Creating a VPN tunnel between two apartments based on routers with dd-wrt

Background:


Actually, the task is to combine house 1 and house 2. We are armed with the following schemes:

House 1: -internet Prov. Beeline l2tp; psTV (196.168.2.13); dir615С2 (internal: 192.168.2.1, external: 95.24.x.x (will be a VPN client))

House 2: -internet prov. Interzet with white ip; PS4 (192.168.1.13); dir615Е4 (external st.IP: 188.X.H.X, internal: 192.168.1.1 (there will be a VPN server)

The firmware from dd-wrt was installed on both routers. The installation procedure is not complicated, there is a lot of information on the Internet on this topic.

Purpose so that dir615c2 equipment (hereinafter “B”) is available on the dir615Е4 local network (hereinafter “A”) and vice versa.

Preparation, problems, solution:


After installing dd-wrt and setting up an Internet connection, it was noticed on router A that there was no ping between clients connected via lan (there is no such problem with wifi). This problem is solved in two ways:

1. Installing the dd-wrt firmware from 04-18-2014-r23919

2. Entering the “Administrator - Commands” tab and executing the command:

swconfig dev eth0 set enable_vlan 1 
swconfig dev eth0 set apply

Carried away by the settings, I felt a desire to automatically turn off and turn on WIFI, either for the purpose of the experiment, or to reduce the number of radiating devices in the apartment. Several solutions were found for this:

1. Using ifup, ifdown and cron commands . For this, in the "Administrator" tab in the Cron item, write:

0 7 * * * root /sbin/ifconfig ath0 up 
0 0 * * * root /sbin/ifconfig ath0 down

This will enable incl. at 7:00 in the morning and off. 00:00 a.m. But for me, like for many, it did not work.

2. This method consists in using the WPS / Reboot button on the router case. For this, in the Services menu in the SES / AOSS / EZ-SETUP / WPS Button, you should turn on. Turning off radio. But it’s not very interesting to press a button every time.

3. Using the WIFI Schedule Command:

nvram set radio0_timer_enable=1  
nvram set radio0_on_time=000000011111111111111111  
nvram commit 

Where 0 is off, 1 is on, in my example it is on. at 7:00 and off at 01:00.

Now you can begin to configure the VPN. The PPTP server is raised to “A”, and the client to “B”. You can verify the operation of the VPN on the Status - lan tab. At the very bottom, it is indicated that client “B” is connected to server “A”.

(Server and client settings were carried out in the Web interface)



On the server, setting the name and password should be set * with a space.



If you, like mine, have an Atheros AR7240- based router , then perhaps the VPN client will remain with its local IP when connecting (without accepting ip from the server range). In this case, you need to add noipdefault to the encryption field. Also add --nobufferin the ip pptp server field with a space for off. buffering.

Now that we have a VPN tunnel, we need to register a route to a neighboring network.

“A” has a network 192.168.1.0/24 and ip as a VPN server 172.16.1.1
“B” has a network 192.168.2.0/24 and ip as a VPN client 172.16.1.51

To access from “A” to “B” you need to set:

route add -net 192.168.2.0 netmask 255.255.255.0 gw 172.16.1.1

To access from "B" to "A" you need to set:

route add -net 192.168.1.0 netmask 255.255.255.0 gw 172.16.1.51

Since when the client reconnects to the VPN server, the route will be reset and it will need to be re-set, it was decided to write a Shell script. He would check periodically for the presence of a route, and if it was absent, he would check for a tunnel, and if it was available, he would set a route.

It looks like this for a server:

#!/bin/sh 
if 
PPTP=`ip ro | awk '/192.168.2.0/ {print $1}'`; 
test "$PPTP" = "192.168.2.0/24" 
then 
exit; 
#Тут мы указали если есть в ip ro маршрут на сеть 192.168.2.0 то скрипт заканчивается иначе идем дальше
else 
if 
PPTPup=`ip ro | awk '/172.16.1.51/ {print $1}'`; 
test "$PPTPup" != "" 
then 
route add -net 192.168.2.0 netmask 255.255.255.0 gw 172.16.1.1 
else 
exit;
# тут мы указали если в ip ro "VPN" соединение  не равно пустоте то добавить маршрут и закончить скрипт
fi 
fi 
exit;

For the client, we change 192.168.2.0 to 192.168.1.0, 172.16.1.51 to 172.16.1.1, 172.16.1.1 to 172.16.1.51.

Now we need to make this script work at a given interval. This can be done in the "Administrator" tab in the Cron item, we write:

*/3 * * * * root /tmp/custom.sh

This will give us a script run every 3 minutes, every hour and every day. This completes the configuration of the VPN tunnel.

Also popular now: