On Fri, 14 Jan 2022 15:36:46 -0500, Selva Nair <selva.n...@gmail.com> wrote:
>On Fri, Jan 14, 2022 at 10:36 AM Bo Berglund <bo.bergl...@gmail.com> wrote: >> >> I have two ASUS routers, RT-AC68U and RT-AC86U. >> One is sitting at home (RT-AC86U) on a fiber connection and the other will >> soon >> be placed at my summer home where we have just gotten a fiber installed. >> >> Now I would like to hook the two sites together using VPN so that I can reach >> resources on both LAN from both places. >> >> I have seen this documentation: >> https://openvpn.net/vpn-server-resources/site-to-site-routing-explained-in-detail/ >> It shows in principle how it can be done. > >That doc relates to the commercial OpenVPN Access server, not the >community version of OpenVPN. Yes, I realized that but it was what I found when searching... >Read this instead: > >https://community.openvpn.net/openvpn/wiki/HOWTO#ExpandingthescopeoftheVPNtoincludeadditionalmachinesoneithertheclientorserversubnet > >Ignore the part about bridged setups, stick to routed tun. Thanks, I will go over that carefully, but a quick overview makes me wonder if it is not missing the part where the devices on the *server* LAN should be able to connect to the client LAN devices? >From the page above: "Including multiple machines on the server side when using a bridged VPN (dev tap) One of the benefits of using ethernet bridging is that you get this for free without needing any additional configuration." This seems to be the inclusion of the *server* side LAN to the client side devices... (I do not know what "bridged" means in this context). But I want to include the *client* side LAN devices to be accessible to all of the devices on the *server* side LAN. Basically the two LANs should be routed together both ways... Meanwhile I have found an interesting thread on the SNBForum:: https://www.snbforums.com/threads/solved-setup-for-bi-directional-vpn-with-wrt-based-routers-e-g-asus.66912/ >> Do I have to configure my routers as both OpenVPN Server and Client and have >> them connect to each other, or can one connect to the other in Client mode >> while >> the routing will be both ways? > >I do not know about bullit-in OpenVPN in ASUS routers, but typically >you would run one as a server and the other as a client although >point-to-point is also possible. Use routed tun mode and set up >routing as in the howto linked above. I managed to SSH into the router so I could check the version of OpenVPN they use. Turns out that it is a bit old: openvpn --version OpenVPN 2.3.2 arm-buildroot-linux-gnueabi [SSL (OpenSSL)] [LZO] [EPOLL] [eurephia] [MH] [IPv6] built on Sep 11 2018 PREVIOUS TESTING ---------------- A few months ago as a test I configured the ASUS router that will go to the other site as a VPN client and created a login ovpn conf file to my home OpenVPN server (running on an Ubuntu 20.04.3 server machine). Using this OVPN file on the remote router itself worked fine as far as my testing went, it connects as soon as it powers on and connects to the internet. Clients on that router can see the home LAN just fine. But it does not provide for visibility in the other direction, which I assume is only possible if the OpenVPN server it connects to is my home router itself, which is somehow told to route home LAN traffic targeting the remote IP range of 192.168.117.0/24 into the open tunnel instead of failing. And this is where I am at right now... I will now check the link you provided a bit more carefully. :) -- Bo Berglund Developer in Sweden _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
