Hi everybody, i have a project in my mind, i have two GL-MT300N-V2 a couple little routers, well one i use like a vpn client to connect a comercial vpn and the other i use like a server vpn both with openvpn, two fisical ports (wan, lan) and separatly both work too well.
Well I want that the clients that connect to server can route trougth my client, how?, I'll trie to draw it:
| public ip
(home adsl-modem) 192.168.1.254/24
|_________________________ Subnet 1
wan 192.168.1.15/24________|________ wan 192.168.1.10/24
tun0 10.8.0.2/24.............................................tap0 10.10.0.135/48
(vpn server)...................................................(client vpn)
lan 192.168.8.15_____________________lan 192.168.8.10/24 Subnet 2
All computers in the site that connect to the lan client por and put the ip 192.168.8.10 like a gateway can reach comercial vpn.
My problem, i can't make route betwen tun0 an lan so my clients can't reach comercial vpn.
PD. Sorry for my English, for my explanation, and so on. I hope anyone can help me.
Sorry, but your scheme is confusing.
If you want to run OpenVPN server and client simultaneously, the server should work over TCP and utilize the proper routing policy.
The problem that I see is that you are using the same subnet 192.168.8.0/24 for both LANs. You won't be able to add a route for a network that already is directly connected.
Yeah I know that with my poor schema and i'm sorry
I wanted avoid to have both, one server and one client in the same device.
I hope it'll be a litle bit more clear.
The right GL needs to know about the 10.8.0.0/24 network. Does it have a route via 192.168.8.15?
The left GL needs to have a rule to send traffic from 10.8.0.0/24 to the other GL. Is there one?
It is great mess. Who performs functions of main router, who has public IP from ISP? I suppose, ADSL router does, and two GLs are LAN-clients. I recommend you, as vgaetera wrote, to use SINGLE router as vpn-client and vpn-server simultaneously with properly configured policy routing. In your configuration I can't even imagine, how LAN-clients of one GL-router can go via tunnel to NordVPN of another GL. I've understood, what do you want. You want to make one GL-router to go to Internet via another GL-router, connected LAN-to-LAN. I haven't seen such configuration. In theory it could be achieved by policy routing and NAT tun-to-lan, but I don't recommend to use it.
The first time I thought in "SINGLE router as vpn-client and vpn-server simultaneously" but then believed "it´s good idea remove overload to a single GL then i purchased the other"
My target, well, i purchased one access to "Security Lab Training" it connect with a vpn client, and i´d like share it with a couple of friends.
I'll try vpn-client and vpn-server simultaneously.
If someone else have more ideas, i'd like hear them.