So – I received my Astaro Security Gateway 220 last week and this morning I decided to get it hooked up and configured. The most important configuration being linking it to my second site. Soon i’ll have two Astaro’s but right now the other site still has a linksys router with DD-WRT v24 installed. First things first – DD-WRT does NOT support IPSEC so forget about it. In this post I’ll show you how to configure the Astaro as an OpenVPN server and the DD-WRT as a client.

Step 1

Log into the astaro and click on Site-to-site VPN

Choose SSL from the drop down. You will be presented with the connections tab. Click New SSL connection.

Connection Type: Server

Connection Name: Site B

Local Networks: Internal (Network)

Click the plus sign next to Remote Networks and fill it in according to your remote network.

Save that and then make sure you leave Automatic packet filter rules checked. Then click Save.

Next Click Settings your settings should look like this:

Save any changes and then click Advanced

Now I’m sure the encryption and authentication can be changed – but for the sake of this article this is how I’m going to configure it.

I’ve enabled debug mode for now so we can see whats going on. Apply those settings and then click back on Connections.

Now you want to download the configuration file – unencrypted – and open it in notepad++ or something similar.

Inside that file you should see 2 certificates and 1 RSA Private Key. The first cert in the file is the Public Client Cert the second is the CA Cert and the last RSA Private key is the Private Client Key

Open up your dd-wrt router (hopefully at this point you have remote access to a computer on the remote network)

You should copy and paste those values into the correct inputs in the DD-WRT (under services, VPN, OpenVPN Client) and save and apply.

Next inside the asg.apc file you downloaded – at the very end you should see something like this:

The first highlighted value is the username – the second is the password. We need to use these in a configuration startup script. On the DD-WRT click administration and then commands.

sleep 30
echo “REF_uClaMWVnny
REF_VMHOQOXAGW0000ref_vmhoqoxagw” > /tmp/openvpncl/user.conf
sleep 10
echo “client
dev tun
proto udp
hand-window 30
port 1195
remote REMOTE SERVER
resolv-retry infinite
nobind
persist-key
persist-tun
ca /tmp/openvpncl/ca.crt
cert /tmp/openvpncl/client.crt
key /tmp/openvpncl/client.key
cipher BF-CBC
auth SHA1
comp-lzo
route-delay 4
verb 3
reneg-sec 0
auth-user-pass /tmp/openvpncl/user.conf” > /tmp/openvpncl/vpn.conf
( sleep 10 ; killall openvpn ; /usr/sbin/openvpn –config /tmp/openvpncl/vpn.conf –auth-user-pass /tmp/openvpncl/user.conf –route-up /tmp/openvpncl/route-up.sh –down /tmp/openvpncl/route-down.sh –daemon ) &

Make sure you use YOUR username and password – also replace REMOTE GATEWAY with the Astaro Gateway IP.

Reboot the DD-WRT and you should be good to go.