raspberry PI as gateway to route VPN traffic
I have two RPI on two different location. Both have been installed with OpenVPN Server. On Server B, I have also configured a OpenVPN client to connect to Server A. I want to use this as a gateway for my current LAN. The plan is to add a routing on my DD-WRT router to forward traffic destined to the remote subnet to RPI which is already connected to the remote network via OpenVPN client. Is this possible? I only have one ethernet installed and not sure if this is possible.
On Server B, I have the below interface
eth0 --> Current Network LAN
tun0 --> OpenVPN server that listens for connection to remote user who wants to connect to current network LAN
tun1 --> OpenVPN client connecting remote subnet
I had success with a DD-WRT site to site OpenVPN setup however the only thing that worked for me is using a static key and not PKI. I didn't make it permanent as I am afraid that having a static key compromised can be a security hole to both of my network. My current RPI is configured using a PKI with TLS-AUTH which is a lot secure than the static key. I just not sure how to have site to site routing wotk having this setup.
Do you guys think its worth it to pursue this setup or static key will be a better choice (though I am not really sure how long or easy to compromise the key).
|