PPTP Tunneling
From DD-WRT Wiki
Revision as of 23:46, 31 December 2006 (edit) Rmeden (Talk | contribs) (→Introduction) ← Previous diff |
Revision as of 18:43, 8 February 2007 (edit) (undo) Cyberde (Talk | contribs) (Added script solution for routing problem, also created a better structure) Next diff → |
||
Line 7: | Line 7: | ||
|'''Note: In v23SP2 Final this configuration does not work. Please check bugtracker ID 0001811''' | |'''Note: In v23SP2 Final this configuration does not work. Please check bugtracker ID 0001811''' | ||
(Missing routes can be added manually with a "ip route add 192.168.x.0/24 dev ppp0" or similar) | (Missing routes can be added manually with a "ip route add 192.168.x.0/24 dev ppp0" or similar) | ||
+ | |||
+ | Have a look at [[#Fixing routing from server to client network]] for a script solution. | ||
|} | |} | ||
Line 37: | Line 39: | ||
|} | |} | ||
- | + | = Configuration = | |
- | + | == For Both Routers == | |
# Goto "Administration" tab and "Management" sub-tab | # Goto "Administration" tab and "Management" sub-tab | ||
# Enable DNSmasq and Local DNS | # Enable DNSmasq and Local DNS | ||
Line 52: | Line 54: | ||
http://img366.imageshack.us/img366/1888/ipfiltersettingssq5.jpg | http://img366.imageshack.us/img366/1888/ipfiltersettingssq5.jpg | ||
- | + | == For Router A == | |
- | + | === Router B > VPN > Router A === | |
# Goto "Administration" tab and "Services" sub-tab | # Goto "Administration" tab and "Services" sub-tab | ||
# Enable PPTP Server | # Enable PPTP Server | ||
Line 62: | Line 64: | ||
# Apply Changes | # Apply Changes | ||
- | + | === Router A > VPN > Router B === | |
# Goto "Administration" tab and "Services" sub-tab | # Goto "Administration" tab and "Services" sub-tab | ||
# Enable PPTP Client | # Enable PPTP Client | ||
Line 77: | Line 79: | ||
http://img162.imageshack.us/img162/22/ruteadora6ir.jpg | http://img162.imageshack.us/img162/22/ruteadora6ir.jpg | ||
- | + | == For Router B == | |
- | + | === Router A > VPN > Router B === | |
# Goto "Administration" tab and "Services" sub-tab | # Goto "Administration" tab and "Services" sub-tab | ||
# Enable PPTP Server | # Enable PPTP Server | ||
Line 87: | Line 89: | ||
# Apply Changes | # Apply Changes | ||
- | + | === Router B > VPN > Router A === | |
# Goto "Administration" tab and "Services" sub-tab | # Goto "Administration" tab and "Services" sub-tab | ||
# Enable PPTP Client | # Enable PPTP Client | ||
Line 102: | Line 104: | ||
http://img73.imageshack.us/img73/4391/ruteadorb3nn.jpg | http://img73.imageshack.us/img73/4391/ruteadorb3nn.jpg | ||
- | + | ==== Notes ==== | |
* The subnets should not intersect each other (i.e. The third octet of direction IP (192.168.thirdoctet.1) of the network A must be different of the network B. | * The subnets should not intersect each other (i.e. The third octet of direction IP (192.168.thirdoctet.1) of the network A must be different of the network B. | ||
* The range of Client IP(s) must be outside the range of DHCP clients. | * The range of Client IP(s) must be outside the range of DHCP clients. | ||
Line 109: | Line 111: | ||
* '''This is a whammie if you miss it'''. Don't forget to enable "'''PPTP Passthrough'''" if you are using the SPI firewall as found on the '''SECURITY''' tab. | * '''This is a whammie if you miss it'''. Don't forget to enable "'''PPTP Passthrough'''" if you are using the SPI firewall as found on the '''SECURITY''' tab. | ||
- | + | == Monitoring == | |
To monitoring and guarantee the connection you can setup Watchdog. The following instructions will setup watchdog to monitor the connection every five minutes (update: works better with 9999 seconds). | To monitoring and guarantee the connection you can setup Watchdog. The following instructions will setup watchdog to monitor the connection every five minutes (update: works better with 9999 seconds). | ||
Line 121: | Line 123: | ||
http://img201.imageshack.us/img201/9416/keepaliveye2.jpg | http://img201.imageshack.us/img201/9416/keepaliveye2.jpg | ||
- | + | ||
+ | = Final Words = | ||
*Some times the connection takes minutes in completing itself (more or less 30 minutes), some times is instantaneous. | *Some times the connection takes minutes in completing itself (more or less 30 minutes), some times is instantaneous. | ||
Line 159: | Line 162: | ||
Your vpn tunnel must be established and working!!! | Your vpn tunnel must be established and working!!! | ||
- | == Useful Links | + | |
+ | =Fixing routing from server to client network= | ||
+ | To fix the routing problem stated above you can save the folowing script as a startup script: | ||
+ | |||
+ | <pre>while sleep 10 | ||
+ | do | ||
+ | ROUTERING=`route | grep 192.168.0.0 | wc -l` | ||
+ | |||
+ | if [ $ROUTERING -lt 1 ]; then | ||
+ | ip route add 192.168.0.0/24 dev ppp0 | ||
+ | fi | ||
+ | done</pre> | ||
+ | |||
+ | Change 192.168.0.0 and 192.168.0.0/24 to the range of the client. | ||
+ | |||
+ | |||
+ | = Useful Links = | ||
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=1767 | http://www.dd-wrt.com/phpBB2/viewtopic.php?t=1767 | ||
http://www.dd-wrt.com/dd-wrtv2/bugtracker/ | http://www.dd-wrt.com/dd-wrtv2/bugtracker/ |
Revision as of 18:43, 8 February 2007
Contents |
Introduction
The configuration below was tested using two WRT54G (Hardware v2.2) and DD-WRT v23 SP1 std.
(Update: The mini version of v23 SP1 may work better than standard, because the free memory will help.)
Note: In v23SP2 Final this configuration does not work. Please check bugtracker ID 0001811
(Missing routes can be added manually with a "ip route add 192.168.x.0/24 dev ppp0" or similar) Have a look at #Fixing routing from server to client network for a script solution. |
The purpose of this setup is to connect to any IP Address on network A or B from network A or B.
- Network A in location "a"
Router A address | 192.168.1.1 |
DHCP range | 192.168.1.100-150 |
Dyndns address | "direccion_de_A.dyndns.org" |
- Network B in location "b"
Router B address | 192.168.2.1 |
DHCP range | 192.168.2.100-150 |
Dyndns address | "direccion_de_B.dyndns.org" |
Configuration
For Both Routers
- Goto "Administration" tab and "Management" sub-tab
- Enable DNSmasq and Local DNS
- Disable Loopback
- Set Maximum Ports:4096
- Set TCP Timeout: 3600
- Set UDP Timeout: 3600
http://img237.imageshack.us/img237/9766/loopbackzs4.jpg
Note: Loopback must be disable because VPN doesn't always work when it is enabled.
http://img366.imageshack.us/img366/1888/ipfiltersettingssq5.jpg
For Router A
Router B > VPN > Router A
- Goto "Administration" tab and "Services" sub-tab
- Enable PPTP Server
- Set "Server IP or DNS Name" to "192.168.1.1"
- Set "Client IP(s)" to "192.168.1.200-250"
- Set "CHAP-Secrets" to "usernameA * passwordA *"
- Apply Changes
Router A > VPN > Router B
- Goto "Administration" tab and "Services" sub-tab
- Enable PPTP Client
- Set "Server IP or DNS Name" to the location of Server B (direccion_de_B.dyndns.org)
- Set "Remote Subnet" to "192.168.2.0"
- Set "Remote Subnet Mask" to 255.255.255.0
- Set "MPPE Encryption" to "mppe required"
- Set "MTU" to 1450
- Set MRU to 1450
- Set Username to usernameB
- Set password to passwordB
- Apply Changes
http://img162.imageshack.us/img162/22/ruteadora6ir.jpg
For Router B
Router A > VPN > Router B
- Goto "Administration" tab and "Services" sub-tab
- Enable PPTP Server
- Set "Server IP or DNS Name" to "192.168.2.1"
- Set "Client IP(s)" to 192.168.2.200-250"
- Set "CHAP-Secrets" to "usernameB * passwordB *"
- Apply Changes
Router B > VPN > Router A
- Goto "Administration" tab and "Services" sub-tab
- Enable PPTP Client
- Set "Server IP or DNS Name" to the location of Server A (direccion_de_A.dyndns.org)
- Set "Remote Subnet" to "192.168.1.0"
- Set "Remote Subnet Mask" to 255.255.255.0
- Set "MPPE Encryption" to "mppe required"
- Set "MTU" to 1450
- Set MRU to 1450
- Set Username to usernameA
- Set password to passwordA
- Apply Changes
http://img73.imageshack.us/img73/4391/ruteadorb3nn.jpg
Notes
- The subnets should not intersect each other (i.e. The third octet of direction IP (192.168.thirdoctet.1) of the network A must be different of the network B.
- The range of Client IP(s) must be outside the range of DHCP clients.
- In the example the IP range that occurred for clients vpn ("Client IP(s)") was 192.168.x.200-250 therefore 51 VPN clients allowed
- This is a whammie if you miss it. Don't forget to enable "PPTP Passthrough" if you are using the SPI firewall as found on the SECURITY tab.
Monitoring
To monitoring and guarantee the connection you can setup Watchdog. The following instructions will setup watchdog to monitor the connection every five minutes (update: works better with 9999 seconds).
On both routers:
- Goto "Administration" tab and "Keep Alive" sub-tab.
- Enable Watchdog
- Set "Interval" to 300
- Set IP Addresses to "192.168.1.200 192.168.2.200"
http://img201.imageshack.us/img201/9416/keepaliveye2.jpg
Final Words
- Some times the connection takes minutes in completing itself (more or less 30 minutes), some times is instantaneous.
- You can check routing table in setup tab, advanced routing subtab, show routing table botton
if there are 6 lines like:
WAN_IP_ADRESS | 255.255.255.255 | 0.0.0.0 | WAN |
192.168.Y.1 | 255.255.255.255 | 0.0.0.0 | WAN |
192.168.X.200 | 255.255.255.255 | 0.0.0.0 | WAN |
192.168.Y.0 | 255.255.255.0 | 0.0.0.0 | WAN |
192.168.X.0 | 255.255.255.0 | 0.0.0.0 | LAN & WLAN |
0.0.0.0 | 0.0.0.0 | WAN_IP_ADRESS | WAN |
Your vpn tunnel must be established and working!!!
Fixing routing from server to client network
To fix the routing problem stated above you can save the folowing script as a startup script:
while sleep 10 do ROUTERING=`route | grep 192.168.0.0 | wc -l` if [ $ROUTERING -lt 1 ]; then ip route add 192.168.0.0/24 dev ppp0 fi done
Change 192.168.0.0 and 192.168.0.0/24 to the range of the client.
Useful Links
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=1767 http://www.dd-wrt.com/dd-wrtv2/bugtracker/
PPTP_Server_Configuration HOW_TO_configure_a_WINDOWS_BOX_to_make_a_VPN_Connection_to_linksys