OpenVPN site to site

Hi All,

Has anyone got any experience with OpenVPN and GL-Inet devices? I am trying to setup a site to site VPN (details in pictures). The GL device seems to only connect as a client rather than a peer, which means that I don’t appear to be able to route traffic from the LAN to the remote LAN. Any one got any ideas what routing I need to add to which device? I think the GL is running openwrt in some form… I have console access to the device if needed.
I don’t have a huge amount of experience with OpenVPN so not 100% sure where to start.
At the LAN end its a OPNSense firewall and at the Remote end it’s a GL-Inet AP1300-LTE…
Thanks
M

This is the openvpn config, pretty simple :slight_smile:

dev tun
persist-tun
persist-key
cipher AES-128-CBC
auth SHA256
mode p2p
resolv-retry infinite
remote xx 1196 udp
lport 0
verify-x509-name "xxxsubject
remote-cert-tls server
comp-lzo no
<ca>
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
</ca>
<cert>

</cert>
<key>

</key>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----
</tls-auth>
key-direction 1

What’s the routing table at the server side look like? Does it have a route for 192.168.4.0/24? You may need to enable the client-to-client option and also push a route (eg see trying to route between two openvpn clients - Server Fault)

1 Like

Thanks I’ll take a look. I’ve been banging my head against a wall for a while with this device, the bastard hybrid between the GL interface and openwrt is driving me insane. The device is great and the one way aspect of the VPN is working fine. I think the routing table is ok, I’m not sure if there might be a firewall issue on the device. Ugh!

I’ve emailed the manufacturer now to see if they can provide any insight. It’s getting to the point where I’m going to see if I can pay someone to have a look :joy: