Route network traffic using a second OpenWrt router

omenraining · March 10, 2022, 2:02am

I have two OpenWRT routers. There's a main router, connected to the internet; and a second router, a client for the main router.

The second router has OpenVPN client an a connection to OpenVPN server.
I have a client from main router, and I need to route traffic going to 10.10.0.1/24 to second router, and second router to send the incoming traffic to OpenVPN server.

The main router has

route (interface lan, target 10.10.0.1/24, gateway 192.168.1.10)

The second router has

eth0 (ip is from main router dhcp) (this is the wan)
tun0 (openvpn client interface)
route (interface wan, target 10.10.0.1/24, gateway 10.10.0.1)
no bridges.
no lan interface.

How can I make it so request to "Service1" (10.10.0.11) from "MacMini" (192.168.1.8) go throught the vpn client on second router?

I'm aware I could simply install the openvpn client on main router or in each individual computer on the lan. The purpose is to learn about routing and networking in general.

Thank you!

trendy · March 10, 2022, 9:12am

target should be 10.10.0.0/24

normally this should not be needed, but if the server is not advertising to the client the whole /24, then you need a route for 10.10.0.0/24.
Also you need to allow traffic from wan interface of secondary router to the vpn interface and optionally masquerade the traffic in case the OpenVPN server doesn't know about 192.168.1.0/24 network.

omenraining · March 10, 2022, 10:10pm

what about firewall rules? Curently all zones and all rules are set to "accept"

trendy · March 11, 2022, 9:14am

You can either enable forwarding from wan to lan, or make a rule to allow traffic from wan zone to lan zone. The forwarding is preferred.