Creating a VPN tunnel between two apartments based on routers with dd-wrt

Background:

Actually, the task is to unite house 1 and house 2. In service, we have the following schemes:

House 1: -internet prov. Beeline l2tp; psTV (196.168.2.13); dir615C2 (ext: 192.168.2.1, ext: 95.24.xh (will be a VPN client))

House 2: -internet prov. Interzet with white ip; PS4 (192.168.1.13); dir6154 (ext st.IP: 188..., vnt: 192.168.1.1 (there will be a VPN server)

Dd-wrt firmware was installed on both routers. The installation procedure is not complicated, there is a lot of information on this topic on the Internet.
')
The goal is that the dir615c2 equipment (hereinafter referred to as “B”) is available on the dir615E4 local network (hereafter referred to as “A”) and back.

Preparation, problems, solution:

After installing dd-wrt and setting up an internet connection, it was noticed on the router And the lack of ping between clients connected via lan (there is no such problem with wifi). This problem is solved in two ways:

1. Installing the dd-wrt firmware from 04-18-2014-r23919

2. Entering the “Administrator - Commands” tab and executing the command:

swconfig dev eth0 set enable_vlan 1 swconfig dev eth0 set apply 

Inspired by the settings, I felt the desire to make automatic switching off and on WIFI, whether for the purpose of experiment, or to reduce the number of radiating devices in the apartment. For this, several solutions were found:

1. Using ifup, ifdown, and cron commands. For this, in the “Administrator” tab in the Cron item we write:

 0 7 * * * root /sbin/ifconfig ath0 up 0 0 * * * root /sbin/ifconfig ath0 down 

This will enable on. at 7:00 am and off 00:00 night. But I, like many, she did not work.

2. This method consists in using the WPS / Reboot button on the router body. For this, in the Services menu in the SES / AOSS / EZ-SETUP / WPS Button item follows on. Turning off radio. But every time to press the button is not very interesting.

3. Using the WIFI scheduling command:

 nvram set radio0_timer_enable=1 nvram set radio0_on_time=000000011111111111111111 nvram commit 

Where 0 is off, 1 is on, in my example it is on. at 7:00 and off at 01:00.

Now you can proceed to configure the VPN. The PPTP server is raised to “A”, and the client is raised to “B”. Make sure the VPN is working on the tab “Status - lan”. At the bottom indicates that the client "B" is connected to the server "A".

(Server and client settings were carried out in the Web interface)



On the server, setting the name and password should be put * through a space.



If you, like me, have a router based on the Atheros AR7240 , then perhaps the VPN client will remain with its local IP when connected (without taking ip from the server range). In this case, you need to add noipdefault in the field of encryption mpppe. Also, it will not be superfluous to add --nobuffer in the SP box of the pptp server separated by a space for off. buffering.

Now that we have a VPN tunnel, we need to register a route to the next network.

"A" has a network of 192.168.1.0/24 and ip as a VPN server 172.16.1.1
"B" has a network of 192.168.2.0/24 and ip as a VPN client 172.16.1.51

For access from "A" to "B" you need to set:

 route add -net 192.168.2.0 netmask 255.255.255.0 gw 172.16.1.1 

To access from "B" in "A" you need to specify:

 route add -net 192.168.1.0 netmask 255.255.255.0 gw 172.16.1.51 

Since when reconnecting the client to the VPN server, the route will be reset and it will have to be re-set, it was decided to write a Shell script. He would periodically check for the presence of a route and in the case of his absence he checked the raising of the tunnel, and if there was one, he would set the route.

It looks like this for the server:

 #!/bin/sh if PPTP=`ip ro | awk '/192.168.2.0/ {print $1}'`; test "$PPTP" = "192.168.2.0/24" then exit; #      ip ro    192.168.2.0       else if PPTPup=`ip ro | awk '/172.16.1.51/ {print $1}'`; test "$PPTPup" != "" then route add -net 192.168.2.0 netmask 255.255.255.0 gw 172.16.1.1 else exit; #      ip ro "VPN"           fi fi exit; 

For the client, we change 192.168.2.0 to 192.168.1.0, 172.16.1.51 to 172.16.1.1, 172.16.1.1 to 172.16.1.51.

Now we need to make this script work at a given interval. It is possible to do this in the “Administrator” tab in the Cron paragraph, we write:

 */3 * * * * root /tmp/custom.sh 

This will give us the launch of the script every 3 minutes, every hour and every day. This completes the VPN tunnel setup.