raspberry PI as gateway to route VPN traffic

depam · 06-21-2013, 07:42 AM

I have two RPI on two different location. Both have been installed with OpenVPN Server. On Server B, I have also configured a OpenVPN client to connect to Server A. I want to use this as a gateway for my current LAN. The plan is to add a routing on my DD-WRT router to forward traffic destined to the remote subnet to RPI which is already connected to the remote network via OpenVPN client. Is this possible? I only have one ethernet installed and not sure if this is possible.

On Server B, I have the below interface

eth0 --> Current Network LAN
tun0 --> OpenVPN server that listens for connection to remote user who wants to connect to current network LAN
tun1 --> OpenVPN client connecting remote subnet

I had success with a DD-WRT site to site OpenVPN setup however the only thing that worked for me is using a static key and not PKI. I didn't make it permanent as I am afraid that having a static key compromised can be a security hole to both of my network. My current RPI is configured using a PKI with TLS-AUTH which is a lot secure than the static key. I just not sure how to have site to site routing wotk having this setup.

Do you guys think its worth it to pursue this setup or static key will be a better choice (though I am not really sure how long or easy to compromise the key).

cliffordw · 06-22-2013, 02:44 AM

Hi there,

I haven't tried this, but see no reason why it shouldn't be possible.

On the router it should be a simple matter of adding a static route to forward the traffic for that specific subnet to Server B.

On server B you'll need to NAT the traffic coming from eth0 and going to tun1, using iptables.

Hope this helps.

Clifford

depam · 06-22-2013, 06:13 AM

I have tried to do masquerading without success on tun1. My DD-WRT also lose control for some unknown reason and my client PC just can't connect to net at all. I am not sure if its a bug on DD-WRT but after recovering from backup, all went back fine again. For testing, I used a static key OpenVPN between two routers but I find that the speed is a bit slow for some reason.

I will give it a try again but can you help to let me know a sample of iptable I need to put in. It seems POSTROUTING doesn't work fine with me.