Being a programmer I really tried to solve this on my own but I didn't succeed.
Let me tell you my setup and what I wish to achieve and after that I will explain where I am stuck:
I want to have the following running on my router:
- An OpenVPN Server so I can connect to my Router from my laptop or phone when I work outside, without directing internet through it
- A PPTP client connected to my work VPN, so I can have access to all my work's subnets but without directing internet through it
- An OpenVPN client so I can browse the Internet (from my LAN only) through paid VPN service (VyprVPN)
- I have an ASUS RT-AC68U with Merlin 384.6 (latest).
- My LAN subnet is 192.168.11.0/24
- Concerning the OpenVPN Server , I have achieved its clients to only get LAN access through it (not internet) and also the client (PC) connected to the OpenVPN server can ping my LAN devices and vice versa. Here is the server configuration:
Server Config# Automatically generated configuration
daemon ovpn-server1
topology subnet
server 192.168.12.0 255.255.255.0
proto udp
port 1194
dev tun21
ncp-ciphers AES-128-GCM:AES-256-GCM:AES-128-CBC:AES-256-CBC
cipher AES-128-CBC
auth SHA256
comp-lzo adaptive
keepalive 15 60
verb 3
push "route 192.168.11.0 255.255.255.0 vpn_gateway 500"
client-config-dir ccd
client-to-client
duplicate-cn
route 192.168.0.0 255.255.255.0
push "route 192.168.0.0 255.255.255.0"
push "dhcp-option DNS 192.168.11.1"
plugin /usr/lib/openvpn-plugin-auth-pam.so openvpn
verify-client-cert none
username-as-common-name
ca ca.crt
dh dh.pem
cert server.crt
key server.key
status-version 2
status status 5
As you can see I tried routing 192.168.0.0/24 subnet from the client (PC) connected to the OpenVPN server to the PPTP client but it is incomplete. A tracert from the client (PC) connected to the OpenVPN server indicated that the packets are indeed reaching my OpenVPN server but they stop there. In order to be sure that my tests are correct, I am sending a UDP packet from the client (PC) connected to the OpenVPN server to a PC inside the 192.168.0.0/24 subnet as to ensure that at least half way communication will be achieved and I will know it
- Concerning the PPTP client:
- Subnets exposed through the PPTP VPN are 10.0.4.0/24 and 192.168.0.0/24 -yes I know... this shouldn't be.... go tell my boss -
- when the PPTP client connects it messes my Routing table. It adds a default gateway through it and it can't keep permanent routes to the desired subnets. I have managed to sole it with the following: but I have to do it every time. I found out I can put that in a service to run each time the PPTP client gets conected, and I will when I solve my current problem. For now, I do it manually. After all that, my LAN subnet 192.168.11.0/24 can access my work's subnets 192.168.0.0/24 and 10.0.0.4/24 successfully
Code: Select all
ip route delete default via 192.168.0.160 dev ppp5 route -n add -net 192.168.0.0 netmask 255.255.255.0 ppp5 route -n add -net 10.0.4.0 netmask 255.255.255.0 ppp5 ip route add default dev ppp5 table 3
- The result of all the above is the following Routing Table:
Code: Select all
Destination Gateway Genmask Flags Metric Ref Use Iface WORK.wan.puclic.ip HOME.public.wan.ip 255.255.255.255 UGH 0 0 0 WAN HOME.public.wan.ip * 255.255.255.255 UH 0 0 0 WAN 192.168.0.0 * 255.255.255.0 U 0 0 0 ppp5 192.168.12.0 * 255.255.255.0 U 0 0 0 tun21 192.168.11.0 * 255.255.255.0 U 0 0 0 LAN HOME.public.wan.ip * 255.255.254.0 U 0 0 0 WAN default HOME.public.wan.ip 0.0.0.0 UG 0 0 0 WAN
I hope I provided enough info for some guru in here to help me out.
Many thanks in advance for whoever invest some time in this