Site-to-site connection using RT-AC68U/RT-AC86U?

[BosseSwede]

I would like to connect two of my sites (home and summer home) together via the Internet.
Right now I have a solution for the summer home to be connected to the home network via VPN where the router at the summer home uses an OpenVPN connection to my VPN server at home (a Linux server on the home LAN).
This makes it possible for all devices at the summer home site to reach the resources at the home LAN.
But the other way is not operating, so I cannot place a NAS at the summer home for off-site backups for instance.

So I am looking for a different solution where the two routers will connect by VPN to each other ande route the site traffic both ways.
But the Internet traffic should use the gateway of each router to reach out, only local traffic via VPN (split tunneling).

Can this be done and if so how is it done?
The IP addresses on the two sites are set as: 192.168.117.x and 192.168.119.x respectively.

 

[eibgrad]

Not sure if the following is true of the oem/stock firmware, but certainly is true of Merlin.

The OpenVPN server should have a section called Manage Client-Specific Options where you can configure the server w/ the IP network running the OpenVPN client. It requires you identify the specific OpenVPN client based on the common-name of its cert. You would also typically change the Inbound Firewall setting to Allow on the OpenVPN client.

Of course, it's also possible to configure a completely separate OpenVPN client to server connection from the home to the summer home. This has the advantage of removing any dependency on having the remote OpenVPN client initiate the connection to the local OpenVPN server. IOW, a single, bi-directional tunnel may NOT necessarily be the best configuration, esp. if the connection is *only* being used for the purposes of server-to-client communications at the time (e.g., no one is at the summer home).

 

[BosseSwede]

Well, in order for the client devices on both sides to have access to the other side the arbiter MUST be the router in both sides.
I have tested to let the summer home router connect to my home VPN server and this works inasfar as allowing hosts on the summer home LAN to access the devices on the home LAN.
This happens because the router itself is configured as a VPN client and so knows how to route the traffic correctly.
But to get it to work from the home side needs some config on the home router so it will channel the traffic for the remote LAN over the tunnel that has been set up to the home LAN from the summer home router.

But that is pretty mysterious for me to figure out. It seems like the home LAN OpenVPN server should not handle the connection from the summer home router, instead the home router should be set up as the VPN server to use.
Then perhaps it could be possible to also add a routing out from the home LAN through the tunnel and onto the summer home LAN.

And how that can be done is really what I would like to get help with...

 

[BosseSwede]

I found a very big tutorial on this subject right here on the forum!
It is pretty extensive so I will probably need some days to digest it.

 

[BosseSwede]

But it was still overly complicated so I decided to do it all on my Linux OpenVPN server instead. On that it is VERY easy and done in a matter of minutes!
Here is the crucial official documentation!
My system now works fine with the remote ASUS router connecting by OpenVPN to my Linux server using the router's built-in OpenVPN client.
With the configurations now added using advice in the doc linked to I now can connect from any device on the main LAN to any device on the remote LAN and vice versa.