Setting up static vpn client

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

angolight

New Around Here
Configuring static vpn client using this instruction is quite involved too.
I wonder if there are other workaround.
My goal is to do port-mapping, so the internet-facing router needs to know the local addr of the client predictably.
The client here is located remotely so it needs to connect to the router via vpn. Both router and client are using asus merlin firmware.

If you have ideas, please help! thanks
 

eibgrad

Very Senior Member
The direction of your port mapping is not clear. Please be more precise and provide a specific example.

And btw, is this intended to be a site-to-site configuration between the OpenVPN client(s) and OpenVPN server?

IOW, your description in general is too vague to provide proper guidance.
 

angolight

New Around Here
Ok, here is the setup:

- router A is connected directly to the internet
router A runs openvpn server for clients to connect to it.
the openvpn subnet is 10.10.8.0/24

- host B is located in a different location, and it is the vpn client to router A.
host B is is connected to its local router's lan via dhcp (the subnet is 10.10.1.0/24)
Let's say B address is 10.10.1.5 for the local net.
Upon openvpn connection to router A, host B gets 10.10.8.5 for its address.

We know that router A can ping host B via ip 10.10.8.5.
What I want is:
- host B gets a fixed address in 10.10.8.0/24 subnet, OR
- router A can ping address 10.10.1.5 directly somehow.
 

eibgrad

Very Senior Member
As described, this is nothing more than a site-to-site VPN. All you have to do is enable Manage Client Specific Options on the OpenVPN server and create an entry for the specific IP that lies at the OpenVPN client w/ that CN (Common Name) on its cert. Let's assume the CN is called 'client'.

 

angolight

New Around Here
Thanks for the response.
I suppose the openvpn client here needs to add its certificate inline inside the .ovpn config file to connect to the vpn server.
Is this correct?
 

eibgrad

Very Senior Member
Thanks for the response.
I suppose the openvpn client here needs to add its certificate inline inside the .ovpn config file to connect to the vpn server.
Is this correct?

I had assumed you were already past this point. If you generated the OpenVPN server config on the Asuswrt-Merlin router, then presumably you exported the appropriate .ovpn config file for the OpenVPN client, and it should already contain all the necessary inline key/cert references (ca cert, client cert, client key).
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top