Setting Up a Site-to-Site VPN using a Linksys RV082 and OpenWrt/Openswan on a WRT54GS

After a week of trying out several different types of VPNs (PPTP, SSTP, IPSEC) at my new office, I finally figured out a solution to setup a WAN between my Linksys WRT54GSv3 and a Linksys RV082 business router. The solution was initially presented by Joe Kelly at but I couldn’t get it to actually work until tonight.

Being a big fan of DD-WRT, I was hoping that I would be able to use it for my IPSEC VPN but DD-WRT only supports OpenVPN, not Openswan, which is what I need to connect to the remote RV082 router.

The techniques provided by Joe worked but the software did not. Apparently, I had to downgrade to OpenWrt from his suggested RC6 to RC4. With RC6, I could establish a tunnel successfully, but I could not ping and traffic did not go through either side. I thought it was my routing table but RC4 has the same routing table and it works perfectly.

Setting up a tunnel is actually easier than I expected — I had to modify just 3 files on my OpenWrt install and add one tunnel to my RV082. So here’s what my network looks like:

  OpenWRT (LFT) RV082 (ATX)
External IP
External Gateway
Internal IP
Internal Subnet
Internal Subnet Mask

File 1: /etc/ipsec.conf
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup

# Add connections here
conn LFT-to-ATX

#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf

File 2: /etc/ipsec.secrets
: PSK “mybigolsecret”

I appended the following on file 3: /etc/firewall.user
### IPSec VPN
# allow IPSEC
iptables -A input_rule -p esp -j ACCEPT
# allow ISAKMP
iptables -A input_rule -p udp -m udp –dport 500 -j ACCEPT
# allow NAT-T
iptables -A input_rule -p udp -m udp –dport 4500 -j ACCEPT
# disable NAT for communications with remote LAN
iptables -t nat -A postrouting_rule -d -j ACCEPT
# Allow any traffic between tunnel LANs
iptables -A forwarding_rule -i $LAN -o ipsec0 -j ACCEPT
iptables -A forwarding_rule -i ipsec0 -o $LAN -j ACCEPT

After restarting ipsec on OpenWrt (ipsec setup restart), the following routing table was produced:

Destination Gateway Genmask Flags Metric Ref Use Iface U 0 0 0 ipsec0 U 0 0 0 vlan1 U 0 0 0 br0 UG 0 0 0 ipsec0 UG 0 0 0 vlan1

As for the configuration on the RV082 side, it looks like this:


The RV082’s routing table looks like so:

Destination IP Address Subnet Mask Default Gateway Hop Count Interface * 40 ixp1 * 45 ipsec0 10 ipsec0 * 50 ixp0
default 40 ixp1

And voila! A secure, perma-VPN is born. There are big ol gaps in information here, but Joe’s fab post fills in much of that if you need it.

Chrissy is a Cloud and Datacenter Management & Data Platform MVP who has worked in IT for over 20 years. She is the creator of the popular SQL PowerShell module dbatools, holds a master's degree in Systems Engineering and is coauthor of Learn dbatools in a Month of Lunches. Chrissy is certified in SQL Server, Linux, SharePoint and network security. You can follow her on Twitter at @cl.

Posted in Networking