Linking 2 LANs?

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
manjh
OpenVpn Newbie
Posts: 6
Joined: Tue Nov 07, 2017 1:45 pm

Linking 2 LANs?

Post by manjh » Tue Nov 07, 2017 1:56 pm

I'm new to this forum, but have been using OpenVPN for a while now without any problems. My LAN at home is accessible via an OpenVPN server running on a Raspberry Pi. Between my wife and myself we have 2 tablets, 2 smartphones and 1 laptop configured for this setup.

Hardware: ADSl connection, an Experia Box V8 as modem, a Netgear R7000 behind that as router, and a Raspberry Pi type 3 as OpenVPN server.

Now that I am ready for the next phase, I need some advice.
I own a second home, use it for recreational purposes.
Network hardware: soon will have fiber optics, an Engenius ECB350 as modem/router.
I have a Domoticz server running back home on the same R-Pi as OpenVPN.
Both LANs contain several IP connected devices such as temp/hum sensors, heating thermostats, and SonOff light switches.

I would like to link the two LANs together using a VPN tunnel. This way all devices on either side of the tunnel are available to devices on the other side.

I know that the Experia box is virtually useless for anything non-standard. The Netgear R700 does offer a VPN service, but it looks very basic and I prefer OpenVPN by far.
The Engenius has a reputation of being a piece of professional kit. I was hoping to simply set up a VPN client in this unit connecting to the OpenVPN server in the R-Pi.

Is there a way to do this?

User avatar
Pippin
Forum Team
Posts: 1201
Joined: Wed Jul 01, 2015 8:03 am
Location: irc://irc.libera.chat:6697/openvpn

Re: Linking 2 LANs?

Post by Pippin » Tue Nov 07, 2017 2:26 pm

Yes, should be possible.
The Engenius manual doesn`t mention OpenVPN, it looks more like a Access point..?

An RPi at your second home (or other device) as a client to your home..?

manjh
OpenVpn Newbie
Posts: 6
Joined: Tue Nov 07, 2017 1:45 pm

Re: Linking 2 LANs?

Post by manjh » Tue Nov 07, 2017 2:42 pm

The Engenius can be an access point, a repeater, or a full router.
Setting up an R-Pi there should not be a problem, I have an old type-2 here that I could use. But would that give me what I want? I would have a LAN with a bunch of devices attached to the Engenius router, how would they be visible from the other side of the tunnel?

User avatar
Pippin
Forum Team
Posts: 1201
Joined: Wed Jul 01, 2015 8:03 am
Location: irc://irc.libera.chat:6697/openvpn

Re: Linking 2 LANs?

Post by Pippin » Tue Nov 07, 2017 2:53 pm

First configure the second RPi as a client then read the howto:
"Expanding the scope of the VPN to include additional machines on either the client or server subnet."
https://openvpn.net/index.php/open-sour ... html#scope

You also need to enable ipforward on the client.

Also keep in mind that local, remote and VPN subnet need to be different.
Following subnets should be avoided to prevent routing conflicts:
Do not use these subnets

10.0.0
10.0.1
10.1.1
10.1.10
10.2.0
10.8.0
10.10.1
10.90.90
10.100.1
10.255.255

169.254 APIPA #

172.16.0
172.16.16
172.16.42
172.16.68

172.19.3

172.20.10 IPhone built-in hotspot #

192.168.0
192.168.1
192.168.2
192.168.3
192.168.4
192.168.5
192.168.6
192.168.7
192.168.8
192.168.9
192.168.10
192.168.11
192.168.13
192.168.15
192.168.16
192.168.18
192.168.20
192.168.29
192.168.30
192.168.33
192.168.39
192.168.40
192.168.42 Android USB tethering #
192.168.43 Android built-in hotspot #
192.168.50
192.168.55
192.168.61
192.168.62
192.168.65
192.168.77
192.168.80
192.168.85
192.168.88
192.168.98
192.168.99
192.168.100
192.168.101
192.168.102
192.168.111
192.168.123
192.168.126
192.168.129
192.168.137 Windows Phone built-in hotspot #
192.168.168
192.168.178
192.168.190
192.168.199
192.168.200
192.168.220
192.168.223
192.168.229
192.168.240
192.168.245
192.168.251
192.168.252
192.168.254

200.200.200


Edit:
Removed wrong info.

manjh
OpenVpn Newbie
Posts: 6
Joined: Tue Nov 07, 2017 1:45 pm

Re: Linking 2 LANs?

Post by manjh » Tue Nov 07, 2017 4:54 pm

Pippin wrote:
Tue Nov 07, 2017 2:53 pm
First configure the second RPi as a client then read the howto:
"Expanding the scope of the VPN to include additional machines on either the client or server subnet."
https://openvpn.net/index.php/open-sour ... html#scope

You also need to enable ipforward on the client.

Also keep in mind that local, remote and VPN subnet need to be different.
Following subnets should be avoided to prevent routing conflicts:
Do not use these subnets

10.0.0
10.0.1
10.1.1
10.1.10
10.2.0
10.8.0
10.10.1
10.90.90
10.100.1
10.255.255

169.254 APIPA #

172.16.0
172.16.16
172.16.42
172.16.68

172.19.3

172.20.10 IPhone built-in hotspot #

192.168.0
192.168.1
192.168.2
192.168.3
192.168.4
192.168.5
192.168.6
192.168.7
192.168.8
192.168.9
192.168.10
192.168.11
192.168.13
192.168.15
192.168.16
192.168.18
192.168.20
192.168.29
192.168.30
192.168.33
192.168.39
192.168.40
192.168.42 Android USB tethering #
192.168.43 Android built-in hotspot #
192.168.50
192.168.55
192.168.61
192.168.62
192.168.65
192.168.77
192.168.80
192.168.85
192.168.88
192.168.98
192.168.99
192.168.100
192.168.101
192.168.102
192.168.111
192.168.123
192.168.126
192.168.129
192.168.137 Windows Phone built-in hotspot #
192.168.168
192.168.178
192.168.190
192.168.199
192.168.200
192.168.220
192.168.223
192.168.229
192.168.240
192.168.245
192.168.251
192.168.252
192.168.254

200.200.200


Edit:
Removed wrong info.
When you say avoid, you mean the client LAN? My home LAN already uses 10.0.0, and I would hate to change that (lots of devices with fixed IP address).

manjh
OpenVpn Newbie
Posts: 6
Joined: Tue Nov 07, 2017 1:45 pm

Re: Linking 2 LANs?

Post by manjh » Tue Nov 07, 2017 4:55 pm

manjh wrote:
Tue Nov 07, 2017 4:54 pm
Pippin wrote:
Tue Nov 07, 2017 2:53 pm
First configure the second RPi as a client then read the howto:
"Expanding the scope of the VPN to include additional machines on either the client or server subnet."
https://openvpn.net/index.php/open-sour ... html#scope

You also need to enable ipforward on the client.
When you say avoid, you mean the client LAN? My home LAN already uses 10.0.0, and I would hate to change that (lots of devices with fixed IP address).
Looks like this would give me what I am looking for! Only thing: how would I test this? Could I set up the client Pi at home somehow?

User avatar
Pippin
Forum Team
Posts: 1201
Joined: Wed Jul 01, 2015 8:03 am
Location: irc://irc.libera.chat:6697/openvpn

Re: Linking 2 LANs?

Post by Pippin » Tue Nov 07, 2017 10:21 pm

Most people do not change the subnet of their device, so for example, when you try to connect from a public hotspot that has a standard subnet chances are you run into a routing conflict.
By not using these you try to avoid/minimize those routing conflicts.
The list of subnets are standard subnets used by vendors/manufacturers of devices like routers, access points, phone htospots etc.
how would I test this?
You could do on your LAN but troubleshooting [i[can[/i] be a pain and possibly routing/firewall MASQUERADING rule needs to be changed when placing the RPi in second home.

Other options, friends house, family, neighbour...
Or what I do, use an access point connected to phones hotspot. To the access point is the RPi is connected with cable:
4G Phones hotspot ~~~~~ AP<--cat5e-->RPi (I don`t have RPi but other device)
Instead of an AP you could use USB WiFi dongle in RPi...

Post Reply