I have a specific phone company fiber router that I'd like to pass to an OpenWrt router that is serving currently only as an access point (the LAN switch is on the local subnet and the DHCP server in the OpenWRT router is disabled. I have assigned the OpenWRT router a static IP address and I'm not even using the WAN port.
I'd like to forward port 1194 to the IP address of this OpenWrt router which is now just a switch and access point on the local LAN and I would like to install OpenVPN server running on it as well to give access to my local LAN via remote ISP accessing OpenVPN clients. I have set up OpenVPN server on a couple of other installations but in these installations the OpenWrt routers faced the ISP with the WAN interface and performed as the local subnets only router. Since I can't add an OpenVPN server on the fiber optic modem router combo, all I can do is forward the 1194 port to the OpenWrt service as an access point.
It may be that OpenVPN as configured will not even listen on the LAN switch for 1194 packets. Ther reason I don't use the WAN port and that I instead disable the DHCP server and give the defice a static IP address on the local LAN is that I don't want part of my network on a seperate subnet which would be the case if I set up the secondary OpenWrt router with the WAN connected to the local LAN.
You'll need to configure the "upstream" router to forward the port(s) of interest to your OpenVPN server's IP and port(s).
The configuration seems like it might be tricky for OpenVPN if its listening interface is in the same subnet as that which it reveals -- two interfaces on the same subnet. At least there you can manage the routing with static routes. You've then got the problems of clients that won't know if to route through the VPN, or directly through your upstream router.
I can think of several topologies that might resolve that. The most straightforward would be to put your router into "pass-through", "transparent", or "bridged" mode (however they may call it) and use your OpenWrt device for NAT, DHCP, DNS, NTP, firewall, wireless access, and the like. A "second-best" approach, as it likely uses double-NAT, would be to set up the OpenWrt device as a "DMZ host", if your upstream router doesn't support bridged mode, but does supply a DMZ feature.
I think what my problem is might be that I am trying to squeeze too much out of the hardware, talking advantage of both the fiber modem/router's radio and the radio in the OpenWrt routed as well.
I will check into the bridge mode option, I can pick up an extra used openwrt capable and try that route.. Thanks
I recently has success getting bridge mode working. The vendor documentation i had for my non-openwrt adsl2 device regarding bridge mode was pretty thin , but it did start working ok once i configured the vci correctly. (It was literally just settting Pppoe on the openwrt wan interface)