Unfortunately after configuring the VPN, I could ping from the router
to the other LAN, but I could not ping from one LAN to the other LAN.
Not good!
I got lots of help from the VPN and VLAN and authors. Long story short: the VLAN setup was not allowing packets on the local LAN to be forwarded to the VPN tunnel.
The solution is to manually add a one-line forwarding instruction to
each router. The exact instruction depends on which VLAN you wan to
route to which VPN tunnel.
The VLANs are listed under Advanced > VLAN. Choose the Bridge name for the VLAN you want to connect.
The tunnels are named as follows: tun11 = OpenVPN Client1, tun12 =
Client2, tun21 = Server1, and tun22 = Server2. You can see which tunnel
is active under Advanced > Routing. This screen shot is from my
OpenVPN server:
On both the client and sever, my main LAN (that I want to share
across the VPN) is on br0. The server is tun21 and the client is tun11.
So on the OpenVPN server router, I ran this instruction from Tools >
System:
iptables -A FORWARD -i br0 -o tun21 -j ACCEPT
and on the OpenVPN client router I ran this instruction:
iptables -A FORWARD -i br0 -o tun11 -j ACCEPT
Voila! Bi-directional ping happiness, from server’s LAN to client’s LAN and vice-versa.
To make the instructions “sticky,” save the corresponding instruction
in Administration > Scripts > Firewall on each router, and reboot
the router.
This functionality may eventually become “standard” or part of the
GUI, but for now, a pair of simple instructions lets you use OpenVPN on a
router running VLANs.
LibreOffice
Firefox
OpenSUSE
No comments:
Post a Comment