So how do i create a virtual network bridge over the internet??

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Cole123456

New Around Here
So.. i have a home network with a cable modem and a RT-AC86U with the merlin firmware.

I need to create a device with an ethernet port for a computer to plug into that ideally can either plug into uplink or connect to a wifi network. Ideally, these ethernet ports would just "be on" my local home network?

Does this make sense?

How would i go about this? What sort of device should i buy as my remote device...

I assume i need to setup a VPN server on my home RT-AC86U device... and a VPN client on the remote device? Any suggestions on which or what settings? etc.
 

ColinTaylor

Part of the Furniture
Does this make sense?
Not really. Can you give an example of situation where you would want to do this? It sounds like you're talking about a VPN client but the scenario is not clear. If the remote client has internet connectivity you just need to install the VPN software on it. If the client doesn't have internet connectivity you need to get it via something like an LTE modem.
 

Cole123456

New Around Here
Not really. Can you give an example of situation where you would want to do this? It sounds like you're talking about a VPN client but the scenario is not clear. If the remote client has internet connectivity you just need to install the VPN software on it. If the client doesn't have internet connectivity you need to get it via something like an LTE modem.

See attached picture. I can't install software on the computer, i need it to act like its on my home network.

if my new device can offer both wireless and wired connectivity to my home network via either wired or wireless uplink, that would be ideal, but my bare minimum requirements are "wireless uplink" and "wired to device"

the wifi hotspot might be something I own like a LTE mobile hotspot... or someones house, etc.
 

Attachments

  • layout.PNG
    layout.PNG
    290.7 KB · Views: 86
Last edited:

ColinTaylor

Part of the Furniture
These devices (travel routers) are designed for this kind of job. I don't know whether they support TAP mode or just TUN, you'd have to check the documentation.

 

somms

Regular Contributor



not sure if this is what you are looking for but I have used the above site-to-site OpenVPN configs on 2 merlin ASUS wireless routers to accomplish bridging between two remote locations

Only caveat for this TAP setup is the following firewall-start script I am running on each router to prevent opposite router from attempting to hand out DHCP leases to devices parked at remote location...


Code:
#!/bin/sh
logger "firewall" "applying firewall-start rules"

ebtables -D INPUT --in-interface tap+ --protocol ipv4 --ip-protocol udp --ip-destination-port 67:68 -j DROP
ebtables -D INPUT --in-interface tap+ --protocol ipv4 --ip-protocol udp --ip-source-port 67:68 -j DROP
ebtables -D FORWARD --out-interface tap+ --protocol ipv4 --ip-protocol udp --ip-destination-port 67:68 -j DROP
ebtables -D FORWARD --out-interface tap+ --protocol ipv4 --ip-protocol udp --ip-source-port 67:68 -j DROP
ebtables -I INPUT --in-interface tap+ --protocol ipv4 --ip-protocol udp --ip-destination-port 67:68 -j DROP
ebtables -I INPUT --in-interface tap+ --protocol ipv4 --ip-protocol udp --ip-source-port 67:68 -j DROP
ebtables -I FORWARD --out-interface tap+ --protocol ipv4 --ip-protocol udp --ip-destination-port 67:68 -j DROP
ebtables -I FORWARD --out-interface tap+ --protocol ipv4 --ip-protocol udp --ip-source-port 67:68 -j DROP
 

ColinTaylor

Part of the Furniture
What is TAP vs TUN? Sorry.
They're the two different types of tunnelling interface used by OpenVPN. TAP it a "bridged" connection so the client behaves just like any other client on the remote LAN. TUN is a "routed" connection. It has a lower network overhead and tends to be more reliable but the client is on a different subnet. This means that you can't "browse" the remote network and might have to make some firewall changes on devices you want to connect to.
 

Cole123456

New Around Here
thanks for the help thus far... one other quesiton.. if that computer is a corporate device and has to use some sort of VPN... will the vpn run over the vpn? any particular thoughts on if this will work?

basically the corporate device needs to look like it is running at my house... I can get details about the corporate devices Vpn... (it isn't mine.. its a relatives)

there is less of a need for remote devices to access things on my LAN, it is more they need access to the internet.
Does that mean TUN will be good enough?
 

ColinTaylor

Part of the Furniture
thanks for the help thus far... one other quesiton.. if that computer is a corporate device and has to use some sort of VPN... will the vpn run over the vpn? any particular thoughts on if this will work?
It might work but I'd expect it to be dog-slow, especially with those travel routers mentioned above which already have low VPN throughput.

basically the corporate device needs to look like it is running at my house... I can get details about the corporate devices Vpn... (it isn't mine.. its a relatives)
I can't say I understand the need for your relative to pretend to be at your home when they really aren't. It sounds like he's deceiving his employer which is always a bad idea.

there is less of a need for remote devices to access things on my LAN, it is more they need access to the internet.
Does that mean TUN will be good enough?
TUN is usually a better choice if you're just doing regular internet browsing.
 

ColinTaylor

Part of the Furniture
The VPN client isn't available in repeater mode, it needs to be in router mode.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top