Honestly I don't think it is a matter of restarting from scratch or rebooting.
You are trying to solve a problem consisting of terrible planning, a SoftEther VPN server, some openwrt-based routers and OpenVPN in wrong mode, in a forum dedicated to something close to one of the elements of the problem... These solutions should be designed end to end by some integrator, with equipment tested for interoperability.
Try with Wireguard. At least it supports only routed mode, so you can't go wrong with that.
I have successfully created vlan eth0.1 and bridged tap0 to that instead of local lan. The vlan shares same ip as server virtual lan/nat, server ip 192.168.3.12 engineering pc 192.168.3.15 and rut240 vlan 192.168.3.3 and I can ping between all 3 from each point perfectly fine. So all I need to figure out now is how to create NAT or Bridge the eth0.1 to eth0 (vlan to lan) in the rut240 and this should then allow access to anything on the local lan hopefully.
<Engineering PC 192.168.3.15>----------------<Server VLAN 192.168.3.12>------------<RUT240 192.168.3.3>-------------<PLC 192.168.2.5>
So I just need to gain access to the PLC now, I did create some static routes and ended up locking myself out of router and had to do hard reset so I either got it wrong or not the way to do it.
If all these sites weren't existing already I would just have every device on it's own subnet and would not be an issue, but that can't be done. There are other devices out there such as eWON and few others that use OpenVPN for remote access to PLC etc and they don't have issues with subnets etc so it must be possible to achieve, i'm just not very experienced with networking and vpns etc
Most likely, there's no one who can help you troubleshoot SoftEther VPN.
And using TAP, you are looking for even more troubles, which you can simply avoid with TUN.
So, it would be much easier if you use the official OpenVPN or WireGuard client and server software.
All I have to do now is get access from the RUT240(openwrt) routers vlan to the local lan... surely this is achievable? Been looking at wireguard and looks like it's udp and layer 2 just like the openvpn tap which is layer 2. I can't find any examples of wireguard client to client.
<client-----<Server-----<client
but it may just work without additional configuration. The problem is if I try to use wireguard the rut240 does'nt natively support it so would have to install and use it in the background of the router. Are there any other options such as software-defined networks that work with openwrt?
How will Tun be less trouble? You have to set up static routes on all clients and push routes from server etc where the Tap just seems to work. I don't have any issues with SoftEther to trouble shoot, that's working just fine. Windows can connect to softether in tun or tap with same configurations I have on rut240, so much be a bug or something wrong with the rut240 to not connect in tun. I even tried another server I have that's openvpn via pfsense and everything connects to that fine except tun on the rut240... I had raspberry pi connect fine to both server in tun and tap so I have nailed it down to an issue with the rut240. I would have thought what i'm doing isn't super complicated but is out of scope for what most people use VPNs for. Thanks for all your help so far
I don't quite follow the terminology "natively" and "background", but all VPN instances run as a service, or in the background if you prefer. Only if you are troubleshooting something you run the server in the foreground.
Keyword is "seems", otherwise we wouldn't be arguing now.
In your case you need broadcast domain segregation. You can achieve that with tun protocol. Tap creates a broader broadcast domain. As simple as that.
Most likely you've been looking at the wrong place. Wireguard is L3 and we have many topics here covering that. For example.
I have been having a good look in to wireguard and have set it up on my windows server vps and just win 10 pc and access to local networks pretty quick and easy. The one problem I see is you can not have multiple servers running at the same time, when you activate second server it drops the running one. I would need server per device with it's own tunnel and that way I can connect engineering pc to which ever server the end device/plc I need connecting to at the time. I don't think I could have all peers connecting to the one server, all the peers would have the same allowed IP address since all the PLC have same IP and then there would be no way for the engineering pc to know which PLC is which unless i'm missing something.
First of all you can have as many instances as your physical server can handle. You obviously need to have a dedicated IP/port for each instance.
Second, the tunnel will be setup from the 4g routers, where there is NAT applied, and they have different IPs from what I see in the diagram. So I don't see the issue there.
I just can't get the server to run multiple instances at the same time for some reason. I have different ports and IPs but as soon as I activate it the current one running drops out and disconnects. I would like to have a server per customer to separate them. So one customers may have 5 remote sites with openwrt(rut240) and another customer with 2 sites and so on. I will set up wireguard on the rut240 today and attempt to get multiple server instances running.
This is the error from the log I get at times as well, but just not possible to run more than one server instance at a time it seems
2019-10-08 09:41:02.511: [TUN] [vpn] Unable to create Wintun interface: Error creating interface: Unable to set name of Wintun interface: NciSetConnectionName failed: The function attempted to use a name that is reserved for use by another transaction.
I think I have found out why, it's because wireguard is not in the list for some reason, whether it's been removed or doesn't support that architecture. I don't see wireguard in the others also.
root@Teltonika:~# opkg install temp/wireguard_0.0.20190601-1_mips_24kc.ipk
Unknown package 'wireguard'.
Collected errors:
* pkg_hash_fetch_best_installation_candidate: Packages for wireguard found, but incompatible with the architectures configured
* opkg_install_cmd: Cannot install package wireguard.
Atheros Hornet, MIPS 24Kc, 400 MHz Is the CPU and from what I could find on the OpenWRT website it should be mips_24kc
Maybe I'm just out of luck using these routers, I thought they were good choice being OpenWRT not realizing it was there own version. Is there a way to flash normal openWRT and WebUI as they are a nice little compact 4G LTE Router. I know it's not in the list of hardware but there may be a way.