Posted: Sat Mar 27, 2021 20:21 Post subject: 2 router ovpn back to back - No web access only in terminal
Hi so i end up spending about 3 days on to configuring a vpn chain but can't figure how. It's simply : 2 router with different ip, each connect to a vpn provider and i plug 1 into the other.
Router 1 192.168.50.1 ovpn over udp 1194
Router 2 192.168.30.1 ovpn over udp 443.
Each router work fine when alone. But when i plug the router 2 into lanport#3 of the router 1 : i can ping, wget and do curl in terminal. But nothing load up in webpage.
I did even try openwrt.. (still dd-wrt look better hehe.) But even those give same thing : only terminal give something, but no web acess. Local router webpage do work, webpage.. ipleak.com .. no. The setting of PPTP pass / L2tp pass / ipsec pass. are all enable. For the rest it's pretty default.
If someone have step on the how to do or how to foward or so.. ? I guess i got wrong step or so..
Hi So i spend the day again and i think it look more as some port perhaps.. So using the recent one: tp ArcherC7 v2 ddwrt build: fev25 -r45849. Just having this router alone : if i plug a windows10 pc and fire up the openvpn gui: i do get a connection, but no web page load. I can ping / curl anything from the command prompt.
same as with a linux terminal, and same if i plug a second router to the first one.
So from a fresh firmware: i enable log and i have only setup the openvpn client, no vlan, no script, no other change. Security/vpn passthrou are all enable.
Main router (c7) run vpn in Udp1194 , if i run the win10 or other in tcp443 or tcp1194 it don't pass either. I see the vpn client do created random port in the 10.10.. zone in order for the tun to work i guess. Is a port forward to this zone or something can do ?
i just need to have a ovpn running in the win10 that will be plug into the router : who is already having a vpn running too.
*If i set an stunnel in the client machine it work fine. and go using the router vpn.
Joined: 13 Aug 2013 Posts: 6865 Location: Romerike, Norway
Posted: Fri Apr 02, 2021 10:46 Post subject:
Looks like you are tunneling the VPN from Router 2 inside the tunnel of Router 1. That creates a lot of overhead. You have to reduce the MTU on Router 2 to compensate. There is absolutely no reason to do this.
Enter the IP of Router 2 in the PBR on Router 1 to bypass VPN on Router 1.