VPN Server over VPN Client

[Kenji]

I would like to log into my OpenVpn server from outside. However, this should be upstream from a VPN client.
Short compilation at the moment. Fritzbox> Asus router (here a VPN client is configured)> Now I would like to configure an Openvpn server in parallel on the Asus router. A device is then used to log in via VPN. The goal would be to get the IP of the VPN client (Nordvpn) and not the IP of the Fritzbox.

Why the whole thing? The Diversion add-on is installed on the Asus router and filters all traffic via firewall and ad blocker (ala PiHole) and connected via VPN. I would also like to make this available on the go.

Should:
Fritzbox> Asus> Client VPN> Server VPN> Terminal with the "Client VPN" IP.

is:
Fritzbox> Asus> Client VPN> Server VPN> Terminal with the Fritzbox IP.


Infos:
Asus Router WAN IP: 192.168.178.33
Lokale Ip: 192.168.1.1

VPN Client:
Connected Local: 10.8.3.3 - Public: 212.103.50.54

VPN Server:
VPN Subnet / Netmask 10.8.0.0 255.255.255.0


can someone help me? Thanks

lg. Phil

 

[Salles]

I would like to log into my OpenVpn server from outside. However, this should be upstream from a VPN client.
Short compilation at the moment. Fritzbox> Asus router (here a VPN client is configured)> Now I would like to configure an Openvpn server in parallel on the Asus router. A device is then used to log in via VPN. The goal would be to get the IP of the VPN client (Nordvpn) and not the IP of the Fritzbox.

Why the whole thing? The Diversion add-on is installed on the Asus router and filters all traffic via firewall and ad blocker (ala PiHole) and connected via VPN. I would also like to make this available on the go.

Should:
Fritzbox> Asus> Client VPN> Server VPN> Terminal with the "Client VPN" IP.

is:
Fritzbox> Asus> Client VPN> Server VPN> Terminal with the Fritzbox IP.


Infos:
Asus Router WAN IP: 192.168.178.33
Lokale Ip: 192.168.1.1

VPN Client:
Connected Local: 10.8.3.3 - Public: 212.103.50.54

VPN Server:
VPN Subnet / Netmask 10.8.0.0 255.255.255.0


can someone help me? Thanks

lg. Phil

If you want to use your VPN client "on the go", you can tunnel your OpenVPN server through you OpenVPN client.

1) Setup OpenVPN server
2) Setup OpenVPN client
Use different Subnets for each.
Do not bypass DNSMASQ in order for Diversion to work.
3) Script to allow passthrough of OpenVPN server through OpenVPN client.
4) Add subnet of OpenVPN server (e.g. 10.8.0.0/24) in policy routing in OpenVPN client WebUI.

 

[Kenji]

@2 But I would like to have all the traffic over the VPN. Hoping that I'll be happy with it.
Should: I can tunnel your OpenVPN server via your OpenVPN client.

If you want to use your VPN client "on the go", you can tunnel your OpenVPN server through you OpenVPN client.

1) Setup OpenVPN server
2) Setup OpenVPN client
Use different Subnets for each.
Do not bypass DNSMASQ in order for Diversion to work.
3) Script to allow passthrough of OpenVPN server through OpenVPN client.
4) Add subnet of OpenVPN server (e.g. 10.8.0.0/24) in policy routing in OpenVPN client WebUI.

1) Its Done
2) Its Done and Works. But the differenz Subnets. what do you mean by that? The rules for using over Wan or VPN?
3) see the png. Is this okay?
4) see the png. Is this okay?


Sorry I'm a beginner ..

lg. Phil

 

[Salles]

@2 But I would like to have all the traffic over the VPN. Hoping that I'll be happy with it.
Should: I can tunnel your OpenVPN server via your OpenVPN client.

If you want all LAN traffic to go through your OpenVPN client just route 192.168.1.0/24 through VPN. You do not need to type the clients that startswith 192.168.1.X under policy routing.
If you want all traffic that goes in through your OpenVPN server to be routed through your Open VPN client do step 3 and 4.

2) Its Done and Works. But the differenz Subnets. what do you mean by that? The rules for using over Wan or VPN?

The standard VPN Subnet for OpenVPN server 1 is 10.8.0.0 on Asus Merlin. You will find it under OpenVPN server/Advanced view.
Your VPN provider uses a certain subnet for the config file that you have created on their website. You can probably read about it on their wesite, or just look in the WebUI on the right side of the on/off button under OpenVPN client (when the VPN client is on).

3) see the png. Is this okay?

You do not need 10.8.0.0. Only 10.8.0.0/24.

4) see the png. Is this okay?

I do not know. I do not use VPNserver1-up. I use the code for firewall-start. Do not forget to make it executable. I would also suggest using SSH on the router when doing this to avoid missing the unix ending.

#!/bin/sh

# Allow pass-thru for a connecting OpenVPN Server client to use Selective Policy routing RPDB out via VPN Client

iptables -D POSTROUTING -t nat -s $(nvram get vpn_server1_sn)/24 -o tun1+ -j MASQUERADE
iptables -D POSTROUTING -t nat -s $(nvram get vpn_server2_sn)/24 -o tun1+ -j MASQUERADE

iptables -I POSTROUTING -t nat -s $(nvram get vpn_server1_sn)/24 -o tun1+ -j MASQUERADE
iptables -I POSTROUTING -t nat -s $(nvram get vpn_server2_sn)/24 -o tun1+ -j MASQUERADE

You know it is working, when you have a connection through your OpenVPN server and you have VPN providers IP-address.

 

[Kenji]

okay,
2. would rather like this: If you want all traffic that goes in through your OpenVPN server to be routed through your Open VPN client do step 3 and 4.
3. I have now inserted the code(script) via SSH into the firewall start. > show firewall.png
4. Is changed to 10.8.0.0/24) in policy routing in OpenVPN client WebUI.


But
No connection is established when connecting to the VPN server via the mobile phone. Do I have to add anything else? Port forwarding from which ip for example?

@
When I log into the Fritzbox's WIFI within the network and connect to the VPN server, I have the client IP. So that would work in advance. No connection outside of the network

 

[Salles]

okay,
2. would rather like this: If you want all traffic that goes in through your OpenVPN server to be routed through your Open VPN client do step 3 and 4.
3. I have now inserted the code(script) via SSH into the firewall start. > show firewall.png
4. Is changed to 10.8.0.0/24) in policy routing in OpenVPN client WebUI.


But
No connection is established when connecting to the VPN server via the mobile phone. Do I have to add anything else? Port forwarding from which ip for example?

@
When I log into the Fritzbox's WIFI within the network and connect to the VPN server, I have the client IP. So that would work in advance. No connection outside of the network

Hmm. Your WAN IP is not an external IP from your ISP, but an IP from your Fritzbox.
Can you access your OpenVPN server by just following Yorgis guide, i.e. without tunneling your OpenVPN server through your OpenVPN client?
If you can not, this will not work.

 

[Kenji]

Do I understand this in the right manner? With this configuration, I cannot access the VPN server from the outside? : /
So it would only work if I didn't through the VPN server through the client?

 

[Salles]

Do I understand this in the right manner? With this configuration, I cannot access the VPN server from the outside? : /
So it would only work if I didn't through the VPN server through the client?

Before you try tunnelling your OpenVPN server through your OpenVPN client you should make sure that your OpenVPN server works properly. You did not answer my question. Does your OpenVPN server work after step 1.

1) Setup OpenVPN server

 

[Kenji]

okay I have now tested different versions. Unfortunately I have a connection in the network (via the Fritzbox Wifi) (VPN Client Connect from my
mobile phone.
) but no access to the Internet.

- VPN Server on. VPN Client on Asus Router off. VPN Connect to Server okay but no Internet Connection (in Fritzbox Wifi).
No connection can be established outside the network (mobile Internet)
- VPN Server on. VPN Client on Asus Router on. VPN Connect to Server okay but no Internet Connection (in Fritzbox Wifi).
No connection can be established outside the network (mobile Internet)

I find no error in my configuration of the VPn server :/

lg.

 

[Salles]

okay I have now tested different versions. Unfortunately I have a connection in the network (via the Fritzbox Wifi) (VPN Client Connect from my
mobile phone.
) but no access to the Internet.

- VPN Server on. VPN Client on Asus Router off. VPN Connect to Server okay but no Internet Connection (in Fritzbox Wifi).
No connection can be established outside the network (mobile Internet)
- VPN Server on. VPN Client on Asus Router on. VPN Connect to Server okay but no Internet Connection (in Fritzbox Wifi).
No connection can be established outside the network (mobile Internet)

I find no error in my configuration of the VPn server :/

lg.

Ok. I do not know Fritzbox but it looks correct.
Have you removed 10.8.0.0/24 from the VPN client page so it is not being tunneled through the VPN client?
If that is not removed that would explain the issue.

You could try Fritzbox tool to test if your port is open.