How to use a Pi as a VPN router?

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

distilled

Senior Member
There are two distant LANs, Site 1 (192.168.15.0/24) and Site 2 (192.168.75.0/24).

Site 1 is running an Asus 66U with stock firmware. It has an OpenVPN server configured on the router.

Site 2 is running an Asus AC86U with the latest Merlin beta. It has OpenVPN configured as a client that connects to Site 1. Some selective routing is configured to allow only a few clients to connect to Site 1.

Site 1 has a Raspberry Pi with Wireguard client on it. That Pi is connected via Ethernet, but it also has a WiFi connection, for no good reason. Site 2 has another Raspberry Pi running Wireguard server on it. The Pi client and server communicate over WG.

I want to configure the Pi server as a router, so that several other machines at Site 1 can connect to the Pi at Site 2. I *thought* that I had this set up correctly, a quick
sudo /bin/su -c "echo -e '\n#Enable IP Routing\nnet.ipv4.ip_forward = 1' > /etc/sysctl.conf" and sudo iptables -A FORWARD -i eth0 -o wg0 -j ACCEPT, but it isn't working.

The real problem is that I am afraid of breaking the connection and not being able to get back to the Pi. Were it not for this, I would just experiment until I got it right, but swallowing my pride and asking for advice from more knowledgeable folks is easier than resetting that distant Pi. :)

And, before everyone points out that this is a purely dumb configuration, and that OpenVPN could be set up to do this same thing without WG being involved, yep, it sure could, but in this specific, temporary situation, this really is easiest/best.

Hope everyone is having a happy, safe 2021!
 

distilled

Senior Member
Thanks mate, that is a helpful article, but it isn't really what I am doing. I already crashed it trying last night, though, so I won't be able to even try again until I can get someone to go over there and reset it for me. :)
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top