Site-to-site VPN stuggles

Discussion in 'Tomato Firmware' started by m0ngr31, May 19, 2014.

  1. m0ngr31

    m0ngr31 Serious Server Member

    Uggghhh… So we've been working on this for most of the day and it's driving me crazy.

    I'm trying to setup a site-to-site VPN with my brother. I'm using Tomato, and he's using OpenWRT. I'm trying to be the server since I have faster network speeds. We unsuccessfully followed every OpenVPN tutorial out there. We were able to get router to talk to router for about 5 minutes. Nothing else. No client to client, router to client. Nothing. So we switched to PPTP. We can get everything working the way we want with that if he selects "Use default gateway". The problem there is that all of his internet traffic goes through mine, and he's stuck with terrible speed. If he doesn't check that option we are stuck with only the routers talking?

    What are we doing wrong? I'm about ready to scream!
  2. dc361

    dc361 Network Guru Member

    Just a shot in the dark but are you using different LAN networks (ie 192.168.x. and 192.168.y. ) on the routers. If you are both on the same class C, then that could explain your problem.
  3. m0ngr31

    m0ngr31 Serious Server Member

    Thanks for the response, but they are on different subnets. :confused:
  4. dc361

    dc361 Network Guru Member

    Do the correct routes for the 'local' networks get added to each of the routing tables? The routers would 'chat' over the intermediate network that openvpn creates but if the configuration is not correct, the router clients may not see the path to the other end.
  5. rs232

    rs232 Network Guru Member

    For site to site I would stick to openvpn with static keys.

    If you post your config/screenshots we can help to set it up, you'll see nothing too difficult
  6. m0ngr31

    m0ngr31 Serious Server Member

    We were thinking since we were using TAP and it would be using my local subnet that it wouldn't need routing? But routing isn't something I know anything about.
    Whats the difference doing static keys over just the client key stuff we're already trying?
  7. rs232

    rs232 Network Guru Member

    I suggest TUN/UDP for a fast and reliable Internet connection
    I guess your Client key is synonymous of Static key. Basically it' like a long password and you need it at both ends.

    Any ways, just post the config/screenshots and we'll pick it up from there
  8. roadkill

    roadkill Super Moderator Staff Member Member

    Please post configuration of both routers, openvpn scripts on both sides I would suggest using tap/udp bridged mode and psk because it's the simplest configuration remember that time zone has to be set the same on both sides

    If you are still unable to connect post the client's openvpn log with verb 6

  9. quihong

    quihong Networkin' Nut Member

    Lots of suggestions in this thread, so I'll throw out another one.

    Get your brother to switch to Tomato and follow my tutorial -

    Yeah, there's no reason why you can't get it up and running with OpenWRT, but sometimes, it's just easier to spend the $30 or so (for a router that supports Tomato such as the Belkin N600) and be done with it.
  10. EOC_Jason

    EOC_Jason Networkin' Nut Member

    Use OpenVPN with TUN, not TAP...

    I had one router once that was running DD-WRT connect to my openvpn server. Everything looked good but no traffic. Finally traced it down to having to DISABLE compression (on both server & client), after that worked perfect. I could only guess that it was because the dd-wrt version was much much older.
  11. lancethepants

    lancethepants Network Guru Member

    TUN/TAP. Depends what you want to do with the VPN. If you need broadcasts (gaming is one example), you'll want TAP. You will have issues if both ends have DHCP enabled using TAP. There's a forum post describing how to block certain broadcasts using ebtables. Not just DHCP, but also UPnP, Natpmp, and a host of other problematic possibilities.
  12. roadkill

    roadkill Super Moderator Staff Member Member

    we'll need a log to pursue the issue further there is no point suggesting a bunch of stuff without knowing the configure and the requirements ;) openvpn can be used for lots of stuff..
  13. DocLarge

    DocLarge Super Moderator Staff Member Member


    I "know" I've been away for a while if everyone is talking "tomato" and "vpn." :)

  14. m0ngr31

    m0ngr31 Serious Server Member

    Here's my config. With this, routers can talk, but no go on anything other than that. Don't even know where to start with routing or anything...
