Route vpn server trafic trougth an vpn client (openvpn)

no_name · August 20, 2019, 5:52am

Hi everybody, i have a project in my mind, i have two GL-MT300N-V2 a couple little routers, well one i use like a vpn client to connect a comercial vpn and the other i use like a server vpn both with openvpn, two fisical ports (wan, lan) and separatly both work too well.
Well I want that the clients that connect to server can route trougth my client, how?, I'll trie to draw it:

|-(clients)
|
|-(comercial vpn)
|
|
(internet)
|
| public ip
|
(home adsl-modem) 192.168.1.254/24
|
|_________________________ Subnet 1
wan 192.168.1.15/24________|________ wan 192.168.1.10/24
tun0 10.8.0.2/24.............................................tap0 10.10.0.135/48
(vpn server)...................................................(client vpn)
lan 192.168.8.15_____________________lan 192.168.8.10/24 Subnet 2

All computers in the site that connect to the lan client por and put the ip 192.168.8.10 like a gateway can reach comercial vpn.

My problem, i can't make route betwen tun0 an lan so my clients can't reach comercial vpn.

PD. Sorry for my English, for my explanation, and so on. I hope anyone can help me.

Tks.

vgaetera · August 20, 2019, 7:06am

Sorry, but your scheme is confusing.
If you want to run OpenVPN server and client simultaneously, the server should work over TCP and utilize the proper routing policy.

trendy · August 20, 2019, 9:07am

The problem that I see is that you are using the same subnet 192.168.8.0/24 for both LANs. You won't be able to add a route for a network that already is directly connected.

no_name · August 22, 2019, 1:50am

Yeah I know that with my poor schema and i'm sorry
I wanted avoid to have both, one server and one client in the same device.

no_name · August 22, 2019, 1:56am

I hope it'll be a litle bit more clear.

trendy · August 22, 2019, 7:44am

The right GL needs to know about the 10.8.0.0/24 network. Does it have a route via 192.168.8.15?
The left GL needs to have a rule to send traffic from 10.8.0.0/24 to the other GL. Is there one?

ulmwind · August 27, 2019, 1:46pm

It is great mess. Who performs functions of main router, who has public IP from ISP? I suppose, ADSL router does, and two GLs are LAN-clients. I recommend you, as vgaetera wrote, to use SINGLE router as vpn-client and vpn-server simultaneously with properly configured policy routing. In your configuration I can't even imagine, how LAN-clients of one GL-router can go via tunnel to NordVPN of another GL. I've understood, what do you want. You want to make one GL-router to go to Internet via another GL-router, connected LAN-to-LAN. I haven't seen such configuration. In theory it could be achieved by policy routing and NAT tun-to-lan, but I don't recommend to use it.

no_name · September 10, 2019, 7:00pm

Thanks guys.
The first time I thought in "SINGLE router as vpn-client and vpn-server simultaneously" but then believed "it´s good idea remove overload to a single GL then i purchased the other"
My target, well, i purchased one access to "Security Lab Training" it connect with a vpn client, and i´d like share it with a couple of friends.
I'll try vpn-client and vpn-server simultaneously.
If someone else have more ideas, i'd like hear them.
Thanks.