1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Point to Point TUN with OpenVPN?

Discussion in 'Tomato Firmware' started by Elanzer, Aug 3, 2010.

  1. Elanzer

    Elanzer Addicted to LI Member

    I've been trying to bridge 2 office networks together for a few weeks now, both networks are just basically a dozen computers, each side has a NAS for the work data. I'm trying to make it so every system on each side can connect to both NAS units pretty much transparently (ie: map eachother as a network drive).

    I've fought with a TAP setup going router to router for hours on end and just can't get it to be stable with either 2x WRT54GLs or 2x RT-N16s on any VPN build, the routers consistently just drop all connections every couple minutes and become unusable until the VPN connection is cut. Has anyone ever successfully utilized a TAP VPN with Tomato or DD-WRT with stability?

    I can't seem to wrap my head around this and find this answer no matter how much I look: is there any way to bridge two networks together router to router with a TUN connection? Most guides or discussions are just pointing towards tunneling a single client through. I just want to be able to map the NAS on each end to every PC.
     
  2. Dagger

    Dagger Networkin' Nut Member

    TUN is what you want to use. Configure one router as a server and the other as a client. Make sure each LAN has a unique network (i.e. 192.168.10.x and 192.168.20.x), then it's just a matter of routing one network to the other.... probably with static routes in the routers.

    This is what I would try:

    Router A is the gateway for 192.168.10.0/24
    Router B is the gateway for 192.168.20.0/24

    Router A's VPN IP is 10.10.10.1
    Router B's VPN IP is 10.10.10.2

    Static Route on Router A = 192.168.20.0 255.255.255.0 10.10.10.2
    Static Route on Router B = 192.168.10.0 255.255.255.0 10.10.10.1

    Broadcasts will not be repeated or relayed across the TUN, so don't expect Network Neighborhood to work without additional configuration. You can still map a network drive... you'll just need to specify the target IP manually.
     
  3. Elanzer

    Elanzer Addicted to LI Member

    but how do you access something behind the router this way?

    That's the part I don't understand, if say a NAS is 192.168.10.50 behind VPN router A, what IP would map to it on VPN router B's side of the tunnel? Would I still be accessing 192.168.10.50 from the other side, which would be a 192.168.20.xxx subnet?
     
  4. Dagger

    Dagger Networkin' Nut Member

    VPN = Virtual Private Network

    Your two routers would be directly connected via a private tunnel. This tunnel should not be NATed... so the networks would access each other via their actual IPs. Think of the TUN as a cable going from a LAN port on one router to a LAN port on the other router... with each LAN port having it's own IP instead of being bridged with the other LAN ports.
     
  5. Elanzer

    Elanzer Addicted to LI Member

    Alright I've made some progress.

    I'm not totally connected yet, I'm still missing something.

    So far, from Side B (10.10.10.2/192.168.20.x) I can ping Side A at 10.10.10.1 but not anything else on that side. I cannot do the reverse though with a ping to Side B at 10.10.10.2.

    I've setup mostly what you've suggested, but I don't think the routes are correct. I've setup the static route as follows:

    Side A:
    Destination - 10.10.10.2
    Gateway - 192.168.20.0
    Subnet Mask - 255.255.255.0
    Metric - 0
    Interface - LAN

    Side B:
    Destination - 10.10.10.1
    Gateway - 192.168.10.0
    Subnet Mask - 255.255.255.0
    Metric - 0
    Interface - LAN

    When I uncheck routes must be configured manually on the client configuration, I can no longer ping the other side.
     
  6. Dagger

    Dagger Networkin' Nut Member

  7. Elanzer

    Elanzer Addicted to LI Member

    Thanks for the link, helped me get a bit further. I guess my problem was that I was using static key?

    Now I've generated certificates/keys and got the VPN seemingly connected with TLS according to the status on both sides, but something is missing - I still can't access either side... in the middle of troubleshooting it I accidentally filled in the VPN server's local gateway in the VPN Subnet configuration instead of trying the client's like the linked post says, and it broke my ability to connect remotely, so I can't set it up any further until the morning and I guide someone over the phone to change that setting to something else.

    I can't wait until this is over, probably the biggest nightmare I've come across in my computing career - mostly because I'm doing it all remotely and I'm blind to both networks.
     

Share This Page