RT-N66 as OpenVPN Client to AC68 OpenVPN Server how to ?

[BigApple]

Hello guys.
Does anyone know hot setup an RT-N66 router as a OpenVPN client to connect to another AC68 Open VPN server ?

I am somehow able to get it to work. But I am trying to have the Client router become part of the Home network of the AC68.

Is it possible to have the Client router to be on the same network as the Open VPN server AC68 ? Right now they are on separate networks. I can browse through the Servers IP now but some devise (Tivo APP) still shows it as an away from home network.

I am using the latest Firmware 374.42_2 on the AC68 and 374.42 on the N66

Right now I use the TAP version on server and Client. (I used the export/Import feature OpenVPN config file to configure the client with the server)

Oh and by the way when I use the OpenVPN client on W7 it works like a charm when connected to the AC68 OpenVPN server. Just the N66 client somehow is not fully working as preferred.

Thanks in advance for any help. Thanks merlin for your great work by the way.

Regards
Andy

 

[bbsc]

Is it possible to have the Client router to be on the same network as the Open VPN server AC68 ?
...
Right now I use the TAP version on server and Client.

Yes, it's possible with TAP, but you must "devide" addresses manually.
I use such connection for some reasons, but I have two RT-N66U.

Try this:
1. Let AC68 be 192.168.1.1.
2. Let N66 be 192.168.1.100.
3. Define addresses 192.168.1.2 - 192.168.1.99 for DHCP server of AC68.
4. Define addresses 192.168.1.101 - 192.168.1.199 for DHCP server of N66.
5. Use TAP connection.
6. Add these lines into /jffs/scripts/firewall-start of N66U:

#!/bin/sh

ebtables -A INPUT --in-interface tap+ --protocol ipv4 --ip-protocol udp --ip-destination-port 67:68 -j DROP
ebtables -A INPUT --in-interface tap+ --protocol ipv4 --ip-protocol udp --ip-source-port 67:68 -j DROP
ebtables -A FORWARD --out-interface tap+ --protocol ipv4 --ip-protocol udp --ip-destination-port 67:68 -j DROP
ebtables -A FORWARD --out-interface tap+ --protocol ipv4 --ip-protocol udp --ip-source-port 67:68 -j DROP

This will prevent DHCP leases over VPN connection.

 

[BigApple]

Thank you so much .. I will try that ... but why would you not want DHCP leases over the VPN...
couldn't the VPN Server give out DHCP leases to the Client's or would that not work...

and if I do that I would check the box that says Server/Client is on the same subnet correct ?

 

[bbsc]

why would you not want DHCP leases over the VPN...

Because server and client sides have different connection speed.
In my case, if a computer from server side obtain a client-side IP it will use a slow internet connection speed. Indeed, it will use client-router as main gateway.

couldn't the VPN Server give out DHCP leases to the Client's or would that not work...

I don't like this idea. It will work as long as VPN connection is alive.
And as I already said, client-side machines will use server-router as main gateway.
Do you really need this?

Sorry, don't understand the last question. Which box do you mean?
Ah, I see. If you mean "Server is on the same subnet" setting on client-side - yes, it's set to "yes".

 

[BigApple]

I just want to create a scenario where the N66 Client will be like being connected directly to the server... like being behind that network... and browsing also... speed is secondary ... basic browsing will do for me... I just need access to all LAN / Network machines... on the VPN server side through the client..
Any chance NetBIOS would work through that ?

 

[bbsc]

like being behind that network...

Try "Redirect Internet traffic" setting on client side.
In this case the computers behind N66U will obtain DHCP leases from 192.168.1.101-192.168.1.199 and have 192.168.1.100 as their default gateway.
Internet traffic will go through N66U's WAN till OpenVPN connection is established.
After this the default gateway for N66U will be changed from it's WAN IP to 192.168.1.1 and all Internet traffic will go through AC68.