1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

VPN build problems with VPN site-to-site

Discussion in 'Tomato Firmware' started by diggyz, Oct 30, 2008.

  1. diggyz

    diggyz Addicted to LI Member

    Yes i checked the option "same subnet" and i also tried to uncheck it and used the NAT option.. non of them work
    they dont add other router as gateway..
     
  2. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    First to get anyone that stumbles on this thread up to speed, your current setup (correct me if I'm wrong):

    Server:
    • TAP
    • Secret key
    • subnet: 192.168.1.0/24

    Client:
    • TAP
    • Secret key
    • subnet: 192.168.0.0/24
    • Same subnet: unchecked (if not set it this way)
    • Create NAT: checked (if not set it this way)

    Now, I think all you need to do is add
    Code:
    ifconfig 192.168.1.50 255.255.255.0
    to your client custom config (substituting 192.168.1.50 with a free address on the server router).

    Give that a shot and let me know how it goes. I'll try to come up with something to incorporate this into the GUI. Static key mode is particularly difficult because you can't push settings from the server to the client.
     
  3. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    Or, if you'd rather, I put together a test build with a GUI solution for Static Key site-to-site.

    It can be downloaded here: 1.21vpn1.9018.

    Let me know if there are any problems. These changes will be included in the next release, but I think I'll wait and see if other issues are found first.
     
  4. diggyz

    diggyz Addicted to LI Member

    Aint working. Thats the same solution im using atm..
    Gonna try that new build you posted and see
     
  5. diggyz

    diggyz Addicted to LI Member

    the solution that fixes it is following

    server router

    ifconfig br0 promisc up
    route add 192.168.0.0 dev br0
    route add -net 192.168.0.0/24 gw 192.168.0.1 dev br0

    client router

    ifconfig br0 promisc up
    route add 192.168.1.1 dev br0
    route add -net 192.168.1.0/24 gw 192.168.1.1 dev br0

    doesnt seem like your build is adding the gateway
     
  6. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    I just rebooted each router and ran a TAP static key site-to-site, and it worked fine. Here are my settings. Let me know if anything is set up different:

    Server (192.168.2.0/24 LAN):
    • Interface type: TAP
    • Protocol: UDP
    • Port: 1194
    • Authorization Mode: Static Key
    • Encryption cipher: Use Default
    • Compression: Enabled
    • Custom Config: <empty>
    • Server Key: <pasted static key>

    client (192.168.0.0/24 LAN):
    • Interface type: TAP
    • Protocol:UDP
    • Server address/port: <address to server router>, 1194
    • Authorization Mode: Static Key
    • Server is on same subnet: unchecked
    • Create NAT on tunnel: checked
    • Tunnel address/netmask: 192.168.2.50, 255.255.255.0
      • Note that this is a free address on the server router
    • Encryption cipher: Use Default
    • Compression: Enabled
    • Connection Retry: 30
    • Custom Configuration: <empty>
    • Client Key: <same pasted static key

    And I (on a laptop behind client router) can ping computers behind the server router just fine. Note that since a NAT is created, the computers behind the server will not be able to see the computers behind the client. For that you will need to uncheck the NAT box and add a route to the custom config on each router.
     

Share This Page