OpenVPN: Set up a VPN Server and VPN Client in the router

Hi, currently my setup is Zyxel Armor Z2 running on OpenWRT 19.07, I am using a VPN Service, so for that reason I have an OpenVPN client running on my router so all my network traffic to the internet goes thru that VPN.

But I would like to additionally set up a VPN Server on the router, so when i am on the go, I can access securely my resources on my network and not having to deal with port forwarding or making public any private resource.

So, my questions are:

  • is it posible to have both configuration on the same roter?

if so:

  • how can I make the dual configuration work?
  • do I need to bridge my modem with my router for it to work? or just with the DDNS services up is enough?
  • once I have connected to my network remotely, my devices would access the internet thru the VPN on my router, or they would access the internet from their local connection? what about if I am using an smartphone to connect like iphone?

Yes, it is possible. However now we are trying to configure Policy-Based Routing to perform it. At the time we have troubles with it, vpn-policy-routing by @stangri doesn't work, it creates additional chain in mangle table, and redirects packets marked with --mark 0x0/0xff0000:

-A PREROUTING -m mark --mark 0x0/0xff0000 -j VPR_PREROUTING

Since we haven't found the place, where mark is set, no packets goes via chain.

You should have real IP to connect from Internet.

You can configure access via VPN-client, it is the simplest approach. With Policy-Based Routing you can configure access via WAN.

Thank you @ulmwind, so basically theoretically it is possible but at the moment the functionality is not mature enough? or I misunderstood something.

It does work (well, did work last time I've had default routing thru VPN tunnel). Needs different chain (OUTPUT) as indicated in the README.

I can re-test some time next week.

1 Like

OK, thanks to @stangri, now we can try to configure.

I've been doing this for years, although manually configured, using exactly this technique: putting the list of networks to route via the vpn into a ipset, then marking the matching packets in the mangle table and then doing policy routing based on the mark, so it should work if setup correctly.

I used to use it to bond two internet links together. I currently use it to selectively route certain traffic through a vpn tunnel.

Can you point me to this package so I can look at it?

Hi @stangri, in the readme says that it supersedes VPNbypass, I should remove it first, or they can co-exists?

As I am looking forward to test it out this weekend.

I would recommend to not have both packages installed at the same time.