Need help picking out Equipment for remote Location- Needs to boot back up easily

[nayr]

There's a feature exposed called CRON, outlined here: https://www.dd-wrt.com/wiki/index.php/CRON

I can help you set this up to grab a snapshot and save it if you have that avilable.. You'd need to flash it and then try to setup a point2point VPN between your 2 sites.. your cabbin network is using a different network mask right?

*edit*

*/60 * * * * root wget -q --output-document=/path/to/snapshot-`date '+%Y_%m_%d_%H'`.jpg - http://user:pass@NVR/cgi-bin/snapshot.cgi?channel=1

that would grab a snapshot every hour and save it with the date and time to the place you specify.. filename would look like snapshot-2016_10_26_00.jpg

 

[CaliGirl]

Ok. I flashed the router with new software and it is working. Will all my data at home (netflix etc) end up going through the established VPN? That might over tax the data plan at the cabin? But a photo every hour would be great.

yes, home is 192.168.1.1 and cabin is 192.168.20.1

 

[nayr]

no it should only route traffic for that subnet over the VPN.. this is the difference between a point to point VPN and a client VPN, it bridges 2 networks.. a client vpn tunnels into a network.

ie:
192.168.1.0 - Local
192.168.2.0 - Cabin
Everything else default route (Local Cable Modem)

You'll have a permanent VPN running between the cabin and the house, so like at the cabin you'll be able to access printers and computers at the house and vice versa.. you wont need any VPN clients connected when on either network, internet will always go out the local connection.

 

[nayr]

https://docs.openvpn.net/how-to-tutorialsguides/virtual-platforms/site-to-site-layer-3-routin-using-openvpn-access-server/

 

[CaliGirl]

https://docs.openvpn.net/how-to-tutorialsguides/virtual-platforms/site-to-site-layer-3-routin-using-openvpn-access-server/

I'm reading this carefully. Some of it makes sense, some of it feels like reading Chinese to me.

I have an open vpn key in the form of a .ovpn file that the Asus creates. Do I need to import that into the DD-wrt somewhere to get the info populated? I.e. fill in the open vpn client page on dd-wrt?

 

[nayr]

open that .ovpn file up in text editor and it should have all the information you need to configure the OpenVPN Client in DDWRT

You want a TAP device, advanced, Bridge TAP to br0.. then we need to define a static route of 192.168.2.0/24 (Example Cabin Network) on br0

 

[CaliGirl]

open that .ovpn file up in text editor and it should have all the information you need to configure the OpenVPN Client in DDWRT

You want a TAP device, advanced, Bridge TAP to br0.. then we need to define a static route of 192.168.2.0/24 (Example Cabin Network) on br0

I would have never known to open via text editor. I got all those elements entered and the 3 different certificate keys. Anything for subset mask?

The other VPN is still connected. that is what is green and says connected. Waiting for the new user name and password I made for this one to turn green to know we have it connected.

3 different keys, entered all of them.

 

[nayr]

leave the IP address spot blank, it should get that from the remote side.. same with subnet

 

[CaliGirl]

leave the IP address spot blank, it should get that from the remote side.. same with subnet

Ok. will do.

 

[nayr]

servername/ip is the external address or dyndns hostname of your cabin right?

anything in logs?

 

[CaliGirl]

servername/ip is the external address or dyndns hostname of your cabin right?

anything in logs?

Yes. Server name is a version of this (xxxxxx.ddns.net)

Logs show lots of open vpn activity but don't know how to separate it from other vpn running. and if I turn it off I will loose connection to Asus router. PM'd the logs

 

[CaliGirl]

Pretty confusing as to where each client key goes. I put them in order.

 

[nayr]

added you to my friend list so u can PM me; otherwise im a PM nazi heh;

ah yeah you need those keys in there, look at the tags they are contained within: CA = Certificate Authority, Cert = User Public Certificate, Key = User Private Key

do you have a TLS one too?

 

[CaliGirl]

added you to my friend list so u can PM me; otherwise im a PM nazi heh;

ah yeah you need those keys in there, look at the tags they are contained within: CA = Certificate Authority, Cert = User Public Certificate, Key = User Private Key

do you have a TLS one too?

All 3 keys are already or were already in there. Just saying it is confusing as to which one is which. I labeled them above in the photo as to what I think each one is.

There is a:
1. </ca>
<cert>

2. </cert>
<key>

3. private key


Don't see anything about TLS


there is a note in the Asus help guide that I should be adding: Only paste the content of the ----- BEGIN xxx ----- / ----- END xxx ----- block (including those two lines).

So I will go back and add those headers to each one "----- BEGIN xxx ----- / ----- END xxx --"

 

[CaliGirl]

They are called slightly different names just trying to find a way to know that the key I am putting in is for that lock.

 

[nayr]

yeah those have to be included

server keys are for your router, they are fine.. but they should look similarly formated with the --BEGIN --END

 

[CaliGirl]

OK. I removed the public client cert on the WDT side. Kept the beginning and end headers as it suggest.

The text file from Asus router provides a:

ca cert
cert key (not sure where to put this one)
private key

---
There is an advanced tab on the Asus cabin side that looks like this:

 

[nayr]

try changing your TAP to TUN for now, your logs looked like it was authenticating fine.. just failing to ping the other gateway

 

[nayr]

** did a webex, debugged the vpn setup, got it working after an hour or so **

That was sure an adventure; glad you got up and going..

The ONLY reason I was willing to spend so much time assisting you was because you've shown such a willingness to learn and help others out here.. had you still been a n3wbie swinging around in the dark i'd of left you to figure all that out on your own..

You've been a good investment of my time, so thank you for that..

anyhow, I dont think I got you fully setup for a full blown P2P, your kinda directional now.. You have a permanent route from your Home to your Cabin, but not the other way around.. Your Cabin cannot access your house.. I think this may be how you want it since your Cabin seems to be a shared resource among your family/friends.. I am not sure I can get your Asus at the cabin to do that, not without putting WRT on it too because I can specify custom configs.. think its best how you got it now.

You probably want to setup the USB storage on it now, get your foscam ftp working again if you need it still and I'll help you write a script to grab your camera's image and save it for a timelapse video.. Could even further post it somewhere as a online webcam if you want now that you have DD-WRT running and we have a linux shell now

 

[nayr]

if you ever need better logs from your home vpn client:

Terminal.app
ssh root@<dd-wrt>
cat /tmp/var/log/messages

we had to enable syslog first for that; incase you upgrade/reinstall.. it gave me errors I could search and find quick answers for, it basically said in pretty clearly that there was a problem with DDWRT being setup for MD5 and ASUS for SHA1; stupid crypto mismatch errors.. but they were not being displayed anywhere else soo yeah.

I notice your DDWRT was only a 600Mhz model, if you notice performance issues you might consider upgrading to a newer router with >1Ghz cpu and perhaps some crypto hardware.. im not sure how much VPN bandwidth that will take.. good news is I think you can export your config from this one and import into a new one and not have much trouble.. another nice thing about using a WRT firmware, unleashes you from hardware vendor lockin