What's new
  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Network Discovery over OpenVPN between AsusWRT-Merlin Routers

bnhf

Regular Contributor
I'd like to enable Windows Network Discovery between two LANs connected using OpenVPN with an AsusWRT-Merlin router on each end. Both are in residences with decent broadband service, up to about 200Mbps.

Generally the goal is to have resources from both networks show up in Windows Explorer. These resources would include windows/samba file shares, printers, network USB hubs, network TV tuners and a few IoT type devices.

The VPN itself is up-and-running and working well. Resources can be accessed by IP address, which is great, and will do the job if there's no way to get network discovery working. NetBIOS name resolution, being able to use UNC paths, and having apps be able to discover devices for configuration over the VPN are all on the wish list.

Google searches have suggested it can't be done without a domain server or other enterprise-level tools, but most of the search results are pretty old -- so I'm hoping there have been some positive developments in this area for the home user!
 
Still hoping for input here, but I have a few ideas that I'm kicking around...

I'm thinking that TAP may be a better approach for what I'm looking to do. Both residences would be on the same subnet but giving out non-overlapping address ranges, and each router would have a unique address within that same subnet (e.g. xxx.xxx.xxx.1 and xxx.xxx.xxx.2). To prevent clients getting addresses from the router on the other side of the VPN, I'd implement this DHCP blocking script on the server side:

Following the following guides to setup the JFFS partition to setup the custom scripts directory:

https://github.com/RMerl/asuswrt-merlin/wiki/User-scripts
https://github.com/RMerl/asuswrt-merlin/wiki/JFFS

I used SSH and connected to the router and navigated to the /JFFS/scripts folder. I used VI to create the file that looked like the following:

Code:
#!/bin/sh
ebtables -A INPUT --in-interface tap+ --protocol ipv4 --ip-protocol udp --ip-destination-port 67:68 -j DROP
ebtables -A INPUT --in-interface tap+ --protocol ipv4 --ip-protocol udp --ip-source-port 67:68 -j DROP
ebtables -A FORWARD --out-interface tap+ --protocol ipv4 --ip-protocol udp --ip-destination-port 67:68 -j DROP
ebtables -A FORWARD --out-interface tap+ --protocol ipv4 --ip-protocol udp --ip-source-port 67:68 -j DROP
I tried using TCP but apparently the DHCP broadcast comes across as UDP so I changed it back. Also do not forget to change the permissions in that folder:

Code:
chmod a+rx /jffs/scripts/*
I set this on both routers and restarted. After checking the logs, the DHCP signal was no longer there.

If I'm working this out correctly each LAN would be able to operate independently, but when the tunnel is up would act as one. By using a Layer 2 solution, all broadcast traffic (with the exception of DHCP) would traverse the tunnel.

The script is from a late-2013 thread, so is there a better way to implement something like this now?

Here's the full thread the quote is from:

https://www.snbforums.com/threads/need-help-blocking-dhcp-when-using-openvpn-bridge.12599/
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Back
Top