Re: WRT54GL with DD-WRT VPN firmware - where's the beef?


"Jeff Liebermann" <jeffl@xxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:934u13hchhdec1ig82nc136q2dbasuhagd@xxxxxxxxxx
"JM" <jake@xxxxxxxxx> hath wroth:

It's likely I'm missing something. But certain posts regarding vpn
features
of the dd-wrt firmware indicated that this firmware allowed box-to-box
vpn.
However, the firmware I installed on my 54GL (dd-wrt R23 vpn) seems to
only
provide for vpn pass-through, not a box-to-box hardware vpn.

Again, I'm probably missing something or misunderstand the firmware's
features, but where are the vpn settings that allow my to connect my
Linksys
to something like a Sonicwall using pre-shared keys, for example?

The router to router VPN is PPTP, not IPSEC. I think that there are
some Sonicwall models that support PPTP terminations, but I can't tell
due to the lack of a model number. Find the model number and read the
specifications to see if it can terminate a PPTP tunnel.

http://www.dd-wrt.com/wiki/index.php/VPN

With DD-WRT STD, you don't need the VPN version to do router to router
via PPTP. My home WRT54GS is currently connected to my office WRT54G
(both running DD-WRT STD v23 SP2) using PPTP. See the setup for PPTP
under:
Administration -> Services -> PPTP

You'll also need to enable and configure the PPTP Client. Note that
you can have the PPTP client configured on BOTH sides of the tunnel to
log into the PPTP server on the other side. The trick is to NOT
re-use any IP addresses for the LAN, VPN, or IP address pool.
Allegedly, it's more reliable this way, but that has not been my
experience. I have mine connecting only one direction, from home to
office. However, I do have the PPTP servers enabled on both ends so
that I can login remotely when on the road from my laptops.

Be sure to use a different Class C IP block for each network LAN. For
example, if your home network is 192.168.1.xxx, then your office
network can be 192.168.2.xxx. Just make sure they're NOT the same IP
block. If you use a netmask of 255.255.0.0 on the LAN, switch to
10.xxx.xxx.xxx instead of 192.168.xxx.xxx.

In addition, the IP address pool, assigned by the PPTP server, should
be different from both LAN IP blocks.

Also, the docs for the Chap Secrets setting for PPTP in DD-WRT
absolutely suck. The examples don't work. The correct format is:

user1 * password1 *
user2 * password2 *
user3 * password3 *

It's the spaces on both sides of the asteriks that are important.

The best I can do for IPSec support is OpenSwan. See:
<http://www.dd-wrt.com/wiki/index.php/OpenSwan>
Not very encouraging or organized, but if you feel like porting it to
DD-WRT, I could certainly use it.



Thank you for your reply.

What I'm trying to accomplish is access to a shared file in the main office.
The remote office has two PCs that need access to an inventory spread***
on a workgroup PC in the main office. The home office has 12 channels of T1
for internet, and the remote office has business DSL from Bell.

The Sonicwall model in the main office is TZ 170, not sure of the hardware
or firmware release (will get that later).

Given this relatively modest need (?), what solution would you recommend? I
even have access to another Sonicwall (SOHO3), for a couple hundred bucks.
It's just that they already have the Linksys in the remote office.

thank you again,

jm













.

Quantcast