OpenVPN - indirect connection of two separate networks

Toggle sidebar Toggle sidebar
S

szafekml

Prominent
Apr 13, 2017
2
0
510
First i should explain my network topology because is little complicated.

Place 1:
Internet (static IP)
|
Router(TPLINK)
|
PC1 (LAN IP 192.168.50.100)
with configured OpenVPN Server(Ip adress of VPN is 10.8.0.1)

Place 2:
Internet (dynamic IP)
|
Router (ASUS AC51U + 3GModem as WAN connection (E3131 Hilink))
Configured OpenVPN Connection as Client (OpenPVN IP 10.8.0.4)
|
Somme Device (dev1)
IP: 192.168.90.10

Place 3:
Internet (Dynamic IP)
|
Some Router
|
PC2
Configured OpenVPN CLient (OpenVPN IP 10.8.0.8)

What I managed to achieve:
1) I can connet to OpenVPN server (PC1) from place 3(PC2) and i can ping ASUS OpenVPN Client (10.8.0.4) and i can Ping OVPN server (10.8.0.1)
2) From PC1 i can ping both Asus OVPN client(10.8.0.4) and PC2 OVPN client (10.8.0.8)
It means the OVPN network works properly but...

I want connect to my device (dev1) from PC2. Now i can't enven ping my dev1 from PC1 or PC2. i'm sure that my device works properly because i can ping it from Asus local network.

I think that may be problem with wrong addressing of all network devices (because i'm noob in world of Networks :D) or with Asus router (maybe something in routing table)
Of course it may turn out that such a connection is impossible.

Best regards
 
Solandri

Solandri

Illustrious
Jan 4, 2012
4,919
98
39,240
Don't think that can be done. Dev1 is in Place2, which is connected to your VPN only via an OpenVPN client. The client only sets up a connection between the device running the client, and the OpenVPN server. I don't think it routes any packets from the client's network to the server, which is what you need to access dev1. I'm pretty sure only the server does routing from its LAN to the VPN (and only in tap mode).

You'd have to set up the OpenVPN server at Place2, and have everything connect to that. Also configure that OpenVPN server to use tap (bridging) instead of tun (point-to-point). That's necessary to see stuff on the server's network, rather than just the server.
https://www.dnsthingy.com/support/asus-router-openvpn-server/

I believe most Asus routers have an OpenVPN server built-in (though IIRC it only supports a single shared key, rather than using a certificate to assign different keys to different clients). So set up your Asus router at Place 2 as your OpenVPN server, put it in tap mode, and have everything else connect to it as a client. That'll give your OpenVPN clients full access to the LAN at Place2, including access to dev1.

https://diysecurityguy.wordpress.com/2016/04/14/tip-setting-up-openvpn/
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom