Hi all,
I am trying to implement an open VPN connection through 2 VPNs but having difficulties to propperly set it up in order to be able to access the entire network from the outside world.
Lets call the networks Home and Work. So, I have two routers both running merlin builds (Home R and Work R). Work R has an OpenVPNServer running (Work VPN) while Home R has both, an OpenVPNClien (Work C) connecting to Work VPN and an OpenVPNServer Home VPN. From within the Home LAN I am perfectly able to connect to the LAN client of the Work R by their IP, but while having the VPN connection established from the outside (Home C) to the Home VPN, I am not able to reach the Work R LAN clients. I am assuming a routing issue to route the packages from 10.9.0.0/24 clients to 192.168.2.0/24 over 10.8.0.1 gateway but can not figure it out by myself. What is wrong and what corrective actions have to be executed in order to make it work?
Thank you very much for your help.
------------------
What I want is:
Home C -> Home VPN/Work C -> Work VPN -> Work LAN
Work R Details
Static Public IP: Work IP
Work VPN Server IP: 10.8.0.1 (10.8.0.0/24); Push LAN to clients=true
Work R internal IP: 192.168.2.1 (192.168.2.0/24)
Home R Details
Static Public IP: Home IP
Home VPN Server IP: 10.9.0.1 (10.9.0.0/24); Push LAN to clients=true
Work VPN Client IP: 10.8.0.2
Home R internal IP: 192.168.1.1 (192.168.1.0/24)
Work VPN client policy rules:
escape : 192.168.1.1 0.0.0.0 WAN
R1 Site: 0.0.0.0 192.168.2.0/24 VPN
Internet: 0.0.0.0 0.0.0.0 WAN
r4: 10.9.0.0/24 192.168.2.0/24 VPN
Routing table of Home R:
# netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
Home IP * 255.255.255.255 UH 0 0 0 eth0
Modem IP * 255.255.255.252 U 0 0 0 eth0
169.254.39.0 * 255.255.255.0 U 0 0 0 br0 (<- what is that and why do I have it?)
10.8.0.0 * 255.255.255.0 U 0 0 0 tun11
192.168.1.0 * 255.255.255.0 U 0 0 0 br0
10.9.0.0 * 255.255.255.0 U 0 0 0 tun21
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default ModemIP 0.0.0.0 UG 0 0 0 eth0
also on Home R:
# ip rule
0: from all lookup local
1001: from 192.168.1.1 lookup main
1101: from all to 192.168.2.0/24 lookup ovpnc1
1102: from 10.9.0.0/24 to 192.168.2.0/24 lookup ovpnc1
32766: from all lookup main
32767: from all lookup default
I am trying to implement an open VPN connection through 2 VPNs but having difficulties to propperly set it up in order to be able to access the entire network from the outside world.
Lets call the networks Home and Work. So, I have two routers both running merlin builds (Home R and Work R). Work R has an OpenVPNServer running (Work VPN) while Home R has both, an OpenVPNClien (Work C) connecting to Work VPN and an OpenVPNServer Home VPN. From within the Home LAN I am perfectly able to connect to the LAN client of the Work R by their IP, but while having the VPN connection established from the outside (Home C) to the Home VPN, I am not able to reach the Work R LAN clients. I am assuming a routing issue to route the packages from 10.9.0.0/24 clients to 192.168.2.0/24 over 10.8.0.1 gateway but can not figure it out by myself. What is wrong and what corrective actions have to be executed in order to make it work?
Thank you very much for your help.
------------------
What I want is:
Home C -> Home VPN/Work C -> Work VPN -> Work LAN
Work R Details
Static Public IP: Work IP
Work VPN Server IP: 10.8.0.1 (10.8.0.0/24); Push LAN to clients=true
Work R internal IP: 192.168.2.1 (192.168.2.0/24)
Home R Details
Static Public IP: Home IP
Home VPN Server IP: 10.9.0.1 (10.9.0.0/24); Push LAN to clients=true
Work VPN Client IP: 10.8.0.2
Home R internal IP: 192.168.1.1 (192.168.1.0/24)
Work VPN client policy rules:
escape : 192.168.1.1 0.0.0.0 WAN
R1 Site: 0.0.0.0 192.168.2.0/24 VPN
Internet: 0.0.0.0 0.0.0.0 WAN
r4: 10.9.0.0/24 192.168.2.0/24 VPN
Routing table of Home R:
# netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
Home IP * 255.255.255.255 UH 0 0 0 eth0
Modem IP * 255.255.255.252 U 0 0 0 eth0
169.254.39.0 * 255.255.255.0 U 0 0 0 br0 (<- what is that and why do I have it?)
10.8.0.0 * 255.255.255.0 U 0 0 0 tun11
192.168.1.0 * 255.255.255.0 U 0 0 0 br0
10.9.0.0 * 255.255.255.0 U 0 0 0 tun21
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default ModemIP 0.0.0.0 UG 0 0 0 eth0
also on Home R:
# ip rule
0: from all lookup local
1001: from 192.168.1.1 lookup main
1101: from all to 192.168.2.0/24 lookup ovpnc1
1102: from 10.9.0.0/24 to 192.168.2.0/24 lookup ovpnc1
32766: from all lookup main
32767: from all lookup default