OpenVPN on OpenWRT-to-OpenWRT for laboratory equipment

This forum is for general conversation and user-user networking.
Post Reply
ducttape
OpenVpn Newbie
Posts: 1
Joined: Sun Jul 07, 2019 8:26 am

OpenVPN on OpenWRT-to-OpenWRT for laboratory equipment

Post by ducttape » Sun Jul 07, 2019 9:17 am

I run an electronics laboratory that contains multiple ethernet attached instrumentation. Both proprietary and the one we develop ourselves. Regardless of type, these instruments cannot accept custom firmware containing OpenVPN or any other additions themselves. They run stock firmware, period.

Now, our software developer still needs access to this equipment from his position elsewhere in the world. The lab is behind moderate layers of CISCO gear, but is nevertheless NAT'ed and so forth. Not truly blocked, but incoming connections are filtered.

I therefore want to tunnel all LAN ports off of the dedicated «Any-suitable-router-goes-here» at the lab hosting this equipment, over to my home Merlin-/DD-/OpenWRT router acting as an intermediate OpenVPN server or access point. I have already managed to link together my home router and the router in the lab by means of a L2TP tunnel.

However, the L2TP protocol does not provide the required VPN Server-to-Client loopback required for my home router based VPN access point. OpenVPN does. And I have indeed been able to establish such a loopback OpenVPN tunnel on my home router, from our software developer and into a Windows PC running OpenVPN in the lab. But I simply cannot manage to configure a Merlin-/DD-/OpenWRT router inside the lab to tunnel the full set of lab equipment to my home router and from there to the software developer.

I seriously need a Howto on how to accomplish this configuration:

• LAN attached Lab equipment <---> OpenWRT [ OpenVPN Server ] <---> CISCO NAT <---> DDNS OpenWRT [ OpenVPN Client <=> OpenVPN Server] <---> Software developer

I have been through so many different Howtos by now, I no longer know what I have already tried or not. BTW, I am aware I need at least a Cortex A53 to have accelerated cryptographic support.

Post Reply