OpenWrt Forum Archive

Topic: How to VPN entire networks?

The content of this topic has been archived on 1 May 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

I have finally gotten fiber installed in both our homes and I would like to set up a VPN between them.

One location has the network 192.168.0, the other 192.168.1, so no collisions. I assume there is nothing inherent with the 192.168 network ranges that makes them non routable.

One location has a TP-Link Archer C7, the other a Linksys WRT3200ACM, both run LEDE 17.01.2.

At least one of the locations have a fixed external IP v4 address, the other may be dynamic, but will eventually become fixed as well.

Anyone have some simple tutorial/howto on how to achieve this?

Thanks,
Thomas

This is a straightforward situation.  Make the house with the static IP the server so your client (the router in the other house) can find it easily.  You don't need a static IP on the client end since the whole point of the VPN is to be able to link from anywhere.

https://wiki.openwrt.org/doc/howto/vpn.openvpn

When you get to the part of generating certificates, run it on something with a big CPU.  The little MIPS in the Archer C7 will take more than an hour to do it.

It is possible to set all of this up for testing in one house, then move the router to the remote location.  You would plug the WAN ports of both routers into a third router (which may or may not be connected to the Internet) to simulate being connected to each other via the WAN.  The third router would have a network such as 192.168.10.x  Then you point the client at the server in the 192.168.10 range.  All you need to do is change the IP when you switch to using the real Internet.

Set up both routers with ssh ports open and public/private key authentication so you can administer one from the other house if necessary.

And yes, when it is finally working, you would be able to use the networks like they both exist on the same LAN.  For example you have a printer in the remote house at 192.168.1.10.  You would set the printer driver address to that on the PCs in the local house that has 192.168.0.x.

(Last edited by mk24 on 10 Aug 2017, 22:40)

The discussion might have continued from here.