2

Hi I was wondering if the following setup would work. My Network

I am trying to accomplish the following.

Connect to VPN server from outside my network and then VNC or RDP and possibly SSH into the other raspberry pi and have access to resources shared on SMB on Neighborhood LAN.

I don't need internet connectivity from the Neighborhood LAN just access to network resources like SMB shares.

Do I need to set up any special routes for this to work?

EDIT: Question is different than suggested duplicate as Connecting to the VPN will give me a LAN IP in the range of 10.10.0.0/24. My question is whether a VPN client connected to the VPN server will be able to, for example, ssh into the second raspberry pi and access network resources on the Neighborhood LAN.

Thanks

mike65535
  • 141
  • 1
  • 1
  • 6
Hani Umer
  • 117
  • 1
  • 2
  • 8
  • Possible duplicate of [Connecting RPi to 2 different networks](https://raspberrypi.stackexchange.com/questions/84748/connecting-rpi-to-2-different-networks) – Patrick Cook May 28 '19 at 01:41
  • Thanks for the suggestion but its different because I am connecting as a VPN client on one network and trying to access resources on the second network. – Hani Umer May 28 '19 at 02:19

1 Answers1

3

First of all: very good explained question. But it is a sophisticated setup. And just to answer your question: yes, it is needed to setup special static routes on several devices.

But it is very difficult to give advices remotely. I would need access to the network to try setup and look how it works step by step, the usual way to do the work of a network administrator on a complex setup. But here are some general considerations. I don't know what VPN do you use but I will refer to OpenVPN.

First you have to decide what method do you want to use to connect to the local network by OpenVPN. You can use routing with tun devices or you can use bridging with tap devices.

Routing is the default setup of OpenVPN. The problem with routing is that if you want a connection to the neighbors resources from the remote client on the internet the source ip addresses are from 192.168.1.0/24. Every hop on the route to it have to know where to send this packages forth and back. RPi[192.168.10.20] knows it because it is direct connected to the neighbors network. All other hops (RPi[192.168.10.10] and remote VPN-client) should need a static route. In addition it may be possible that a device must be faked with a NAT (network address translation). The DSL-router does not need a static route to the neighbors network because it isn't on the route. The route goes through the VPN connection, tunneling the DSL-router. To get an idea for a simple OpenVPN routing setup you can look at Simple openVPN with static keys.

I would prefer bridging with this setup. With it the remote VPN-client becomes a direct member of the local network 192.168.10.0/24. It also gets an ip address from this subnet from the local DHCP server (running on the DSL-router?). You can think it as direct connected to the DSL-router with a solid line like the other devices and it behaves exactly like a local device. The disadvantage is that setting up bridging mode with tap devices on OpenVPN is not the easiest task. To get an idea for an OpenVPN bridging setup you can look at How to bridge an access point with a remote network by openvpn?.

Ingo
  • 40,606
  • 15
  • 76
  • 189
  • I think I will try the bridging. Question is theoretical as the raspberry pi's haven't arrived in the mail yet. – Hani Umer May 28 '19 at 10:48