Connecting two remote networks using Merlin & OpenVPN

[Jure Erznožnik]

I'd like to have constant access to my parent's network, so I figured I'd make it relatively secure and use OpenVPN.

So, my parents are running an AC66-U-B1 with Merlin 384.3
I'm running an AC-56U with Merlin 384.3

I'm using PPTP to have simultaneous access to the parents' router and mine. Connecting with Windows 10. This works.

Then I set up an OpenVPN server on parents' router. Activate, download the .ovpn file. Load the .ovpn file on my router, fire up the client. The client (router) connects, but reports Connected (Local: 0.0.0.0 - Public: )
Pinging doesn't work neither from router, nor PCs on my LAN.

So I changed interface type to TAP and had it assign addresses from a separate pool.
This time the client still reports Connected (Local: 0.0.0.0 - Public: ), but now the server is much more active: it's reporting PCs on my LAN, but they still cannot ping anything (not router, not the PCs).

If I ssh to my router, ifconfig says this:
tap11 Link encap:Ethernet HWaddr 2E:03:FE:E4:2D:37
inet addr:192.168.254.40 Bcast:192.168.254.255 Mask:255.255.255.0
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:16 errors:0 dropped:0 overruns:0 frame:0
TX packets:25 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:1244 (1.2 KiB) TX bytes:3376 (3.2 KiB)

and route says this:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
213.250.19.90 * 255.255.255.255 UH 0 0 0 ppp0
192.168.178.0 * 255.255.255.0 U 0 0 0 eth0
192.168.237.0 * 255.255.255.0 U 0 0 0 br0
192.168.254.0 * 255.255.255.0 U 0 0 0 tap11
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default bsn-access.dyna 0.0.0.0 UG 0 0 0 ppp0
default 192.168.178.1 0.0.0.0 UG 1 0 0 eth0

Log contains no information that anything might be wrong. Just initialisation stuff.

So technically, everything should work. But it doesn't.

Why?

Jure

 

[petya]

Hi
I did sort of the same. Note that the two networks need to be on a separate subnets, ex: 192.168.0.0 and 192.168.1.0.
The simplest way is if you need to add a static route on the router with the openvpn server. Or you can tell openvpn to set up the routes automaticaly. In my case the client gets 192.168.1.50 ip on the server and I set a static route that direct traffic destined for the client network to that gateway(192.168.1.50).

 

[elorimer]

I did this for a time completely incorrectly before abandoning it. In my case I wanted a Tivo in place x to be able to see and play shows from a Tivo in place y. Tivos need to be on the same subnet and TAP for the beaconing to do tht. So I set up place x with the first 100 IPs in the DHCP range of 192.168.0.xx, and place y with the next 100 IPs, with an 87U at .1 and a 56U at .101. It worked fine, except that the upload speed from one Tivo was 25mbps, and that was a little too slow to stream.

So I scrapped that entirely. I can do everything I want between x and y with TUN and separate subnets. I think I hear network engineers screaming.

 

[Jure Erznožnik]

Hi
I did sort of the same. Note that the two networks need to be on a separate subnets, ex: 192.168.0.0 and 192.168.1.0.
The simplest way is if you need to add a static route on the router with the openvpn server. Or you can tell openvpn to set up the routes automaticaly. In my case the client gets 192.168.1.50 ip on the server and I set a static route that direct traffic destined for the client network to that gateway(192.168.1.50).

Thanks

this was so similar to my own setup that i did the most stupid thing: I explored the "Server is on the same subnet" (default: No)
Of courseeeee...... things started working immediately
Then I just needed to define a static route on the server router so that I have access to my own network from there and I'm finally set to go