Raspberrypi and OpenVPN as Gateway

Question

I have 2 raspberry pi machines

RP1 - connects to my home network using Softether (For remote access) RP2 - connects to an external VPN (ExpressVPN)

If I use the IP address of RP2 (192.168.1.100) as a gateway for my local devices it works, it also works on RP2 within the local network.

However I cannot connect remotely (work or mobile network) to RP1 unless RP2 openvpn is off. Both are running on Rasbian stretch and work fine except when I try to connect to my vpn network.

I expect once I connect to the VPN on RP1 it should use the gateway (192.168.1.100) instead of the default one (192.168.1.1) which I set in /etc/dhcpcd.conf

RP1 is using softether and on a virtualdhcp in 192.168.30.XX subnet when I’m connected, otherwise the IP address is 192.168.1.10

Appreciate your inputs and help.

I do not understand what you mean. Can you please provide a diagram of your network setup? What is Softether and a virtualdhcp? — Ingo, Feb 12 '19 at 14:58
I don’t have s diagram but both raspberry pi’s connect to my main router 192.168.1.1, when I use the IP address of the vpn gateway running openvpn it works on all devices except when I connect remotely to another raspberry pi using vpn. If i stop openvpn i can connect remotely. — MTSOP, Feb 12 '19 at 15:03
I've thought you just paint a picture on a sheet of paper, take a photo of it and link to the photo in your question. Or you may use drawing software. Do you have two openvpn tunnel, one outgoing with one RasPi and one incomming with a second RasPi? — Ingo, Feb 12 '19 at 15:14
I added an image, the outgoing vpn is OpenVPN, the incoming one uses SoftEther using this guide: https://curlybrac.es/2016/11/22/set-up-vpn-server-on-raspberry-pi/ — MTSOP, Feb 12 '19 at 15:32
+1 That makes everything clear. But before spending effort to the answer I would ask if you could also accept a different solution using **systemd-networkd**? I think here are to much different components that must fit together and `dhcpcd` is not the best solution for sophisticated configurations. I only had a glance at *Softether*: tldr. I just assume it's a remote VPN server that we can connect to as openVPN client. — Ingo, Feb 12 '19 at 20:28
I could look at a solution based on these experiences: [Cannot connect to PiVPN Server from WAN but can connect through LAN](https://raspberrypi.stackexchange.com/q/91734/79866), [Raspberry pi as access point with vpn](https://superuser.com/a/1320566), [Routing issue - use vpn gateway router](https://raspberrypi.stackexchange.com/a/92713/79866) and others. I'm hopeful that we can reduce complexity by using only one RasPi as VPN gateway. — Ingo, Feb 12 '19 at 20:29
I will make it simpler. I have a VPN client that once connected will give me a public IP address. On the device i can browse anonymously. However, i cannot ssh to the device anymore until i disconnect the VPN client. I want to be able to vpn to the device and use that internet connection that is already on the VPN (tun0). — MTSOP, Feb 13 '19 at 07:13
VPN isn't a simple task particularly if you want to have a VPN server and a VPN client run simultaneously. The VPN client (RP2) does not give you a public IP address. Instead you have to know the public ip address of the VPN server on the internet you want to connect to (ExpressVPN), mostly used as it's public DNS name. Do you want SSH into what device from the local network? Into RP1 or RP2? However it's not wonder that you can't without clean routing. — Ingo, Feb 13 '19 at 10:11
You want to be able to VPN to the device: now for my understanding comes the VPN server RP1 to play. RP1 does not has an internet connection. It is only connected to the local network. Clients on this local network can get into the internet through the Main Router. Remote devices with a VPN connect to RP1 can you make to be a client on the local network. It can get into the internet because it occurs as client on the local network. It should also be possible to just route the traffic from the remote VPN device to the Main Router. — Ingo, Feb 13 '19 at 10:18
- Both have an internet connection from my internet router, 1 connects to ExpressVPN and 1 accepts VPN connections. If i use the local IP addresss for the RP that connects to ExpressVPN as a gateway, it will work but cannot VPN to that box anymore. — MTSOP, Feb 13 '19 at 11:18
No, both (RP1, RP2) are clients on the local network 192.168.1.0/24 and this way they can get into the internet. Only the Main Router has an internet connection. It is important to see it this way, otherwise you cannot understand the routing issues. If you shut down the Main Router, both cannot get into the internet like any other client on the LAN. — Ingo, Feb 13 '19 at 11:25
Correct. When I try to connect to the 2nd RP it doesnt work because something with the routing is not working, thats what im trying to achieve. Use the gateway of the RP1 while i am on the RP2 vpn — MTSOP, Feb 13 '19 at 11:30
It's my offer to try to present a clean setup with **systemd-networkd** but it takes some effort so it would be frustrating if you say then "thanks, but doesn't like it ..". So my question from the beginning: are you willing to start over again (maybe with an additional test SD Card) using **systemd-networkd**? — Ingo, Feb 13 '19 at 11:43
Sure, i can try that, please present your setup and i can test it and see if it works out. In the end i am trying to use 1 vpn connection [Mobile to Home to ExpressVPN] instead of [Mobile to ExpressVPN] that way i can also check on my local network and unblock ports on the same device. — MTSOP, Feb 13 '19 at 11:51
OK I will try but please be a bit patient. I'm just working on another project *WiFi Direct*. Just to have the same naming: this local network 192.168.1.0/24 with the Main Router is the Home network? — Ingo, Feb 13 '19 at 12:05
192.168.21.231 is RP I can vpn into, 192.168.21.232 is the RP i connect to Expressvpn, 192.168.21.1 is the main router. — MTSOP, Feb 13 '19 at 12:10
OK and that is the Home network? But in your drawing all devices have 192.168.1.* ip addresses. — Ingo, Feb 13 '19 at 12:18
And that is what you name **Home Network**? [ ] Yes .. [ ] No. — Ingo, Feb 13 '19 at 12:47

Raspberrypi and OpenVPN as Gateway

0 Answers0