TechInfoDepot:DD-WRT/PPTP Tunneling

= Introduction = This setup will bridge DD-WRT routers, allowing any host connected to the network to be visible from the WAN cloud. To turn this HOWTO simple I'll use only two DD-WRT routers but theoretically you can further extend the setup to any number of routers.

Tested Versions
This article should work with any supported DD-WRT version. Feel free to add your version to the following list:
 * DD-WRT v24-sp2 (01/21/09) std

Does NOT work with
 * DD-WRT v24-sp2 (10/10/09) std-nokaid (instructions below are not for v24-sp2 firmware; may work (untested) with method from http://www.dd-wrt.com/phpBB2/viewtopic.php?p=10933#10933)

= Configuration =

Generic information

 * dd-wrt-01
 * Address: 192.168.1.1
 * Netmask: 255.255.255.0
 * Gateway: 0.0.0.0
 * DHCP Range: 192.168.1.100-150
 * DDNS: foo-corp-dd-wrt-01.no-ip.com


 * dd-wrt-02
 * Address: 192.168.2.1
 * Netmask: 255.255.255.0
 * Gateway: 0.0.0.0
 * DHCP Range: 192.168.2.100-150
 * DDNS: foo-corp-dd-wrt-02.no-ip.com

dd-wrt-01
This step will configure the basic information for the local network.
 * 1) Goto Setup > Basic Setup
 * 2) Set Router Name and Host Name to "dd-wrt-01"
 * 3) Set Local IP Address to "192.168.1.1"
 * 4) Set Subnet Mask to "255.255.255.0"
 * 5) Save

Now lets make your dynamic IP address always reachable trough a hostname.
 * 1) Goto Administration > DDNS
 * 2) Set DNS Service to "No-IP.com"
 * 3) Change Username, Password and Hostname to your personal account information
 * 4) Hostname in this example will be set to "foo-corp-dd-wrt-01.no-ip.com"
 * 5) Save

Now we tell the router that there is another network on the other side of the WAN. Basically we're telling "If you want to access any host on the 192.168.2.x subnet please forward your packet trough the router at the IP address "192.168.2.1".
 * 1) Goto Setup > Advanced Routing
 * 2) Under Static Routing:
 * 3) Set Route Name to "foo-corp-dd-wrt-02"
 * 4) Set Metric to "0"
 * 5) Set Destination LAN NET to "192.168.2.0"
 * 6) Set Subnet Mask to "255.255.255.0"
 * 7) Set Gateway to "192.168.2.1"
 * 8) Set Interface to "ANY"
 * 9) Save

This router will have the role of "concentrator" meaning that every router that wants to be part of our bridge should connect to it. If you've got a more complex design with three routers (A, B and C) traffic from B to C will always pass trough router A.
 * 1) Goto Services > PPTP
 * 2) Enable PPTP Server
 * 3) Set Server IP to "192.168.1.1"
 * 4) Set Client IP(s) to "192.168.1.200-201"
 * 5) Set CHAP-Secrets to: " *  *"
 * 6) Disable PPTP Client Options
 * 7) Save

Saving ourselves from a headache.. ;-)
 * 1) Goto Security > VPN
 * 2) Enable PPTP Passthrough
 * 3) Disable IPSec and L2TP Passthrough
 * 4) Save

This step maybe optional.. but routing packets trough a WAN interface without being encrypted is stupid.
 * 1) Goto Administration > Commands
 * 2) Enter "sed -i -e 's/mppe .*/mppe required,stateless/' /tmp/pptpd/options.pptpd"
 * 3) Save Startup
 * 4) NOTE: This will force all PPTP clients to use encryption
 * 5) Save

Wrapping everything up..
 * 1) Goto Administration
 * 2) Reboot Router

dd-wrt-02

 * 1) Goto Setup > Basic Setup
 * 2) Set Router Name and Host Name to "dd-wrt-02"
 * 3) Set Local IP Address to "192.168.2.1"
 * 4) Set Subnet Mask to "255.255.255.0"
 * 5) Save


 * 1) Goto Administration > DDNS
 * 2) Set DNS Service to "No-IP.com"
 * 3) Change Username, Password and Hostname to your personal account information
 * 4) Hostname in this example will be set to "foo-corp-dd-wrt-02.no-ip.com"
 * 5) Save

Now we tell the router that there is another network on the other side of the WAN. Basically we're telling "If you want to access any host on the 192.168.1.x subnet please forward your packet trough the router at the IP address "192.168.1.1".
 * 1) Goto Setup > Advanced Routing
 * 2) Set Route Name to "foo-corp-dd-wrt-01"
 * 3) Set Metric to "0"
 * 4) Set Destination LAN NET to "192.168.1.0"
 * 5) Set Subnet Mask to "255.255.255.0"
 * 6) Set Gateway to "192.168.1.1"
 * 7) Set Interface to "ANY"
 * 8) Save

This router will have the role of "node".
 * 1) Goto Services > PPTP
 * 2) Disable PPTP Server
 * 3) Enable PPTP Client Options
 * 4) Set Server IP or DNS Name to "foo-corp-dd-wrt-01.no-ip.com"
 * 5) Set Remote Subnet to "192.168.1.0"
 * 6) Set Remote Subnet Mask to "255.255.255.0"
 * 7) Set MPPE Encryption to "mppe required"
 * 8) Set MTU to "1450"
 * 9) Set MRU to "1450"
 * 10) Enable NAT
 * 11) Set Username to "PPTP_CLIENT_USERNAME_SITE02"
 * 12) Set Password to "PPTP_CLIENT_PASSWORD_SITE02"
 * 13) Save


 * 1) Goto Security > VPN
 * 2) Enable PPTP Passthrough
 * 3) Disable IPSec and L2TP Passthrough
 * 4) Save

Wrapping everything up..
 * 1) Goto Administration
 * 2) Reboot Router

Issues

 * Not sure why "NAT" is enabled, given the sites are a site to site route - NAT will break the whole premise of a site to site connection

= See Also = PPTP Server Configuration HOW TO configure a WINDOWS BOX to make a VPN Connection to linksys