VPN Two Networks with NAT

[RahulM]

Hi all.

I'm trying to set up a remote network in my parents flat in India which gets its internet through a mobiel sim card.
I am based in the UK and have an Asus RT-AX89X and have placed an asus RT-AC88U in the flat in India.
What I would like to be able to do is connect to the flat in India to help support and mentain the smart devices from the UK.
The issue is that the remote ntwork does not have a static ip and is located behind the mobile telecom providers NAT.
All thetutorials I can find asume taht both routers are not behind a NAT and simply say forward ports however I am unable to do this for the network in India.
I have been told that what I need is reverse VPN but have no clue what this means and how to set it up.
I am able to set up a VPN connection where devices in India can connect to my devices on my LAN in the UK but unable to reverse the traffic to acess devices in India.
My router in the uk is on 192.168.8.2 and my router ip in india is 192.168.9.2 with both DHCP servers giving out IP address on their repective network ip ranges.
I don't mind if the networks don't show up on the same IP addess as long as I am able to acess some of the network devices such as CCTV or router though the web interface from the UK for mainance and troubleshooting.

I am a novice so any help would be greatly appricated.

 

[eibgrad]

You need to configure the OpenVPN server on your side of the tunnel in a site-to-site configuration by using the MCSO (Manage Client-Specific Options) section of the router to declare the IP network(s) that lie behind the OpenVPN client. You do that by using the CN (Common Name) on the client's cert (typically called 'client" (no quotes) if auto-generated by the router) to create an entry for each IP network.

 

[RahulM]

You need to configure the OpenVPN server on your side of the tunnel in a site-to-site configuration by using the MCSO (Manage Client-Specific Options) section of the router to declare the IP network(s) that lie behind the OpenVPN client. You do that by using the CN (Common Name) on the client's cert (typically called 'client" (no quotes) if auto-generated by the router) to create an entry for each IP network.

Thanks bgrad for your reply.
Do you know of any links that I can use to guide me though this as it is a little beyond my basic skills?

 

[eibgrad]

I seem to recall a thread from some time ago describing site-to-site configurations, but I just can't seem to find it at the moment.

There isn't all that much to it. That's why the MCSO sections exists, to simplify the process. As I said, the CN (Common Name) is usually just client, and all you need to do is define the IP network(s) that lie behind the OpenVPN client. IOW, if the OpenVPN client is running on 192.168.1.0/24, then that section would appear as follows:

https://imgur.com/8djT31y

It's just that simple. If you have additional IP networks available on the OpenVPN client side, just add more entries.

 

[RahulM]

I seem to recall a thread from some time ago describing site-to-site configurations, but I just can't seem to find it at the moment.

There isn't all that much to it. That's why the MCSO sections exists, to simplify the process. As I said, the CN (Common Name) is usually just client, and all you need to do is define the IP network(s) that lie behind the OpenVPN client. IOW, if the OpenVPN client is running on 192.168.1.0/24, then that section would appear as follows:

https://imgur.com/8djT31y

It's just that simple. If you have additional IP networks available on the OpenVPN client side, just add more entries.

Thank you for this,
I'll give it a go this weekend.