Help with a simple configuration to connect a pc and router

[Garret]

Since I want to access to my openwrt router at my network's home I discovered I am forced to use OpenVPN. In fact the ISP which provides the internet connection doesn't allow his customers to be visible from the exterior (it is an Italian ISP named Fastweb).

The pc with what I want to access my router from the exterior is connected to the internet with a public IP and I can open the doors I want. For this reason I want to install the openvpn server on that pc.

What I would like to achieve is to see all the devices connected on the openwrt router (and the router itself) from the PC with the public IP.

For example, access the router web interface by simply writing 192.168.1.1 on the pc with openvpn server of which the local address is 10.0.0.2.

At the same time I would avoid to install the openvpn client on each device connected to the openwrt router. Is this possible? So reach the 192.168.1.3 pc from my openvpn server pc with 10.0.0.2 as local address, without installing openvpn client on the 192.168.1.3 pc.

Is this kind of operation called "bridging"? I am pretty new with openvpn, so I came here to gently ask if you can suggest me some configurations for the openvpn server and client.

What would happen if I restart the pc with the openvpn server? I mean does the router with openvpn client automatically reconnect as soon the openvpn server is again on?

I think an image is better descriptive of what I want to build:


Really thanks in advance.

[maikcat]

openvpn in routing mode can do that,

lan to lan communication can be setup using your ddwrt
router as the server and your client pc as openvpn client...

look in doc section and you will find plenty info on how to do that.

cheers,

Michael.

[Garret]

lan to lan communication can be setup using your ddwrt
router as the server and your client pc as openvpn client.

I don't want my router as server but as client.

But the fact that I want all the devices connected either by ethernet and wi-fi in the same vpn without installing the openvpn client on each single device, does this have to be set on the openvpn client config file of the router or is an external operation?

[maikcat]

>I don't want my router as server but as client.


one side must be the client,the other the server...

usually the server side is where the static public ip is.

the lan-to-lan scenario in openvpn is configured to the server side,
basically you are configuring routing inside openvpn...

means that you must setup your routing in both networks accordingly..

Michael.

[Garret]

the lan-to-lan scenario in openvpn is configured to the server side,
basically you are configuring routing inside openvpn

So I should add a voice in the openvpn server config file to have the devices connected to the router to be automatically seen.

I am still trying to make the config files since I've never set up a vpn, but could you at least help me with this part? The lan-to-lan part I mean.

[maikcat]

tell me which side would host the server part and which pc would host the client...

Michael.

[Garret]

tell me which side would host the server part and which pc would host the client...

Michael.

It's all depicted in the image in the first post

[maikcat]

assuming you know to create certificates already...

server config

proto udp
port 1194
dev tun
ca keys/ca.crt
cert keys/server.crt
key keys/server.key
tls-auth keys/ta.key 0
dh keys/dh1024.pem
server 10.8.0.0 255.255.255.0
push "route 10.0.0.0 255.255.255.0"
client-to-client
client-config-dir ccd
keepalive 10 60
cipher AES-256-CBC
comp-lzo
max-clients 100
user nobody
group nobody
persist-key
persist-tun
status /etc/openvpn/status.log
log /etc/openvpn/openvpn.log
verb 3
tls-cipher DHE-RSA-AES256-SHA
auth SHA1
ccd-exclusive
;management 0.0.0.0 7505
route 192.168.1.0 255.255.255.0


client.conf

client
proto udp
keepalive 10 60
cipher AES-256-CBC
comp-lzo
persist-key
persist-tun
verb 1
dev tun
ns-cert-type server
tls-auth keys/ta.key 1
cert keys/user01.crt
key keys/user01.key
ca keys/ca.crt
remote serverip 1194


ccd file named user01

ifconfig-push 10.8.0.10 10.8.0.9
iroute 192.168.1.0 255.255.255.0



you MUST enable ip forwarding on BOTH openvpn endpoints
the server config is for linux based..

Michael.

[rainbow6]

It would have being easier if you have a wrt capable modem-router at both sides. Then you can configured them by following the guide in openwrt.

[Garret]

It would have being easier if you have a wrt capable modem-router at both sides. Then you can configured them by following the guide in openwrt.

Actually I could use a Fonera 2100 on the server part but I don't think it could be so powerful to handle the netwrok.

@maikcat: you said that that configuration is only for linux. Because maybe on that pc I am going to use windows too, it is necessary to use the only expedient I should keep in mind is to change the paths in the windows format?

Then why this part is separate? What is it?

Code: Select all

ccd file named user01

ifconfig-push 10.8.0.10 10.8.0.9
iroute 192.168.1.0 255.255.255.0

[maikcat]

if you want to use the server config on win remove these

user nobody
group nobody


the other 3 lines is for you to create a ccd file named user01
and use the other 2 lines as its content...

Michael.