VPN + EOIP over NAT

Okay, so I have two ISPs at two different locations, and one of them has a public IP, while the other one is behind ISP NAT with the ISP refusing to provide a public IP. So, I have to get creative.

In Suite A, I have an OpenWrt VM, which serves as my router for that location. In my setup, I also have an ISP router that I use as a bridge between the fiber optics and my OpenWrt. This is the suite with a public IP.

In Suite B, I also have an OpenWrt box, along with the ISP-provisioned ONT, but it's behind NAT, and I can't do anything about it.

What I'm trying to achieve is extending my network to location B. The way I was going to do that is through EOIP, which is very useful. However, due to being behind ISP NAT, I can't do that. This is where it gets tricky. I need a VPN through which I can create the EOIP bridge. I tested OpenVPN in Layer 2, but it's not working in my setup. So, I'm open to recommendations.

Set up a GRE tunnel over a WireGuard tunnel.

GRE is in concept the same as EOIP, but i cant get wireguard to work as server on the side with the public ip, i can get it as a client but that is usless on that side

Set up a WireGuard tunnel like this:

Then use one of those for a GRE tunnel:

What I ended up doing was creating the WG tunnel, and I set up GRETAP with the TAP interface on the VM, bridging it to my LAN. On the other side, I removed all ports except one from its native LAN bridge, and I bridged the rest with the other end of the GRETAP interface. Essentially, I now have an L2 bridge across the two locations, problem solved.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.