Client to Client Routing

[burrellbloke]

I have an ASUS 4G-AC55U router which uses a 4G mobile signal rather than a telephone line to connect to WAN.

My mobile provider uses Carrier Grade NAT so I do not get assigned a public IP address to the 4G sim.

As a way to bypass the CGNAT I have set up OpenVPN AS on AWS using this guide: http://envyandroid.com/setup-free-priva ... mazon-ec2/. I am trying to create a solution so that I can access my home network via the OpenVPN AS.

I can connect 2 clients to the OpenVPN AS. I connect my router using the ASUSWRT standard firmware to the OpenVPN AS as a client. I can also connect other another device/client to the OpenVPN AS. From the admin GUI I can see that the connected client's have been assigned private internal IP addresses. When both client's are connected they can talk to each other's private IP address that appears in the admin GUI.

What I have been unable to do so far is get a connected client that is outside of my home LAN to communicate to devices on my home LAN through the OpenVPN AS.

I have very little experience with OpenVPN.

Is anyone able to help me with what I need to do to set up my OpenVPN AS so that I can connect my home LAN via the router's OpenVPN client and then "dial in" with another OpenVPN client connected to my OpenVPN AS?

[novaflash]

On the account for the Asus router enable VPN Client Gateway and input the subnet of your home LAN. For example 192.168.70.0/24.

On the VPN settings page near the top set the option "allow access to private subnets" to "yes, using routing", and input the 192.168.70.0/24 subnet as well.

[burrellbloke]

Thank you.

I am now able to connect to the OpenVPN As from both clients and I can now connect remotely to the local IP address on my home LAN to gain access to the router running the OpenVPN client connection. But, I can only access the specific IP address of the router where the VPN tunnel ends. I cannot remotely access any other local IP address on my home LAN.

I get the following errors on the Asus router:

Sep 22 14:31:08 openvpn[9188]: UDPv4 link local: [undef]
Sep 22 14:31:08 openvpn[9188]: UDPv4 link remote: [AF_INET]XXX.XXX.XXX.XXX:1194
Sep 22 14:31:11 openvpn[9188]: [OpenVPN Server] Peer Connection Initiated with [AF_INET]XXX.XXX.XXX.XXX:1194
Sep 22 14:31:13 openvpn[9188]: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:4: dhcp-pre-release (2.3.2)
Sep 22 14:31:13 openvpn[9188]: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:5: dhcp-renew (2.3.2)
Sep 22 14:31:13 openvpn[9188]: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:6: dhcp-release (2.3.2)
Sep 22 14:31:13 openvpn[9188]: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:21: register-dns (2.3.2)
Sep 22 14:31:13 openvpn[9188]: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:22: block-ipv6 (2.3.2)
Sep 22 14:31:13 openvpn[9188]: Preserving previous TUN/TAP instance: tun15
Sep 22 14:31:13 openvpn[9188]: NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device.
Sep 22 14:31:13 openvpn[9188]: /sbin/ifconfig tun15 0.0.0.0
Sep 22 14:31:14 openvpn[9188]: TUN/TAP device tun15 opened
Sep 22 14:31:14 openvpn[9188]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sep 22 14:31:14 openvpn[9188]: /sbin/ifconfig tun15 172.27.XXX.XXX netmask 255.255.248.0 mtu 1500 broadcast 172.27.XXX.XXX
Sep 22 14:31:19 openvpn[9188]: Initialization Sequence Completed

I think that there are configuration issues with my router and not the OpenVPN AS?

[novaflash]

The unrecognized options stuff is not a problem in this case.

In theory if the Asus router is the default gateway for your network, then traffic should already now be flowing. It's possible that there's some firewall rule in the way.

[burrellbloke]

Thank you again.

I was trying to set up the Asus router as a back door entrance to my LAN.

I already have an ASUS RT-AC3200 router which deals with my incoming WAN connection over a fibre/telephone line. That is the gateway with an IP address of 192.168.0.1. That router deals with network tasks such as NAT, port forwarding etc., etc.

I was unsure how to set up the ASUS 4G for this scenario so I gave in a fixed IP address of 192.168.0.8. I set the gateway for the 4G router as 192.168.0.1. The router can see other local machines as they are visible on the 4G routers admin GUI.

Should I set up the 4G router differently?

[novaflash]

Oh I thought it was the main router. In that case, in the main router, set up static routes for the VPN subnet(s) with as the gateway the address of the Asus router that takes care of the OpenVPN connection.

[burrellbloke]

Sorry - I am a bit of a networking novice. I try and work these things out by trial and error.

Just to be clear the 4G router has the OpenVPN client running on it via a mobile 4G connection. The 4G router has an IP address of 192.168.0.8. The main router is at 192.168.0.1.

So - do I set up the static routes on the main router at 192.168.0.1? Also, what info do I need to put in the GUI? These are the fields I can input the information in:

Network/Host IP - Netmask - Gateway - Metric - Interface

[novaflash]

Let's say your VPN subnet is 172.16.55.0/20. Then on the 192.168.0.1 router add this static route:

Network/Host IP: 172.16.55.0
Netmask: /20, or 255.255.240.0 (depends on what your router will accept)
Gateway: 192.168.0.8
Metric: not sure if it's applicable, try leaving it empty for now
Interface: should be the LAN side, not the WAN side

[burrellbloke]

novaflash - thank you for your time and patience.

I have now been able to achieve my goal of connecting to my 4G router via a mobile network that operates CGNAT and does not assign public IP addresses.

I have also now worked out what static routing is all about.

Once again - thank you.

[novaflash]

You're welcome.