Hi all, i don't have many experience on Vlan, but now i would like to realize a VPN between my home router (a TP-LINK TD-W8970 with openwrt 21.02.3), my office router (a Fritz Box 7530 with stock firmware) and my wife office (with a raspberryPI acting as a router).
Someone can help me in finding the best sw solution to realize that network (as far as i understood the stock firmware of fritz boxes doesn't support all "kind" on VPN) and how to route traffic between different networks?
I investigated a bit and it seems that the last release of fritzbox firmware (v. 7.50) support Wireguard natively. This simplify things, but i'm not sure wireguard is supported by my Android phone.
Using vpnc client seems to be also a good solution. Thanks!
At the beginning my thought was to setup a VPN server on my openwrt router. This way the best choice seems to be IPSEC ike v.1 with pre-shared key, that seems to be natively supported by Android Phone, FritzBoxes and Raspbian.
But another choice could be to "simplify my life" and just use the VPN server of the fritzbox with VPNC client on the others sites. I will try to investigate a bit more both ways.
So after one or two days of testing i ended up that the stock firmware of friz!box released in my region is not compatible yet with wireguard (fritz firmware release 7.29).
So i had to have a look at IPSEC connection with old IKE v.1, which is the only "kind" of VPN actually managed by my fritz!box.
I installed strongswan on openwrt router and modified the configuration as follow (many thanks to all the openwrt guys posting on this forum!!!)
Now everytime i try to access an ip on office lan (let's say 192.168.2.10) from my home, then the VPN tunnel is automagically turned on by strongswan.
Pretty good and (seems) stable.
But i still have some question for the forum VPN specialists
I would like to be able to connect also to my wife office (on that site i have a raspberry running raspbian under a natted ip). How could i achieve that task? I have to add a second connection to /etc/ipsec.conf or i can modify the existing one?
I would like to add a VPN profile also to my android phones. My idea is that in this case all the traffic originating from the phones should be tunneled, not only intralan (lan to lan) traffic. How can i do that?