Hi there all!
I've already broke my brain how to implement such scheme. Maybe it is not possible at all. Anyway, will be very appreciated for any help.
Well, i have:
- two OpenVPN servers on two dfifferent VPS (fully accessamble for me).
- two Openwrt routers
What i'm trying to achieve is to connect these two openwrt routers in the following way:
-
Router#1 connects to VPS1 OpenVPN Server and uses this tunnel to provide internet connection to Router#2 that is in Router1# LAN subnet.
-
Router#2 uses Router#1 as WAN (default gateway). Also Router#2 connects to VPS2 OpenVPN Server and uses this tunnel to provide internet connection to Router#2 LAN clients.
I would like to understand if it is really possible to implement VPN cascading? All that I achieved is that when i check my current external ip from Router#2 terminal, for example with curl ident.me, i see that i'm using the correct IP of the VPS OpenVPN server#2. Also i can ping, f.e., 8.8.8.8 from Router#2. But when i'm trying for example to make something like opkg update - nothing works, i see only errors like "unable to download packages" or "check you internet connection". When im trying to connect to the internet from Router#2 LAN client i also can't neither browsing nor anything else, only can ping the default gateway of the client (which is Router#2).
I've tried vpn policy routing on Router#1 to route only the LAN subnet traffic (where Router#2 sits) through VPN#1 tunnel but no success. The result is the same. Is it worth to keep trying imoplement such scheme? If yes, could somebopdy tell me where is the issue? I suppose with routing but i have no idea which routes should be added and where. I've thought that it is enough to use vpn policy based routing to achieve what i want but... Help please! I've lost all hope to make the working scheme in the last 2 weeks. Thank you in advance.
When you see this kind of message, check from OpenWrt:
traceroute example.org
traceroute 8.8.8.8
If there's an error, post the error message.
2 Likes
Hi vgaetera, thank you for reply.
Find below the output of traceroute (from router#2 command line):
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 38 byte packets
1 10.88.94.1 (10.88.94.1) 153.524 ms 157.782 ms 159.454 ms
2 xxx.yyy.zzz.1.myVPS2.host (xxx.yyy.zzz.1) 159.473 ms 158.293 ms 158.692 ms
3 static.1.zzz1.yyy2.xxx2.clients.your-server.de (xxx2.yyy2.zzz2.1) 159.359 ms 157.734 ms 159.458 ms
4 core12.nbg1.hetzner.com (xxx3.yyy3.zzz3.5) 159.471 ms core11.nbg1.hetzner.com (xxx3.yyy3.zzz3.1) 157.921 ms 157.998 ms
5 core4.fra.hetzner.com (xxx4.yyy4.zzz4.245) 159.790 ms 157.874 ms core0.fra.hetzner.com (xxx4.yyy4.zzz4.21) 159.751 ms
6 72.14.218.94 (72.14.218.94) 158.053 ms 72.14.218.176 (72.14.218.176) 98.887 ms 72.14.218.94 (72.14.218.94) 116.417 ms
7 * * *
8 108.170.235.255 (108.170.235.255) 173.547 ms dns.google (8.8.8.8) 193.550 ms 98.677 ms
traceroute to openwrt.org (139.59.209.225), 30 hops max, 38 byte packets
1 10.88.94.1 (10.88.94.1) 95.867 ms 129.067 ms 159.710 ms
2 xxx.yyy.zzz.1.myVPS2.host (xxx.yyy.zzz.1) 103.422 ms 134.198 ms 159.654 ms
3 static.1.zzz1.yyy2.xxx2.clients.your-server.de (xxx2.yyy2.zzz2.1) 159.814 ms 157.971 ms 159.581 m
4 core12.nbg1.hetzner.com (xxx3.yyy3.zzz3.5) 160.843 ms core11.nbg1.hetzner.com (xxx3.yyy3.zzz3.1) 156.983 ms 157.990 ms
5 core4.fra.hetzner.com (xxx4.yyy4.zzz4.245) 159.660 ms 143.293 ms core0.fra.hetzner.com (xxx4.yyy4.zzz4.21) 159.775 ms
6 digitalocean.fra.ecix.net (62.69.146.102) 156.448 ms 156.467 ms 159.407 ms
7 * * *
8 * * *
9 * * *
10 wiki-01.infra.openwrt.org (139.59.209.225) 196.399 ms 153.904 ms 159.785 ms
I've replaced some related to my vps is with xxx...xxx4, yyy...yyy4, zzz...zzz5 (i think this is not important. 2nd second hop - xxx.yyy.zzz.1.myVPS2.host (xxx.yyy.zzz.1) - is my VPS2 server gateway and it is completely the same that i see @ip link of my vps2 server).
1 Like
Really have no clue where is the issue... Please, help!