Topic: VPN client - WRT54G @ DD-WRT

[groyk]

Hi

How do I setup persistent VPN connection to my SME 7,3 server with WRT54G@DD-WRT?

VPN Server : SME7,3 (192.168.1.2)
VPN Client1 : WRT54G @ DD-WRT (192.168.2.1)
VPN Client2 : WRT54G @ DD-WRT (192.168.3.1)
VPN Client3 : WinXP client

In the router administration there is following feilds to fill out.

PPTP Client	:	enabled
Server IP or DNS Name	:	SERVERURL
Remote Subnet ...	:	192.168.1.0
Remote Subnet Mask ...	:	255.255.255.0
MPPE Encryption	:	??? WHAT TO WRITE ???
MTU  (Default: 1450)	:	???
MRU  (Default: 1450)	:	???
NAT	:	??enabled??disabled??
User Name	:	USERNAME
Password	:	PASSWORD

Should i do anything in the SME conf?

Can anyone help me??



 

[imcintyre]

I read this because I have the same router but with different non stock software. The software I have only has pass through pptp. I will assume you saw this http://www.dd-wrt.com/phpBB2/viewtopic.php?t=68.

If this bridged mode between routers is working perhaps this is more direct/easier solution, than messing with server software.

WRT54G1 ------------------------- WRT54G2 ----------------------WRT54G3
 |        |                                            |                                          |
SME   PC's                                         PC's                                    pc's

Hope this is helpful.

[groyk]

I read this because I have the same router but with different non stock software. The software I have only has pass through pptp. I will assume you saw this http://www.dd-wrt.com/phpBB2/viewtopic.php?t=68.

If this bridged mode between routers is working perhaps this is more direct/easier solution, than messing with server software.

WRT54G1 ------------------------- WRT54G2 ----------------------WRT54G3
 |        |                                            |                                          |
SME   PC's                                         PC's                                    pc's

Hope this is helpful.

I thougth about this solution, But I rather use SME server as the VPN Gateway. I should be possible.

[groyk]

I read this because I have the same router but with different non stock software. The software I have only has pass through pptp. I will assume you saw this http://www.dd-wrt.com/phpBB2/viewtopic.php?t=68.

If this bridged mode between routers is working perhaps this is more direct/easier solution, than messing with server software.

WRT54G1 ------------------------- WRT54G2 ----------------------WRT54G3
 |        |                                            |                                          |
SME   PC's                                         PC's                                    pc's

Hope this is helpful.

I thougth about this solution, But I rather use SME server as the VPN Gateway. I should be possible.

[ltwally]

The VPN daemon inside SME is nothing more than a PPTP daemon, so your tunnel would only effectively work one way.  Everything inside the WRT54G would be able to talk to the SME server and everything on the SME server LAN, but not vice-versa.  This is the nature of the PPTP connection.  It is not a bridge between two networks; it is a connection between one computer and one network.  In this case, replace "one computer" with "one router."

For a true VPN connection between two networks, a _bridge_, you need a form of IPSEC tunnel.  This type of tunnel runs between two firewalls/routers.

I've heard good things about DD-WRT.  It can probably handle a hardware IPSEC tunnel or two, though I've never actually used DD-WRT.

[cirkit]

I FLASHED my LINKSYS WRT54GL WITH DD-WRT FIRMWARE 24SP1.
I too tried to establish a VPN between dd-wrt & sme server 7.3 using pptp
The below attached image will show you the dd-wrt pptp client configuration

http://jst.net.in/dd-wrt/configuration.png

I also put down the message log from the SME server side below,
Reading the log I undersatnd that the connected eas established, but i could not ping
If some expert goes through the log maybe the linksys router will turn out to be extremely useful for people who want to hook up their remote office's several computers to SME server.

Sep 13 19:31:59 mcp61 pptpd[19402]: CTRL: Client 59.182.226.182 control connection started
Sep 13 19:32:00 mcp61 pptpd[19402]: CTRL: Starting call (launching pppd, opening GRE)
Sep 13 19:32:00 mcp61 pppd[19403]: Plugin radius.so loaded.
Sep 13 19:32:00 mcp61 pppd[19403]: RADIUS plugin initialized.
Sep 13 19:32:00 mcp61 pppd[19403]: pppd 2.4.4 started by root, uid 0
Sep 13 19:32:00 mcp61 kernel: divert: not allocating divert_blk for non-ethernet device ppp1
Sep 13 19:32:00 mcp61 pppd[19403]: Using interface ppp1
Sep 13 19:32:00 mcp61 pppd[19403]: Connect: ppp1 <--> /dev/pts/1
Sep 13 19:32:03 mcp61 pppd[19403]: MPPE 128-bit stateless compression enabled
Sep 13 19:32:03 mcp61 pppd[19403]: found interface eth0 for proxy arp
Sep 13 19:32:03 mcp61 pppd[19403]: local  IP address 192.168.100.250
Sep 13 19:32:03 mcp61 pppd[19403]: remote IP address 192.168.100.247
Sep 13 19:32:03 mcp61 esmith::event[19427]: Processing event: ip-up.pptpd ppp1 /dev/pts/1 460800 192.168.100.250 192.168.100.247 pptpd
Sep 13 19:32:03 mcp61 esmith::event[19427]: Running event handler: /etc/e-smith/events/actions/generic_template_expand
Sep 13 19:32:03 mcp61 esmith::event[19427]: expanding /etc/rc.d/init.d/masq 
Sep 13 19:32:04 mcp61 esmith::event[19427]: generic_template_expand=action|Event|ip-up.pptpd|Action|generic_template_expand|Start|1221314523 895219|End|1221314524 194913|Elapsed|0.299694
Sep 13 19:32:04 mcp61 esmith::event[19427]: Running event handler: /etc/e-smith/events/ip-up.pptpd/S70pptp-interface-access
Sep 13 19:32:04 mcp61 /etc/e-smith/events/ip-up.pptpd/S70pptp-interface-access[19429]: /home/e-smith/db/configuration: OLD pptpd=service|Interfaces|ppp0|TCPPort|1723|access|public|sessions|5|status|enabled
Sep 13 19:32:04 mcp61 /etc/e-smith/events/ip-up.pptpd/S70pptp-interface-access[19429]: /home/e-smith/db/configuration: NEW pptpd=service|Interfaces|ppp0,ppp1|TCPPort|1723|access|public|sessions|5|status|enabled
Sep 13 19:32:04 mcp61 esmith::event[19427]: S70pptp-interface-access=action|Event|ip-up.pptpd|Action|S70pptp-interface-access|Start|1221314524 195102|End|1221314524 304905|Elapsed|0.109803
Sep 13 19:32:04 mcp61 esmith::event[19427]: Running event handler: /etc/e-smith/events/actions/adjust-services
Sep 13 19:32:04 mcp61 esmith::event[19427]: adjusting non-supervised masq (adjust) 
Sep 13 19:32:04 mcp61 esmith::event[19427]: adjust-services=action|Event|ip-up.pptpd|Action|adjust-services|Start|1221314524 305200|End|1221314524 669218|Elapsed|0.364018
Sep 13 19:33:16 mcp61 pppd[19221]: No response to 10 echo-requests
Sep 13 19:33:16 mcp61 pppd[19221]: Serial link appears to be disconnected.
Sep 13 19:33:16 mcp61 pppd[19221]: Connect time 4.3 minutes.
Sep 13 19:33:16 mcp61 pppd[19221]: Sent 68 bytes, received 22423 bytes.
Sep 13 19:33:16 mcp61 pppd[19221]: MPPE disabled
Sep 13 19:33:16 mcp61 esmith::event[19594]: Processing event: ip-down ppp0 /dev/pts/0 460800 192.168.100.250 192.168.100.246 pptpd
Sep 13 19:33:16 mcp61 esmith::event[19594]: Running event handler: /etc/e-smith/events/actions/generic_template_expand
Sep 13 19:33:16 mcp61 esmith::event[19594]: expanding /etc/rc.d/init.d/masq 
Sep 13 19:33:16 mcp61 esmith::event[19594]: generic_template_expand=action|Event|ip-down|Action|generic_template_expand|Start|1221314596 403308|End|1221314596 702177|Elapsed|0.298869
Sep 13 19:33:16 mcp61 esmith::event[19594]: Running event handler: /etc/e-smith/events/ip-down/S50isdn-down-notify
Sep 13 19:33:16 mcp61 esmith::event[19594]: S50isdn-down-notify=action|Event|ip-down|Action|S50isdn-down-notify|Start|1221314596 702359|End|1221314596 783520|Elapsed|0.081161
Sep 13 19:33:16 mcp61 esmith::event[19594]: Running event handler: /etc/e-smith/events/ip-down/S70pptp-interface-access
Sep 13 19:33:16 mcp61 /etc/e-smith/events/ip-down/S70pptp-interface-access[19597]: /home/e-smith/db/configuration: OLD pptpd=service|Interfaces|ppp0,ppp1|TCPPort|1723|access|public|sessions|5|status|enabled
Sep 13 19:33:16 mcp61 /etc/e-smith/events/ip-down/S70pptp-interface-access[19597]: /home/e-smith/db/configuration: NEW pptpd=service|Interfaces|ppp1|TCPPort|1723|access|public|sessions|5|status|enabled
Sep 13 19:33:16 mcp61 esmith::event[19594]: S70pptp-interface-access=action|Event|ip-down|Action|S70pptp-interface-access|Start|1221314596 783810|End|1221314596 892355|Elapsed|0.108545
Sep 13 19:33:16 mcp61 esmith::event[19594]: Running event handler: /etc/e-smith/events/actions/adjust-services
Sep 13 19:33:16 mcp61 esmith::event[19594]: adjusting non-supervised masq (adjust) 
Sep 13 19:33:17 mcp61 esmith::event[19594]: adjust-services=action|Event|ip-down|Action|adjust-services|Start|1221314596 892662|End|1221314597 257466|Elapsed|0.364804
Sep 13 19:33:19 mcp61 pppd[19221]: Connection terminated.
Sep 13 19:33:19 mcp61 kernel: divert: no divert_blk to free, ppp0 not ethernet
Sep 13 19:33:19 mcp61 pppd[19221]: Modem hangup
Sep 13 19:33:19 mcp61 pppd[19221]: Exit.
Sep 13 19:33:19 mcp61 pptpd[19220]: GRE: read(fd=6,buffer=804e5a0,len=8196) from PTY failed: status = -1 error = Input/output error, usually caused by unexpected termination of pppd, check option syntax and pppd logs
Sep 13 19:33:19 mcp61 pptpd[19220]: CTRL: PTY read or GRE write failed (pty,gre)=(6,7)
Sep 13 19:33:19 mcp61 pptpd[19220]: CTRL: Reaping child PPP[19221]
Sep 13 19:33:19 mcp61 pptpd[19220]: CTRL: Client 59.182.227.18 control connection finished

[groyk]

Hi Cirkit

Thank you for this information, I will take a look at it. But I am hoping that someone clever would check out the log you posted