Connecting a remote router as client to an OpenVPN server

I have a WRT1900ACS with LEDE 17.01.4 and a OpenVPN server working (TUN), which I got it running by following step by step the great OpenVPN guide in the wiki.

I can connect to it via my smartphones and PCs with the official OpenVPN client and I can see the rest of the computers in the server LAN (and they can see me conected to it) and access to internet via the server WAN interface.

Ok, now I wanted to add a remote LEDE router connected as VPN client to my OpenVPN server via internet so all the clients connnected to this router are automatically under the VPN. Is that possible?

This router uses the WWAN interface to obtain access to internet from another router directly connected to the FTTH cable (I think it is called a routed client using masquerade). I have followed the steps detailed in this guide. I will post the results of the vpn-related parts from the client router.

My /etc/config/network looks like:

config interface 'vpn'
    option ifname 'tun0'
    option proto 'none'
    option auto '1'

My /etc/config/openvpn:

config openvpn 'myvpn'
	option enabled '1'
	option client '1'
	option dev 'tun'
	option proto 'udp'
	option resolv_retry 'infinite'
	option nobind '1'
	option persist_tun '1'
	option persist_key '1'
	option ca '/etc/openvpn/XXXX.ca'
	option key '/etc/openvpn/XXXX.key'
	option cert '/etc/openvpn/XXXX.cert'
	option comp_lzo 'yes'
	option verb '3'
	option float '1'
	option pull '1'
	option remote 'XXXX 1194'
	option tls_client '1'
	option enable '1'

My /etc/config/firewall:

config zone
	option name 'vpn'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	option masq '1'
	option network 'vpn 

config forwarding
	option src 'vpn'
	option dest 'lan'

config forwarding
	option dest 'vpn'
	option src 'lan'

So, the final result is that I can enable the myvpn instance, connect to it, I see traffic under the VPN0 interface (only TX no RX) but I cannot either access to internet or see the other computers in the VPN. Basically I cannot ping any client in the VPN subnet (10.8.0.0) so I think there is some big problem with the firewall rules/zones.

Anyone could help me?

Thansk in advance!

Hi jfromeo

Yes it is possible to achieve . LEDE as a client to an OpenVPN server . What you want is called Site to Site a.k.a S2S. Many example exist on google.

I found this example that sounds like it will meet your needs.

Yeah, that is the tutorial I have followed but I came across the problems I described in the OP. Plus I want to use the VPN for all external sites not only select ones, and be able to get access to the LAN resources where my OpenVPN server is running.

Thanks.

Sorry to bother again with this thread.

Anyone knows any more detailed guide to follow? Or anyone knows where I am failing, looking at my configs?

jfromeo

Please post your server configuration. If your client configuration has changed please post the updated configuration. Also please post any test scenarios that you have tested.

Thanks,
cititechs