We combine two local networks via the Internet. Vpn lan to lan. Asus wl520gu + dd-wrt and FreeBSD + mpd5
Introduction
I am lucky to work in an organization that is developing, and from time to time new tasks arise that allow me to grow as well. This time I needed to merge the head office and the second branch. The task for me is not new, but I decided to approach it differently than before.
Currently, FreeBSD + mpd5 is installed in the head office as a PPTP server. In the first branch is similar (except for the fact that it is used as a vpn client). There are also 8 points where one computer is installed on Windows XP OS “clinging” to the head standard client of this OS.
I need to create another tunnel between the two networks, but I cannot use my favorite FreeBSD OS, due to the limited space for installing a router in the second branch (this is a retail store, all the equipment is nestled on a narrow rack). In addition, I wanted to try the dd-wrt firmware, which I had heard so much about, in action.
Start.
So we have:
VPN server: FreeBSD 7.3 (Release i386) + mpd5 (Version 5.3)
VPN client: Asus wl520gu + dd-wrt (DD-WRT v24-sp2 (10/10/09) vpn)
* the same firmware is still standard, and dd-wrt is still to be “screwed”, which we will do.
Firmware router.
In many articles that I found, the authors for some reason omitted the description of the router's firmware process, citing the simplicity of this action. I spent about half an hour reading the documentation on the official website, it was written very lucidly. But I still describe, in steps, what I did.
1. It is necessary to perform a hardware reset, the so-called 30/30/30. This is necessary in order to get into engineering mode. Get the ability to "fill" the firmware.
When the power of the router is on, press the reset button, hold for 30 seconds, without releasing the button, turn off the power and hold for another 30 seconds, without releasing the button, turn on the power and hold the reset button again for 30 seconds.
Hint: the default ip of the router is 192.168.1.1. If you ping it before a hardware reset of 30/30/30, then ttl will be equal to 64, after resetting ttl becomes equal to 100.
')
2. Download the firmware dd-wrt.v24_mini_asus.trx
* other firmware / firmware for other router models are available at dd-wrt.com/site/support/router-database
3. The next step is to download the downloaded firmware. For this we need the utility tftp (tftp - trivial file transfer program). Since I have Ubuntu installed on my netbook, installation is reduced to one command
go to the folder with the firmware file
connect to the router
select the binary mode
send the file with the firmware
Now ATTENTION , after the program informs you about the end of the file transfer process, turn on the stopwatch and WAIT FOR FIVE EARTH MINUTES .
4. After 5 minutes, disconnect the piece of iron from the power supply, and wait 30-40 seconds. Turn on, check, if during “pinging” we see ttl = 64, then we can already be a little happy =)
5. Let's go to 192.168.1.1 , we will be asked to change the username and password. We are changing and rebooting the router again (I performed this step more due to reinsurance).
Now you can climb on the web interface, believe it is very, very pleasant and interesting.
Then you can upload some other firmware from dd-wrt using the web interface already. In my case, this is dd-wrt.v24_vpn_generic.bin. There is definitely nothing complicated, but do not forget about FIVE EARTH MINUTES =)))
* here caring creators will show us a timer counting down seconds from 300
Then customize for yourself. Again, the web interface is very good. On each page there is a hint, do not apply to use!
VPN configuration
As a result of the experiments, the mpd5 config has taken the following form
ASUS settings on the screenshot
That's probably all. Traffic from the network to the network runs and is encrypted.
- SMALL APDATE ---
After the connection is established, dd-wrt'ovy pppd (in accordance with the configuration /tmp/pptpd_client/options.vpn) sends lcp echo requests every two seconds (for details see rfc 1661 ppp) and after the server does not respond to it for the third time sends Terminate-Request as a result, the connection is broken. The lcp-echo-interval and lcp-echo-failure parameters in the config are responsible for this behavior. We also needto remove them to hell to exclude, for this we go to the web interface Administration -> Commands and drive in such a script:
Click Save Start, after which we reboot the router.
I am lucky to work in an organization that is developing, and from time to time new tasks arise that allow me to grow as well. This time I needed to merge the head office and the second branch. The task for me is not new, but I decided to approach it differently than before.
Currently, FreeBSD + mpd5 is installed in the head office as a PPTP server. In the first branch is similar (except for the fact that it is used as a vpn client). There are also 8 points where one computer is installed on Windows XP OS “clinging” to the head standard client of this OS.
I need to create another tunnel between the two networks, but I cannot use my favorite FreeBSD OS, due to the limited space for installing a router in the second branch (this is a retail store, all the equipment is nestled on a narrow rack). In addition, I wanted to try the dd-wrt firmware, which I had heard so much about, in action.
Start.
So we have:
VPN server: FreeBSD 7.3 (Release i386) + mpd5 (Version 5.3)
VPN client: Asus wl520gu + dd-wrt (DD-WRT v24-sp2 (10/10/09) vpn)
* the same firmware is still standard, and dd-wrt is still to be “screwed”, which we will do.
Firmware router.
In many articles that I found, the authors for some reason omitted the description of the router's firmware process, citing the simplicity of this action. I spent about half an hour reading the documentation on the official website, it was written very lucidly. But I still describe, in steps, what I did.
1. It is necessary to perform a hardware reset, the so-called 30/30/30. This is necessary in order to get into engineering mode. Get the ability to "fill" the firmware.
When the power of the router is on, press the reset button, hold for 30 seconds, without releasing the button, turn off the power and hold for another 30 seconds, without releasing the button, turn on the power and hold the reset button again for 30 seconds.
Hint: the default ip of the router is 192.168.1.1. If you ping it before a hardware reset of 30/30/30, then ttl will be equal to 64, after resetting ttl becomes equal to 100.
')
2. Download the firmware dd-wrt.v24_mini_asus.trx
* other firmware / firmware for other router models are available at dd-wrt.com/site/support/router-database
3. The next step is to download the downloaded firmware. For this we need the utility tftp (tftp - trivial file transfer program). Since I have Ubuntu installed on my netbook, installation is reduced to one command
sudo aptitude install tftpgo to the folder with the firmware file
cdconnect to the router
tftp 192.168.1.1select the binary mode
mode binarysend the file with the firmware
put dd-wrt.v24_mini_asus.trxNow ATTENTION , after the program informs you about the end of the file transfer process, turn on the stopwatch and WAIT FOR FIVE EARTH MINUTES .
4. After 5 minutes, disconnect the piece of iron from the power supply, and wait 30-40 seconds. Turn on, check, if during “pinging” we see ttl = 64, then we can already be a little happy =)
5. Let's go to 192.168.1.1 , we will be asked to change the username and password. We are changing and rebooting the router again (I performed this step more due to reinsurance).
Now you can climb on the web interface, believe it is very, very pleasant and interesting.
Then you can upload some other firmware from dd-wrt using the web interface already. In my case, this is dd-wrt.v24_vpn_generic.bin. There is definitely nothing complicated, but do not forget about FIVE EARTH MINUTES =)))
* here caring creators will show us a timer counting down seconds from 300
Then customize for yourself. Again, the web interface is very good. On each page there is a hint, do not apply to use!
VPN configuration
As a result of the experiments, the mpd5 config has taken the following form
pptp_vpn_filial2:
create bundle static pptp1
set ipcp ranges 10.255.255.11/32 10.255.255.12/32
set ipcp dns 192.168.0.5
set iface route 192.168.4.0/24
set iface enable proxy-arp
set iface enable on-demand
set bundle enable compression
set ccp yes mppc
set mppc yes e128
set mppc enable compress
set bundle enable crypt-reqd
set mppc yes stateless
create link static lpptp1 pptp
set link action bundle pptp1
set link no pap
set link yes chap
set auth authname "onotole"
set auth password "ololololo"
set link mtu 1460
set link keep-alive 0 0
set link max-redial -1
set pptp peer 172.17.59.12
set link enable incomingASUS settings on the screenshot
That's probably all. Traffic from the network to the network runs and is encrypted.
- SMALL APDATE ---
After the connection is established, dd-wrt'ovy pppd (in accordance with the configuration /tmp/pptpd_client/options.vpn) sends lcp echo requests every two seconds (for details see rfc 1661 ppp) and after the server does not respond to it for the third time sends Terminate-Request as a result, the connection is broken. The lcp-echo-interval and lcp-echo-failure parameters in the config are responsible for this behavior. We also need
(while [ ! -f /tmp/pptpd_client/options.vpn ]; do sleep 10; done
sed /lcp/d /tmp/pptpd_client/options.vpn > /tmp/pptpd_client/temp.vpn
cp /tmp/pptpd_client/temp.vpn /tmp/pptpd_client/options.vpn )&Click Save Start, after which we reboot the router.
Source: https://habr.com/ru/post/99925/
All Articles