WIKIABOUT

FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

Most popular tags

rut955 rut240 rut950 rutx11 rms vpn to openvpn wifi not sms trb140 firmware connection - ipsec on rutx12 rutx09 modbus
We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.

VPN behind VPN - VPN in a row

+1 vote
113 views 0 comments
by anonymous
Hey there,

I have the following setup:

I am currently using a RUTXR1 via OpenVPN client to connect to a private WAN network. Within this network sits the openvpn server. Furthermore I have a RUTX11, which is connected via 4g directly to the private wan network. I can successfully reach the RUTX11 router from the RUTXR1 and vice versa.

Now I have the requirement that all LAN devices must be within one subnet. Therefore the idea came up to set up an openVPN TAP server in the RUTXR1, which has access to the private wan network via the openvpn client. At the same time I install a TAP client on the RUTX11 to finally provide a subnet for all lan devices.

I have already successfully set up the server and client with this:

https://wiki.teltonika-networks.com/view/Connecting_two_same_subnet_office_networks_using_OpenVPN_bridge_(TAP)

Unfortunately I can't reach the rutx11 from the rutxr1 and vice versa. I think a route is missing here, which forwards the traffic from the OpenVPN server to the openvpn client and vice versa or ?

How can I set this up?

1 Answer

0 votes
by anonymous

Hello,

  

In order to better understand your configuration, I will ask you to generate troubleshoot files from the server and the client. This can be done by navigating to System → Administration → Troubleshoot. These files can be attached to the original post and will only be visible to Teltonika moderators.

Some additional things to note about using TAP mode:

  • Make sure that only one DHCP server is active. for example, if you'd like the RUTXR1 clients to be on the LAN network of the RUTX11, RUTXR1 should have its DHCP server disabled, and its IP should be in the same subnet as RUTX11 (e.g. if RUTX11 LAN IP is 192.168.1.1, then RUTXR1 could have 192.168.1.2);
  • Route for one device to reach another is not needed since OpenVPN TAP mode operates like a virtual L2 switch;
  • I would recommend using TLS authentication and generating the certificates on RUTX11. This way on the server the option Certificate files from device can be enabled, and for the RTUXR1, the certificates can be downloaded from the RUTX11 by navigating to System → Administration → Certificates → Certificate Manager tab (ca.cert.pem, client.cert.pem, client.key.pem);
Also, make sure RUTXR1 can actually reach the RUTX11 by pinging it's WAN IP. If it does not respond, then most likely some routes are missing within your private network.

   

Best regards,
DaumantasG