I use a Linksys 3200 acm running tge lucy openvpn client and set up a killswitch so all network devices go through my vpn.
Now i would like to simultaneously run a vpn server (that receives its internet throught the above mentioned vpn, so i can establish a connection to my homenetwork through the open vpn client from my smartphone.
Is that possible? How would i do it? (Running a client and server simultaneouly. Would this significantly affect the performance of my router?)
Anyone here that can give me a instruction on how to configure the vpn server, so it runs through the vpn client? The policy based routing link seems like a lot of work
I have a spare raspberry pi 4 with 8gb and think using it as vpn server. Now setting it up is not really a problem, but i see a problem in using my vpn ip address (for a ddns). Any idea to work around this?
You have a connection to a VPN endpoint through which all of your internet traffic is tunneled.
You want to set up an inbound VPN server type setup that will allow remote access to your network from elsewhere on the internet.
And you intend to use the IP address of that remote VPN endpoint as the IP address that you will use for connecting to the inbound VPN server on your network?
Is that all correct?
If so, the real question is on the remote VPN endpoint -- is this a commercial service or a VPS? The latter is usually pretty easy. The former, though, not so much.
Assuming you're talking about a commercial VPN service - do you know if the provider is assigning you a unique IP address, used only by you and no other subscribers? Do they allow inbound listening connections and/or do they offer a port forwarding service?
And im using a commercial vpn provider. (static but shared IP adress)
Thts the bummer i stumbled into just now too, because it wont allow me to setup a ddns for the vpn server.
If there is a trick to fix this via vpn ip please let me know because i cant see one right now. :-/
The other option i see is to create a rbpi vpn server that uses my isp provided ip or via ddns and connects to my vpn router so i can access the network from here. (But this somehow seems unsafe to me. I sometimes use torrents which is why i didnt choose to use my selfhosted rbpi vpn server in the first place since the ip shown will be my isp one for the traffic from my phone to my network) or m i mistaken here?
Yes, you'll need to use your actual wan address from your ISP (assuming it is a proper public IP), or you could use another VPN or VPS service that has a public IP address assigned uniquely to you.
There isn't really anything dangerous about using your ISP wan address as the endpoint for your VPN server... after all, your traffic must use that IP for the existing VPN to work in the first place (i.e. one side of the tunnel terminates at that address). Setting up another tunnel to terminate at that address is fine.
You can setup a VPN server on your main router or behind it... it doesn't really matter and doesn't materially change the security considerations.
That said, no matter what combination of methods you use, you will need policy based routing on your main router to enable this functionality, and you will need a public IP address that you can use to connect to your VPN server.
My network looks like this:
ISP Router with netmask 192.168.178.1
Connects to
VPN Router with netmask 192.168.179.1
From here all devices connect and use the vpn ip
So ISP router and VPN router are not in the same network...
If i now connect my rbpi with vpn server on it and connect it to the ISP Router... How will the rbpi and my vpn network communicate? Should i use the same netmask for rbpi and vpn router?
And assuming this would work and i would connect my phone over vpn to the rbpi router, wouldnt i use my isp ip. Is there a way that all my traffic passes through the vpn router? And ofc all of it is obfuscated from my isp and phone provider...
If you port forward from ISP router to the Pi with the VPN server that will work and you should be able to connect to your VPN server.
However you cannot connect from the Pi to your other router by default.
It is possible if you can set static routes on the ISP router for the Pi and the Linksys, for the Pi with subnet 192.168.179.0/24 you setup a static route e.g.: ip route add 192.168.179.0/24 via <wan-ip-adddress-of-Pi>
For the the linksys you do the same.
Next you have to make a firewall rule to allow traffic from 192.168.0.0/16 on the Pi and the Linksys.
This should make it possible to connect from one router to the other by IP address.
