OpenWrt Forum Archive

Topic: Looking For Simple Secure VPN Solution Between 2 Locations

The content of this topic has been archived on 1 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
gil_happy
2 Sep 2017, 00:20

Hello,

I am looking to setup a simple and secure VPN solution between 2 locations using OpenWrt.  Here is the back story - I tried to get this working using DDWRT, but I can't seem to figure it out.  I'm not sure if I had an incorrect setting, or if it is a bug in the DDWRT.  Since I have given up on this, I'm thinking about trying OpenWrt instead which I have never ever used.

In each of the 2 locations, I have an existing router and it seems like the easiest solution from DDWRT was to purchase an additional router for each location to create the tunnel so that I do not need to change (or very minimal change) the config on the existing router in each location.  I have purchased two Linksys WRT1900 (v1 and v2) to attempt to get this working.

Ultimately, I am hoping a CPE device in the secondary location to be able to connect back to the primary location and pull an IP address.

Does anyone have any guidance about using OpenWrt and also using OpenWrt to create this tunnel?

Thanks in advance!

Post #2
mk24
2 Sep 2017, 01:54

First of course install OpenWrt.

This is the guide I used:
https://wiki.openwrt.org/doc/howto/vpn.openvpn

You need a TAP configuration in order to "pull an IP address" (DHCP) through the VPN.

For testing, connect the WAN ports of both routers to another "main" router that is connected to the Internet.  That way you can simulate a connection via the "Internet" (actually the LAN of your main router) without actually being in different locations.

The site that is the server needs to have an ISP that allows incoming connections, and a static IP or a dynamic DNS.  If there is another router in between the ISP and the OpenWrt OpenVPN server, port 1194 (UDP) needs to be forwarded through that router to the OpenWrt router. 

None of the paragraph above is necessary at the client end.

(Last edited by mk24 on 2 Sep 2017, 01:56)

Post #3
gil_happy
2 Sep 2017, 14:57

Thank you... let me digest and I will start working on this.  Unfortunately I'm sure I will have many questions.

PS - the server location is Comcast and the client side is CenturyLink.

Post #4
gil_happy
3 Sep 2017, 18:55

Ok, I've got OpenWRT installed on my WRT1900ACv2.  My first question is since I have the WAN port of the WRT1900 is plugged into one of the LAN ports of the main routers, is there a way to enable WAN http access for easy web GUI access to the WRT1900?  Since the WAN port does not face the public internet, this should be ok.  I see some articles about tunneling http protocol through ssh, but this seems like overkill.

The discussion might have continued from here.