Route vpn server trafic trougth an vpn client (openvpn)

Hi everybody, i have a project in my mind, i have two GL-MT300N-V2 a couple little routers, well one i use like a vpn client to connect a comercial vpn and the other i use like a server vpn both with openvpn, two fisical ports (wan, lan) and separatly both work too well.
Well I want that the clients that connect to server can route trougth my client, how?, I'll trie to draw it:

|-(comercial vpn)
| public ip
(home adsl-modem)
|_________________________ Subnet 1
wan|________ wan
(vpn server)...................................................(client vpn)
lan Subnet 2

All computers in the site that connect to the lan client por and put the ip like a gateway can reach comercial vpn.

My problem, i can't make route betwen tun0 an lan so my clients can't reach comercial vpn.

PD. Sorry for my English, for my explanation, and so on. I hope anyone can help me.


Sorry, but your scheme is confusing.
If you want to run OpenVPN server and client simultaneously, the server should work over TCP and utilize the proper routing policy.

The problem that I see is that you are using the same subnet for both LANs. You won't be able to add a route for a network that already is directly connected.

Yeah I know that with my poor schema and i'm sorry
I wanted avoid to have both, one server and one client in the same device.

I hope it'll be a litle bit more clear.

1 Like

The right GL needs to know about the network. Does it have a route via
The left GL needs to have a rule to send traffic from to the other GL. Is there one?

1 Like

It is great mess. Who performs functions of main router, who has public IP from ISP? I suppose, ADSL router does, and two GLs are LAN-clients. I recommend you, as vgaetera wrote, to use SINGLE router as vpn-client and vpn-server simultaneously with properly configured policy routing. In your configuration I can't even imagine, how LAN-clients of one GL-router can go via tunnel to NordVPN of another GL. I've understood, what do you want. You want to make one GL-router to go to Internet via another GL-router, connected LAN-to-LAN. I haven't seen such configuration. In theory it could be achieved by policy routing and NAT tun-to-lan, but I don't recommend to use it.

Thanks guys.
The first time I thought in "SINGLE router as vpn-client and vpn-server simultaneously" but then believed "it´s good idea remove overload to a single GL then i purchased the other" :sweat_smile:
My target, well, i purchased one access to "Security Lab Training" it connect with a vpn client, and i´d like share it with a couple of friends.:wink:
I'll try vpn-client and vpn-server simultaneously.
If someone else have more ideas, i'd like hear them.