Posted: Fri Jan 15, 2016 18:29 Post subject: OpenVPN Bridged Site-to-Site (TAP) Routing Configuration?
Sorry posted in the wrong forum sections. Please move --> Advanced Networking
Hello Everyone
I have setup my Netgear R8000 & R7000 with DD-WRT v3.0-r28800M kongac (01/14/16) and have configured both the R8000 server and R7000 client with a bridged (TAP) OpenVPN setup. The connection between the two gateways is successful as shown on the both OpenVPN status pages, but I can't access anything from the server side subnet 172.16.4.0/24 from my client side subnet 172.16.5.0/24 and visa-versa.
If telnet/ssh into the (server at 172.16.4.1) from there I can only ping the other machines on the same 172.16.4.0/24 subnet and the single client IP 172.16.5.1 but not any other machines on the 172.16.5.0/24 subnet.
If telnet/ssh into the (client at 172.16.5.1) from there I can ping any machine and the server on either subnet 172.16.5.0/24 and 172.16.4.0/24 but the machines behind the DD-WRT client (at home) can't ping anything from behind the DD-WRT server (at work) side network?
I have NAT disabled on the DD-WRT client, because I would rather not have every machine hind behind a singe IP. But If I enable NAT for testing purposes, my machines (at home) on the client side network 172.16.5.0/24 can access the server side (at work) subnet 172.16.4.0/24. The server side still can't access the client side network though.
Would someone mind looking over my network diagram and server/client configurations and help me get this issue sorted out?
I hope this makes sense? Please ask if you have any questions.
I'll post the OpenVPN server and client configurations in the next two posts...
Thank you very much:!:
Gratitude,
Robert aka Mrengles
Network Diagram.png
Description:
Filesize:
161.97 KB
Viewed:
23905 Time(s)
Last edited by mrengles on Fri Jan 15, 2016 19:39; edited 2 times in total
I had the wrong Gateway for my Static Route on the DD-WRT OpenVPN Server You can see the image above shows 172.16.4.1, but it should be 172.16.4.51.
The Static Routing Gateway should be the same IP as the DD-WRT OpenVPN Client when setting up a Site-To-Site OpenVPN at last with my (this) particular setup. Its works this way at least.
Now I just need to figure out how to get OpenVPN -> Client -> Bridge TAP to br0 working.
Does anyone have any ideas what Firewall or other settings might be needed?
When I enable Bridge TAP on br0 on the client side DD-WRT gateway I loose access to the server and client subnets again, but the Bonjour and broadcasted servers show they just are not accessible to connect.
I think id have to agree with eibgrad, not really sure what you are trying to accomplish with bridging tap to br0. What your network diagram shows is a routed VPN .
I think the real problem is you need to ask yourself what are you trying to accomplish?
If you simply would like to have the resources on the other subnet available to you routed vpn is the way to go. Only the traffic that is destine for the other subnet gets transmitted across the VPN which in my opinion is the most efficient way to do this, otherwise as Per Yugve Berg said all the broadcasts are going to be going back and forth over the VPN hogging up what little upload bandwidth you have available. My wide area network upload bandwidth at 50 megabits seems like not enough some days if there are several interoffice phone calls in progress as well as heavy database queries, and then I cant imagine stacking all the network noise on top of that.
When you say you want to much out of the VPN what is not delivering?
And I assume you got this all up and running by now.