RT-N66U (lan to lan VPN)

[digilog5]

Hello,

I have a question regarding the RT-n66u for a PPTP vpn connection router to router.

I already have an RT-n66u in site A and have its PPTP VPN server running properly. What I am looking for is getting another one to another site B, which will allow outgoing PPTP connections to the router at site A. My existing router is running the stock fw. and I know a VPN client does not yet exist embedded in the stock fw. Could anyone tell me if any of the TomatoUSB builds allows to setup outgoing PPTP vpn connections easily with a GUI (I do not want to deal with scripts etc...)? And how easy would that be?
Lan A (with the existing RT-n66u) is in the US and Lan B is in Europe. Lan B is ADSL-based so it will rely on a separate DSL modem. So far the only routers I have found that can do this are the Draytek's (Vigor series) but their range is not that impressive.

Thanks in advance,

 

[medusakeith]

We'd found DrayTek's client-base VPN utility on the Internet which is helpful to us to quickly install VPN tunnels for our main office and outbound worker.

It's easy to me to log in the ID/Password and the VPN server IP over the screen when i'm home and fixing my email things.

The links we found are:
http://www.youtube.com/watch?v=1wlqp8YcC9g
http://www.vpntracker.com/us/vendor/4/draytek-mac-vpn-client.html

Enjoy it

 

[digilog5]

Thanks.
Yes that's assuming you need to use a PC as a client.
My interest is also having a lan-to-lan VPN (PPTP) from one rt-n66u to another rt-n66u, without any pc being involved. This would require that the router which starts the VPN connection has a built-in client.

For the time, the stock firmware supports only a server. I've seen the feature list of the new Tomato Shibby fw. 097 including a VPN client for PPTP but I cannot seem to be able to confirm this from anywhere. There are no screenshots anywhere I've searched to look at this config page of the fw. GUI.

Thanks

 

[lazik]

Thanks.
Yes that's assuming you need to use a PC as a client.
My interest is also having a lan-to-lan VPN (PPTP) from one rt-n66u to another rt-n66u, without any pc being involved. This would require that the router which starts the VPN connection has a built-in client.

For the time, the stock firmware supports only a server. I've seen the feature list of the new Tomato Shibby fw. 097 including a VPN client for PPTP but I cannot seem to be able to confirm this from anywhere. There are no screenshots anywhere I've searched to look at this config page of the fw. GUI

VPN GUI from Tomato by Shibby v97

 

[digilog5]

That's perfect! Thanks.

Has anyone tried the client?

 

[somms]

That's perfect! Thanks.

Has anyone tried the client?

Yes, working fine. Although, I've been using OpenVPN for a couple years between physically seperated wireless routers beginning with DD-WRT: https://forums.openvpn.net/topic7049.html

 

[Just Some Guy]

That's perfect! Thanks.

Has anyone tried the client?

I have tried the client (at my office) and am able to get a pptp connection to my house with two RT-N66U routers (server [house] running ASUS firmware 3.0.0.4.260, client [office] running Shibby 097) - at least, the log on the server shows

Nov 14 10:57:28 pptp[2292]: Connect: ppp10 <--> pptp (XXX.XXX.XXX.XXX)
Nov 14 10:57:28 pptp[2292]: found interface br0 for proxy arp
Nov 14 10:57:28 pptp[2292]: local IP address 192.168.1.1
Nov 14 10:57:28 pptp[2292]: remote IP address 192.168.1.100

But I am not able to ping any of the connected machines on the server side (Destination host unreachable). I'm going to head out for lunch and try to ping the office from the house.

The server DHCP pool range is set from 192.168.1.2 to 192.168.1.12
The server VPN pool range is set from 192.168.1.100 to 192.168.1.109
The client DHCP pool range is set from 192.168.1.201 to 192.168.1.210

Did anyone ever get this lan to lan via pptp setup working? If so, how? If I am missing something basic and need to read up, I'm happy to do so. Please point me where to look.

 

[RMerlin]

Your VPN clients are in a different subnet from the destination, so you will have to setup a static route to tell your client how it can access that other subnet.

EDIT: actually, there's a typo in what you posted, so I'm not sure if you mean a different subnet or not:

The server VPN pool range is set from 192.168.100 to 192.168.1.109

 

[Just Some Guy]

Sorry for the typo. The IP address are all on 192.168.1.XXX
Server DHCP Pool: 2 -12
Server VPN Pool: 100 - 109
Client DHCP Pool: 201 - 210

I had looked around and saw that you gave that advice to others and it seemed to work for them, so I tried to set mine up the same way.

 

[RMerlin]

Sorry for the typo. The IP address are all on 192.168.1.XXX
Server DHCP Pool: 2 -12
Server VPN Pool: 100 - 109
Client DHCP Pool: 201 - 210

I had looked around and saw that you gave that advice to others and it seemed to work for them, so I tried to set mine up the same way.

If both the local LAN and the remote LAN are within the same IP subnet (192.168.1.xxx), then you probably won't be able to connect them together easily, as you will have conflicting default gateways and overlapping routes. In such a scenario, you usually have to configure your PPTP client to tell it to use the remote gateway as the default route. The side-effect of this however is it means that all Internet traffic from the client will also be sent through the VPN tunnel - usually not what you want.

The ideal setup with PPTP would be something like this:

Client LAN: 192.168.1.xxx
Remote LAN: 192.168.10.2 through 99
VPN range: 192.168.10.100 through 109

If you are able to re-IP either networks, that would be your best bet. Otherwise, you will require a different setup, or a more flexible VPN technology such as OpenVPN (which can automatically push routes to the client).

 

[Just Some Guy]

First, thank you for your replies. I genuinely appreciate it.

I've reconfigured the networks like so:
PPTP Server DHCP pool: 192.168.1.2-12
PPTP Server VPN pool: 192.168.1.100 - 109
PPTP Client DHCP pool: 192.168.2.2-12

However, I was still unable to ping any of the connected devices on the server side (I'm on the client's LAN). Though I was able to ping the server at 192.168.1.1 with an avg response time of 65ms.

 

[Just Some Guy]

I was finally able to ping other devices on the server's network. In addition to the IP settings Merlin said to use, I also had to set the Remote subnet/netmask to on the VPN client page to:
192.168.1.0/255.255.255.0

I can't refer to names, only IP address, but I think it'll work for my needs.

 

[digilog5]

I am glad this worked for you.
After posting my original question here, I ended up getting a Draytek router (2920n) which is connected to DSL in one location, and I still have my RT-N66U at the other location.
The Draytek already had a built-in VPN client. I am running fw. 176.15 Merlin in my asus.
I set it up and the Draytek connects by PPTP to the Asus VPN server and the connection has shown to be very stable even for long periods of time. I assigned to the Draytek and the Asus different subnets.

The Asus had the default 192.168.10.1 ip for the VPN server (the clients will get ip in the range 192.168.10.10 to 19).

In the Draytek VPN dial out client, I assigned 192.168.10.1 as Remote Network IP, 0.0.0.0 Remote Gateway IP, and 255.255.255.255 remote network mask.
I found out when i VPN'd to the asus with a windows pc, that the subnet was 255.255.255.255 even though in the lan settings I had 255.255.255.0. So I assumed that this was the one to use in the Draytek and did that.
I also set the RIP direction to disable and activated the NAT option in the field "from first subnet to remote network" of the Draytek VPN client.
It worked fine like that. If I ping from an ipad behind the draytek, the ip address of the Asus VPN server, the Draytek immediately dials out and connects to the Asus.

 

[Just Some Guy]

Thanks for following up.

I can ping from the client LAN to the server LAN but not back. I may just try switching out both to a different firmware and use openVPN (as suggested by RMerlin) and use a 3rd party DDNS.

Glad to hear you got something working. It was your initial post that started me down this road. I'm not sure whether to thank you or curse you