I’m fairly new to networking setup here but have been doing my best to Google for answers, so please excuse where my knowledge may be lacking..
Goal: I have a LAN router that I want to access remotely via OpenVPN as if I were plugged into the device. The device has multiple PCs hooked up into it locally, and also accesses other network resources via an Internet connection such as a chat server. However, the router has a firewall and thus it does not have full Internet access.
My VPN router (GL-AR150 running OpenWRT) needs to have two connections made to it: one to the LAN device itself (obvious reasons), and one for the router itself to obtain full access to the Internet (thus allowing incoming VPN connection).
- AR150 = VPN Router
- R6400 = WAN router with full Internet access
- LAN Router = device with network resources that I want to access
Right now the physical configuration looks like this:
[ AR150 ] -> eth1 -> [ LAN Router ] -> [ R6400 ]
[ ] -> eth0 -> [ R6400 ]
My interfaces are LAN, LAN2, WAN.
- LAN is linked to the Wifi Adapter to access configuration and nothing else really. I don’t need the Wifi for anything else other than configuring the VPN router.
- WAN is linked to eth0 to provide access into the VPN router from the client.
- LAN2 is an interface I created to act as a bridge between eth1 (physical connection to LAN router), br0, and tap0. Tap0 is my virtual TAP interface and br0 my virtual bridge interface.
If I plug a machine directly into the LAN device, I get an IP assigned in 10.154.202.X, subnet 255.255.255.0, Default Gateway 10.154.202.254. DNS 10.133.1.1 and 10.134.1.1. This is the behavior I’m trying to replicate for the client when connected via VPN.
Right now I’m able to connect the client to the VPN router without issue in Windows. I get an IP assigned in the specified subnet (10.154.202.50 usually) and I can ping anything plugged into the LAN router directly, but can’t get anything outside of it. It’s also not assigning a Default Gateway when I load ipconfig.
Here’s my configuration. Any help would be appreciated.
Server Config:
client-to-client
persist-key
persist-tun
auth SHA1
cipher BF-CBC
comp-lzo adaptive
dev tap0
dev-type tap
group nogroup
keepalive 10 120
mode server
mute 5
port 9000
proto udp
push "persist-key"
push "persist-tun"
push "redirect-gateway def1"
route-gateway dhcp
server-bridge 10.154.202.20 255.255.255.0 10.154.202.50 10.154.202.55
topology subnet
duplicate-cn
user nobody
verb 3
Client Config:
client
dev tap
proto udp
remote [IP Address Removed] 9000
resolv-retry infinite
nobind
persist-key
persist-tun
auth SHA1
cipher BF-CBC
comp-lzo adaptive
nice 0
mute 5
verb 3