How to create a VPN tunnel to access router and FreeNAS from WAN

Hi,

I would like to know if I can do this on a OpenWrt Router :

  • Connect to a FreeNAS Server (Sharing, SFTP, SSH etc) from outside when ExpressVPN is Enabled. If yes, what do I have to read to achieve that ?

Thanks

is not related to

Your openwrt router needs a vpn server or similar that is to be connected to... expressvpn is a client outgoing connection... you don't get back into your network this way ( using typical consumer vpn products )....

You should read;

  • openvpn server ( wiki )
  • openvpn client ( wiki )

Technically you could direct port forward the incoming FreeNAS sftp/ssh... but it's a less secure and less scalable option.

2 Likes

You're absolutely right.

In fact the question should have been : Can I get accès to OpenWrt AND the FreeNas that is connected to it. In other words, get accès to my whole network form WAN.

So if I understand you well, I should install OpenVPN server on both the OpenWrt router and FreeNas Server if I want access to them both, right?

Thanks for your help.

Do you want to connect from the OpenWrt router to a VPN server, or do you want to connect to the OpenWrt router (and FreeNAS) using a VPN client.

1 Like

I want to connect to the OpenWrt router (and FreeNAS) using a VPN client or any other convenient method.

Ok then, but ExpessVPN is the name of a specific VPN service, and the question a bit confusing.

You just need to install a VPN service on the router (OpenVPN, wireguard, ...), and you will be able to access all other devices in your network.

1 Like

The reason the question is confusing is because in my mind, when you have ExpressVPN installed for outgoing connections (OpenVPN is already installed) it may prevents connections from WAN to the routeur :
here is where I got help with it : Unable to run OpenVPN on a TP-LINK Archer C7 v2 Router

@eduperez would you please help me with OpenVPN or Wireguard so that I could access to the router and FreeNAS?

You can set up simultaneous vpn-server, and vpn-client, using Policy-Based-Routing.

1 Like

I"m beginning to understand how it works.

@ulmwind your help were precious in my previous issue. Would you please help me with this ? I really don't know where to start.

  1. You should use TCP protocol for both connections.
  2. You should use different ports for two connections.
  3. Install Policy-Based-Routing https://github.com/stangri/openwrt_packages/blob/master/vpn-policy-routing/files/README.md, choose, what VPN-server to install (I recommend OpenVPN also) and after that write here.

Thanks a lot, much appreciated.

opkg update
opkg install vpn-policy-routing

Done.

Can you please update the topic title (scroll to top, then click the pencil behind the topic), in order to make it less vague, and somewhat related to your question?

Thanks!

1 Like

Ok done.
Hope the new title is explicit enough.

1 Like

I'm not sure you need policy based routing, sounds like it's getting a little over complicated. Are you wanting to get remote access to your LAN from a device you own? Laptop, mobile phone, etc? If so, you should be able to achieve what you want by just setting up Wireguard on each device. The necessary routes should get added automatically by Wireguard without affecting all other traffic going through ExpressVPN.

1 Like

Install luci-app also. Below there is advice to use wireguard, I haven't used it, so, please, decide, what to do (how to enable access to lan).

I want solutions and help with whatever method that will get me the results.
And I know that if I follow your instructions it will work so I will follow your method, even if it is simpler will Wireguard.

Thanks for your help.

root@OpenWrt:~# opkg install luci-app-vpn-policy-routing
Installing luci-app-vpn-policy-routing (git-20.036.30966-0b513de-69) to root...
Downloading http://downloads.openwrt.org/snapshots/packages/mips_24kc/luci/luci-app-vpn-policy-routing_git-20.036.30966-0b513de-69_all.ipk
Configuring luci-app-vpn-policy-routing.
root@OpenWrt:~#

Done.

For now I wan't to access documents, apps etc. of my FreeNAS server from my phone. But if it is not tricky i would love to be able te do than through other computers. But one step at a time.

If your aim is to get it working on your phone then why spend time trying to get OpenVPN and policy based routing when you can do it much more simply with Wireguard? Especially if you want to add additional devices at a later date.

Mainly because it will help me understand more about OpenVPN, OpenWrt and routing for further tweaking.
I read here and there that one of the options to achieve what I want is OpenVPN Server. Since it is widely used I'll go for it.
It doesn't mean that I will not try Wireguard later maybe but I'm confident about @ulmwind method and want to go for it.

I forgot to mention that I will use policy routing to bypass ExpressVPN for some devices of the LAN. So I will have to use them anyway.