Hello,
I would like to ask the community for help in finishing my setup of OpenVPN site to site connection, where VLANs are involved.
* My hardware - RT-N66U at each site, running Tomato Firmware 1.28.0000 MIPSR2-115 K26AC USB AIO-64K by SHIBBY
* My configuration - SITE A has two vlans, 192.168.10.x(LAN/br0) and 20.x(LAN1/br1), SITE B also has two vlans, 192.168.30.x(LAN/br0) and 40.x(LAN1/br1)
* What I have accomplished so far -
Site A is running OpenVPN Server and Site B is the OpenVPN Client, and the VPN connection is working fine. I used the "Manage Client-Specific Options" setting on the VPN server to input the 192.168.40.0 network at SITE B. All devices go out to the Internet via their site router, VPN is only used to access the other site's LAN.
From SITE A,
router can reach 192.168.40.0 network
router can NOT reach 192.168.30.0 network
192.168.10.x devices get "TTL expired in transit" when you ping 192.168.30.0 network
192.168.10.x devices are able to ping 192.168.40.0 network
192.168.20.x devices get "TTL expired in transit" when you ping 192.168.30.0 network
192.168.20.x devices get "Request timed out" when you ping 192.168.40.0 network
Fromt SITE B,
router can reach 192.168.10.0 network
router can NOT reach 192.168.20.0 network
192.168.30.x devices get "TTL expired in transit" when you ping 192.168.20.0 network
192.168.30.x devices get "Request timed out" when you ping 192.168.10.0 network
192.168.40.x devices get "TTL expired in transit" when you ping 192.168.20.0 network
192.168.40.x devices are able to ping 192.168.10.0 network
Basically, SITE B 192.168.40x network is able to communicate with SITE A 192.168.10.x network
* What I would like to accomplish -
I would like only SITE A 192.168.20.x vlan(network) to communicate with SITE B 192.168.40.x vlan(network).
Using the "Manage Client-Specific Options" at the server allowed me to accomplish half the objective, accessing only 192.168.40.x network at SITE B. However, I'm not sure how to stop access to 192.168.10.x network at SITE A and allow access to 192.168.20.x ...
I think it has to do with adding and deleting the routes, and maybe firewall, but I'm not sure what to do. I've read many posts on many forums for about a day and I'm still lost. I would appreciate any help and/or guidance. Thank you in advance.
I would like to ask the community for help in finishing my setup of OpenVPN site to site connection, where VLANs are involved.
* My hardware - RT-N66U at each site, running Tomato Firmware 1.28.0000 MIPSR2-115 K26AC USB AIO-64K by SHIBBY
* My configuration - SITE A has two vlans, 192.168.10.x(LAN/br0) and 20.x(LAN1/br1), SITE B also has two vlans, 192.168.30.x(LAN/br0) and 40.x(LAN1/br1)
* What I have accomplished so far -
Site A is running OpenVPN Server and Site B is the OpenVPN Client, and the VPN connection is working fine. I used the "Manage Client-Specific Options" setting on the VPN server to input the 192.168.40.0 network at SITE B. All devices go out to the Internet via their site router, VPN is only used to access the other site's LAN.
From SITE A,
router can reach 192.168.40.0 network
router can NOT reach 192.168.30.0 network
192.168.10.x devices get "TTL expired in transit" when you ping 192.168.30.0 network
192.168.10.x devices are able to ping 192.168.40.0 network
192.168.20.x devices get "TTL expired in transit" when you ping 192.168.30.0 network
192.168.20.x devices get "Request timed out" when you ping 192.168.40.0 network
Fromt SITE B,
router can reach 192.168.10.0 network
router can NOT reach 192.168.20.0 network
192.168.30.x devices get "TTL expired in transit" when you ping 192.168.20.0 network
192.168.30.x devices get "Request timed out" when you ping 192.168.10.0 network
192.168.40.x devices get "TTL expired in transit" when you ping 192.168.20.0 network
192.168.40.x devices are able to ping 192.168.10.0 network
Basically, SITE B 192.168.40x network is able to communicate with SITE A 192.168.10.x network
* What I would like to accomplish -
I would like only SITE A 192.168.20.x vlan(network) to communicate with SITE B 192.168.40.x vlan(network).
Using the "Manage Client-Specific Options" at the server allowed me to accomplish half the objective, accessing only 192.168.40.x network at SITE B. However, I'm not sure how to stop access to 192.168.10.x network at SITE A and allow access to 192.168.20.x ...
I think it has to do with adding and deleting the routes, and maybe firewall, but I'm not sure what to do. I've read many posts on many forums for about a day and I'm still lost. I would appreciate any help and/or guidance. Thank you in advance.
