Hello,
I have read lot of time all subject here but I have no clues on how to make this
in real life.
I have 2 Edgerouter:
- One EdgeRouter Pro in datacenter with BGP and IPv4/IPv6 PI routed on it
- One EdgeRouter Lite in my home.
The aim of this is to route on my ER-L a /29 (IPv4), in my example : 192.0.2.8/29, and /62 (IPv6) on eth0 thru openvpn in client mode.
In short :
- ER-P => OpenVPN Server
- ER-L => OpenVPN client
Why do I use such setup ? My ISP is sharing a IPv4 with several customers and
I cannot get access to my home Lan. IP can change and PAT doesn't work.
So the best way it use my ER-L as client mode.
On the ER-P I have setup the following:
openvpn vtun0 {
hash sha256
mode server
openvpn-option --comp-lzo
openvpn-option "--push redirect-gateway def1"
openvpn-option "--route 192.0.2.8/29"
replace-default-route {
local
}
server {
client kiwi {
ip 192.0.2.254
}
subnet 192.0.2.248/29
}
tls {
ca-cert-file /config/auth/cacert.pem
cert-file /config/auth/server.pem
dh-file /config/auth/dhp.pem
key-file /config/auth/server.key
}
}
On this example I was a bit puzzled I have to use a /29 inside the server{ }, but woookay let's do this.
On the ER-L, here is the configuration
openvpn vtun0 {
hash sha256
mode client
openvpn-option --comp-lzo
remote-host 192.x.x.x
tls {
ca-cert-file /config/auth/cacert.pem
cert-file /config/auth/erl.pem
key-file /config/auth/erl.key
}
}I have on eth0 the 192.0.2.8/29 subnet as it should be.
Okay now the issues.
On ER-P the 192.0.2.8/29 is NOT reinjected properly in the routing table.
Adding a static route forcing it to go thru interface openvpn vtun0 doesn't fix this.
Now on a pfsense setup we can configure the openvpn server setup the *remote* network to be seen, why doesn't seems to be easy to do in ER ?
Do I have done some incomplete stuff on this ? Can someone help me ?
(Well maybe on IPv6 I will have issue, but now the target is to make IPv4 working).
Regards,
Xavier