
We combine two local area networks via the Internet. Vpn lan to lan. Asus wl520gu + dd-wrt and FreeBSD + mpd5
Introduction
I was lucky to work in an organization that is developing, and from time to time new tasks arise that allow me to grow. This time I needed to combine the head office and the second branch. The task is not new for me, but I decided to approach it differently than before.
Currently, FreeBSD + mpd5 is installed in the head office as a PPTP server. In the first branch it is similar (except that it is used as a vpn client). There are also 8 points where one computer with Windows XP is installed “clinging” to the head standard client of this OS.
I need to create another tunnel between the two networks, but I can’t use my favorite FreeBSD OS, due to the limited space for installing the router in the second branch (this is a retail store, all the equipment is sheltered in a narrow rack). In addition, I wanted to try the dd-wrt firmware, about which I had heard so much, in practice.
Start.
So we have:
VPN server: FreeBSD 7.3 (Release i386) + mpd5 (Version 5.3)
VPN client: Asus wl520gu + dd-wrt (DD-WRT v24-sp2 (10/10/09) vpn)
* the firmware is still standard , and dd-wrt has yet to be "screwed up", which is what we’ll do.
Router firmware.
For many articles that I found, the authors for some reason omitted the description of the router firmware process, citing the simplicity of this action. I spent about half an hour reading the documentation on the official website, it is written very intelligibly. But I still describe, in steps, what I did.
1. It is necessary to perform a hardware reset, the so-called 30/30/30. This is necessary in order to get into engineering mode. Get the opportunity to "fill" the firmware.
When the power of the router is on, press the reset button, hold for 30 seconds, without releasing the button, turn off the power and hold for another 30 seconds, without releasing the button, turn on the power and hold the reset button again for 30 seconds.
Hint: the default ip of the router is 192.168.1.1. If you “ping” it before a hardware reset 30/30/30 then ttl will be 64, after resetting ttl becomes 100.
2. Download firmware dd-wrt.v24_mini_asus.trx
* other firmware / firmware for other models of routers are available on dd- wrt.com/site/support/router-database 3. The
next step is to upload the downloaded firmware. To do this, we need the tftp utility (tftp - trivial file transfer program). Since Ubuntu is installed on my netbook, the installation is reduced to one command,
go to the folder with the firmware file,
connect to the router,
select the binary mode,
send the file with the firmware
Now ATTENTION, after the program informs you of the completion of the file transfer process, turn on the stopwatch and WAIT FOR EXACTLY FIVE EARTH MINUTES .
4.After 5 minutes, disconnect the piece of iron from the power supply, and wait 30-40 seconds. We turn it on, check, if we see ttl = 64 when pinging, then we can already be a little happy =)
5. We go to 192.168.1.1 , we will be asked to change the username and password. We change and restart the router (I completed this step more due to reinsurance).
Now you can climb the web interface, believe it is very, very pleasant and interesting.




Next, you can upload some other firmware from dd-wrt using the web interface. In my case, this is dd-wrt.v24_vpn_generic.bin. There is definitely nothing complicated here, but do not forget aboutFIVE EARTH MINUTES =)))
* here, caring creators will show us a timer that counts seconds from 300 and
then customize for yourself. Again, the web interface is very good. There is a hint on each page, do not use it!
VPN setup
As a result of experiments, the mpd5 config took the following form of ASUS setup on the screen. That's probably all. Traffic from network to network runs and is encrypted. - SMALL UPDATE ---

After the connection is established, the dd-wrt'ovy pppd (in accordance with this config /tmp/pptpd_client/options.vpn) sends lcp echo requests every two seconds (for details see rfc 1661 ppp) and after the server does not respond to it for the third time sends Terminate-Request as a result the connection is broken. The lcp-echo-interval and lcp-echo-failure parameters in the config are responsible for this behavior. We needto remove them to hell , to do this, go to the web interface Administration -> Commands and drive in the following script:
Click Save startup, and then reboot the router.
I was lucky to work in an organization that is developing, and from time to time new tasks arise that allow me to grow. This time I needed to combine the head office and the second branch. The task is not new for me, but I decided to approach it differently than before.
Currently, FreeBSD + mpd5 is installed in the head office as a PPTP server. In the first branch it is similar (except that it is used as a vpn client). There are also 8 points where one computer with Windows XP is installed “clinging” to the head standard client of this OS.
I need to create another tunnel between the two networks, but I can’t use my favorite FreeBSD OS, due to the limited space for installing the router in the second branch (this is a retail store, all the equipment is sheltered in a narrow rack). In addition, I wanted to try the dd-wrt firmware, about which I had heard so much, in practice.
Start.
So we have:
VPN server: FreeBSD 7.3 (Release i386) + mpd5 (Version 5.3)
VPN client: Asus wl520gu + dd-wrt (DD-WRT v24-sp2 (10/10/09) vpn)
* the firmware is still standard , and dd-wrt has yet to be "screwed up", which is what we’ll do.
Router firmware.
For many articles that I found, the authors for some reason omitted the description of the router firmware process, citing the simplicity of this action. I spent about half an hour reading the documentation on the official website, it is written very intelligibly. But I still describe, in steps, what I did.
1. It is necessary to perform a hardware reset, the so-called 30/30/30. This is necessary in order to get into engineering mode. Get the opportunity to "fill" the firmware.
When the power of the router is on, press the reset button, hold for 30 seconds, without releasing the button, turn off the power and hold for another 30 seconds, without releasing the button, turn on the power and hold the reset button again for 30 seconds.
Hint: the default ip of the router is 192.168.1.1. If you “ping” it before a hardware reset 30/30/30 then ttl will be 64, after resetting ttl becomes 100.
2. Download firmware dd-wrt.v24_mini_asus.trx
* other firmware / firmware for other models of routers are available on dd- wrt.com/site/support/router-database 3. The
next step is to upload the downloaded firmware. To do this, we need the tftp utility (tftp - trivial file transfer program). Since Ubuntu is installed on my netbook, the installation is reduced to one command,
sudo aptitude install tftp
go to the folder with the firmware file,
cd Загрузки
connect to the router,
tftp 192.168.1.1
select the binary mode,
mode binary
send the file with the firmware
put dd-wrt.v24_mini_asus.trx
Now ATTENTION, after the program informs you of the completion of the file transfer process, turn on the stopwatch and WAIT FOR EXACTLY FIVE EARTH MINUTES .
4.After 5 minutes, disconnect the piece of iron from the power supply, and wait 30-40 seconds. We turn it on, check, if we see ttl = 64 when pinging, then we can already be a little happy =)
5. We go to 192.168.1.1 , we will be asked to change the username and password. We change and restart the router (I completed this step more due to reinsurance).
Now you can climb the web interface, believe it is very, very pleasant and interesting.
Next, you can upload some other firmware from dd-wrt using the web interface. In my case, this is dd-wrt.v24_vpn_generic.bin. There is definitely nothing complicated here, but do not forget aboutFIVE EARTH MINUTES =)))
* here, caring creators will show us a timer that counts seconds from 300 and
then customize for yourself. Again, the web interface is very good. There is a hint on each page, do not use it!
VPN setup
As a result of experiments, the mpd5 config took the following form of ASUS setup on the screen. That's probably all. Traffic from network to network runs and is encrypted. - SMALL UPDATE ---
pptp_vpn_filial2:
create bundle static pptp1
set ipcp ranges 10.255.255.11/32 10.255.255.12/32
set ipcp dns 192.168.0.5
set iface route 192.168.4.0/24
set iface enable proxy-arp
set iface enable on-demand
set bundle enable compression
set ccp yes mppc
set mppc yes e128
set mppc enable compress
set bundle enable crypt-reqd
set mppc yes stateless
create link static lpptp1 pptp
set link action bundle pptp1
set link no pap
set link yes chap
set auth authname "onotole"
set auth password "ololololo"
set link mtu 1460
set link keep-alive 0 0
set link max-redial -1
set pptp peer 172.17.59.12
set link enable incoming
After the connection is established, the dd-wrt'ovy pppd (in accordance with this config /tmp/pptpd_client/options.vpn) sends lcp echo requests every two seconds (for details see rfc 1661 ppp) and after the server does not respond to it for the third time sends Terminate-Request as a result the connection is broken. The lcp-echo-interval and lcp-echo-failure parameters in the config are responsible for this behavior. We need
(while [ ! -f /tmp/pptpd_client/options.vpn ]; do sleep 10; done
sed /lcp/d /tmp/pptpd_client/options.vpn > /tmp/pptpd_client/temp.vpn
cp /tmp/pptpd_client/temp.vpn /tmp/pptpd_client/options.vpn )&