I'm new to this forum, but have been using OpenVPN for a while now without any problems. My LAN at home is accessible via an OpenVPN server running on a Raspberry Pi. Between my wife and myself we have 2 tablets, 2 smartphones and 1 laptop configured for this setup.
Hardware: ADSl connection, an Experia Box V8 as modem, a Netgear R7000 behind that as router, and a Raspberry Pi type 3 as OpenVPN server.
Now that I am ready for the next phase, I need some advice.
I own a second home, use it for recreational purposes.
Network hardware: soon will have fiber optics, an Engenius ECB350 as modem/router.
I have a Domoticz server running back home on the same R-Pi as OpenVPN.
Both LANs contain several IP connected devices such as temp/hum sensors, heating thermostats, and SonOff light switches.
I would like to link the two LANs together using a VPN tunnel. This way all devices on either side of the tunnel are available to devices on the other side.
I know that the Experia box is virtually useless for anything non-standard. The Netgear R700 does offer a VPN service, but it looks very basic and I prefer OpenVPN by far.
The Engenius has a reputation of being a piece of professional kit. I was hoping to simply set up a VPN client in this unit connecting to the OpenVPN server in the R-Pi.
Is there a way to do this?
Linking 2 LANs?
- Pippin
- Forum Team
- Posts: 1201
- Joined: Wed Jul 01, 2015 8:03 am
- Location: irc://irc.libera.chat:6697/openvpn
Re: Linking 2 LANs?
Yes, should be possible.
The Engenius manual doesn`t mention OpenVPN, it looks more like a Access point..?
An RPi at your second home (or other device) as a client to your home..?
The Engenius manual doesn`t mention OpenVPN, it looks more like a Access point..?
An RPi at your second home (or other device) as a client to your home..?
-
- OpenVpn Newbie
- Posts: 6
- Joined: Tue Nov 07, 2017 1:45 pm
Re: Linking 2 LANs?
The Engenius can be an access point, a repeater, or a full router.
Setting up an R-Pi there should not be a problem, I have an old type-2 here that I could use. But would that give me what I want? I would have a LAN with a bunch of devices attached to the Engenius router, how would they be visible from the other side of the tunnel?
Setting up an R-Pi there should not be a problem, I have an old type-2 here that I could use. But would that give me what I want? I would have a LAN with a bunch of devices attached to the Engenius router, how would they be visible from the other side of the tunnel?
- Pippin
- Forum Team
- Posts: 1201
- Joined: Wed Jul 01, 2015 8:03 am
- Location: irc://irc.libera.chat:6697/openvpn
Re: Linking 2 LANs?
First configure the second RPi as a client then read the howto:
"Expanding the scope of the VPN to include additional machines on either the client or server subnet."
https://openvpn.net/index.php/open-sour ... html#scope
You also need to enable ipforward on the client.
Also keep in mind that local, remote and VPN subnet need to be different.
Following subnets should be avoided to prevent routing conflicts:
10.0.0
10.0.1
10.1.1
10.1.10
10.2.0
10.8.0
10.10.1
10.90.90
10.100.1
10.255.255
169.254 APIPA #
172.16.0
172.16.16
172.16.42
172.16.68
172.19.3
172.20.10 IPhone built-in hotspot #
192.168.0
192.168.1
192.168.2
192.168.3
192.168.4
192.168.5
192.168.6
192.168.7
192.168.8
192.168.9
192.168.10
192.168.11
192.168.13
192.168.15
192.168.16
192.168.18
192.168.20
192.168.29
192.168.30
192.168.33
192.168.39
192.168.40
192.168.42 Android USB tethering #
192.168.43 Android built-in hotspot #
192.168.50
192.168.55
192.168.61
192.168.62
192.168.65
192.168.77
192.168.80
192.168.85
192.168.88
192.168.98
192.168.99
192.168.100
192.168.101
192.168.102
192.168.111
192.168.123
192.168.126
192.168.129
192.168.137 Windows Phone built-in hotspot #
192.168.168
192.168.178
192.168.190
192.168.199
192.168.200
192.168.220
192.168.223
192.168.229
192.168.240
192.168.245
192.168.251
192.168.252
192.168.254
200.200.200
Edit:
Removed wrong info.
"Expanding the scope of the VPN to include additional machines on either the client or server subnet."
https://openvpn.net/index.php/open-sour ... html#scope
You also need to enable ipforward on the client.
Also keep in mind that local, remote and VPN subnet need to be different.
Following subnets should be avoided to prevent routing conflicts:
Do not use these subnets
10.0.0
10.0.1
10.1.1
10.1.10
10.2.0
10.8.0
10.10.1
10.90.90
10.100.1
10.255.255
169.254 APIPA #
172.16.0
172.16.16
172.16.42
172.16.68
172.19.3
172.20.10 IPhone built-in hotspot #
192.168.0
192.168.1
192.168.2
192.168.3
192.168.4
192.168.5
192.168.6
192.168.7
192.168.8
192.168.9
192.168.10
192.168.11
192.168.13
192.168.15
192.168.16
192.168.18
192.168.20
192.168.29
192.168.30
192.168.33
192.168.39
192.168.40
192.168.42 Android USB tethering #
192.168.43 Android built-in hotspot #
192.168.50
192.168.55
192.168.61
192.168.62
192.168.65
192.168.77
192.168.80
192.168.85
192.168.88
192.168.98
192.168.99
192.168.100
192.168.101
192.168.102
192.168.111
192.168.123
192.168.126
192.168.129
192.168.137 Windows Phone built-in hotspot #
192.168.168
192.168.178
192.168.190
192.168.199
192.168.200
192.168.220
192.168.223
192.168.229
192.168.240
192.168.245
192.168.251
192.168.252
192.168.254
200.200.200
Edit:
Removed wrong info.
-
- OpenVpn Newbie
- Posts: 6
- Joined: Tue Nov 07, 2017 1:45 pm
Re: Linking 2 LANs?
When you say avoid, you mean the client LAN? My home LAN already uses 10.0.0, and I would hate to change that (lots of devices with fixed IP address).Pippin wrote: ↑Tue Nov 07, 2017 2:53 pmFirst configure the second RPi as a client then read the howto:
"Expanding the scope of the VPN to include additional machines on either the client or server subnet."
https://openvpn.net/index.php/open-sour ... html#scope
You also need to enable ipforward on the client.
Also keep in mind that local, remote and VPN subnet need to be different.
Following subnets should be avoided to prevent routing conflicts:
Do not use these subnets
10.0.0
10.0.1
10.1.1
10.1.10
10.2.0
10.8.0
10.10.1
10.90.90
10.100.1
10.255.255
169.254 APIPA #
172.16.0
172.16.16
172.16.42
172.16.68
172.19.3
172.20.10 IPhone built-in hotspot #
192.168.0
192.168.1
192.168.2
192.168.3
192.168.4
192.168.5
192.168.6
192.168.7
192.168.8
192.168.9
192.168.10
192.168.11
192.168.13
192.168.15
192.168.16
192.168.18
192.168.20
192.168.29
192.168.30
192.168.33
192.168.39
192.168.40
192.168.42 Android USB tethering #
192.168.43 Android built-in hotspot #
192.168.50
192.168.55
192.168.61
192.168.62
192.168.65
192.168.77
192.168.80
192.168.85
192.168.88
192.168.98
192.168.99
192.168.100
192.168.101
192.168.102
192.168.111
192.168.123
192.168.126
192.168.129
192.168.137 Windows Phone built-in hotspot #
192.168.168
192.168.178
192.168.190
192.168.199
192.168.200
192.168.220
192.168.223
192.168.229
192.168.240
192.168.245
192.168.251
192.168.252
192.168.254
200.200.200
Edit:
Removed wrong info.
-
- OpenVpn Newbie
- Posts: 6
- Joined: Tue Nov 07, 2017 1:45 pm
Re: Linking 2 LANs?
Looks like this would give me what I am looking for! Only thing: how would I test this? Could I set up the client Pi at home somehow?manjh wrote: ↑Tue Nov 07, 2017 4:54 pmWhen you say avoid, you mean the client LAN? My home LAN already uses 10.0.0, and I would hate to change that (lots of devices with fixed IP address).Pippin wrote: ↑Tue Nov 07, 2017 2:53 pmFirst configure the second RPi as a client then read the howto:
"Expanding the scope of the VPN to include additional machines on either the client or server subnet."
https://openvpn.net/index.php/open-sour ... html#scope
You also need to enable ipforward on the client.
- Pippin
- Forum Team
- Posts: 1201
- Joined: Wed Jul 01, 2015 8:03 am
- Location: irc://irc.libera.chat:6697/openvpn
Re: Linking 2 LANs?
Most people do not change the subnet of their device, so for example, when you try to connect from a public hotspot that has a standard subnet chances are you run into a routing conflict.
By not using these you try to avoid/minimize those routing conflicts.
The list of subnets are standard subnets used by vendors/manufacturers of devices like routers, access points, phone htospots etc.
Other options, friends house, family, neighbour...
Or what I do, use an access point connected to phones hotspot. To the access point is the RPi is connected with cable:
4G Phones hotspot ~~~~~ AP<--cat5e-->RPi (I don`t have RPi but other device)
Instead of an AP you could use USB WiFi dongle in RPi...
By not using these you try to avoid/minimize those routing conflicts.
The list of subnets are standard subnets used by vendors/manufacturers of devices like routers, access points, phone htospots etc.
You could do on your LAN but troubleshooting [i[can[/i] be a pain and possibly routing/firewall MASQUERADING rule needs to be changed when placing the RPi in second home.how would I test this?
Other options, friends house, family, neighbour...
Or what I do, use an access point connected to phones hotspot. To the access point is the RPi is connected with cable:
4G Phones hotspot ~~~~~ AP<--cat5e-->RPi (I don`t have RPi but other device)
Instead of an AP you could use USB WiFi dongle in RPi...