netmask 255.255.255.0 gw 10.0.0.2

    # Initiate the tunnel
    sleep 5
    /tmp/myvpn --config SiteA-SiteB.conf




    On the other side, I have…


    CLIENT (Buffalo WHR-HP54G), located in Seattle

    (Under the INIT tab, I have…)
    sleep 5
    insmod tun.o


    ____________

    (Under the WAN UP tab, I have…)


    # Move to writable directory and create scripts
    cd /tmp
    ln -s /usr/sbin/openvpn /tmp/myvpn

    # Config for Site-to-Site SiteA-SiteB
    echo "
    proto udp
    port 2000
    log /tmp/openvpn.log
    dev tun0
    secret /tmp/static.key
    verb 3
    comp-lzo
    keepalive 15 60
    daemon
    " > SiteA-SiteB.conf

    # Config for Static Key
    echo "
    -----BEGIN OpenVPN Static key V1-----
    f825d10e732fcef07c4992add7233b93
    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    90eef44fccf6b7e7dbc3304326631eff
    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    445bad47dddc438eca5e507b16fae273
    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    ae1a5d6b10e798c2ab3f758ac59899b8
    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    8663ef18cc3cef23e34ded2e14211f10
    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    f60364a7940c5966a821a136856067b8
    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    730b5ed7bf9dfa9db6ebac735e9ee53f
    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    aaeda5e5b1aba189d47737b95f9f798c
    cc81e3e3fd52da33a2781eb4255f7bce
    -----END OpenVPN Static key V1-----
    " > static.key

    # Create interfaces
    /tmp/myvpn --mktun --dev tun0
    ifconfig tun0 10.0.0.2 netmask 255.255.255.0 promisc up

    # Create routes
    route add -net 192.168.10.1 netmask 255.255.255.0 gw 10.0.0.1

    # Initiate the tunnel
    sleep 5
    /tmp/myvpn --config SiteA-SiteB.conf


    __________________

    Do you have any idea what might be wrong? I am actually replacing 2 perfectly great Sonicwall TZ-170s that do great site-to-site BUT they do not offer the QoS I so need on my system. The Tomato firmware is great in that regard.

    Any ideas would be greatly appreciated!!!!!
     
  2. sgoldwa

    sgoldwa LI Guru Member

    Solved it

    Well, I spent the *rest* of the day and solved the problem. I had to add a firewall rule to allow for pinging ICMP packets.
     
  3. FRiC

    FRiC LI Guru Member

    You should not have had to add a rule to allow ping. Were you pinging to your local IP's?
     

Share This Page