Advertise LAN subnet over OpenVPN

I've got a GL-X3000 that I am putting IP cameras on. I need to reach those to get the video stream. T-Mobile does not put public IPs on their 5G Internet except if you ask for a static IP. We're a business, so we could do that. But, they provide the IP from a data center in Washington state - we are in NC - so the traffic has to traverse the country twice. Almost 200 ms latency, jitter not real good, and modem cannot operate in SA mode, only NSA, so uplink suffers.

I have an OpenVPN server - pfSense - and I establish the tunnel without issue. I can reach the web interface of the X3000 over the tunnel by going to the assigned tunnel VIP. The problem is that I cannot figure out how to advertise the subnet - I can leave it at 192.168.8.0 - back to the OVPN server. It knows nothing about that network. If I communicate back from that LAN towards the server, it's masquerading the traffic to be the VIP, even with masquerade off. Traffic to Internet from X3000 LAN goes over tunnel and out at server - again, as the VIP - without issue.

I see nothing in the web interface that allows for advertising the IPs on the LAN. I know people have done this, so anyone know the tricks I need to do?

Thanks

I assume the LAN subnet advertise feature is the route advertise?

Please configure this script:
/lib/netifd/proto/ovpnserver.sh

add:
push "route [YOUR LAN SUBNET] [SUBNET MASK]"

Can you clarify please? What I am trying to do is get the cameras at 192.168.8.x - on the X3000 - able to be accessed by the OVPN server. The intention is to NAT from the WAN I/F on the OVPN server - 68.2.3.4:5541 -> 192.168.8.101:554 for example - to those cameras on the X3000 LAN side. The issue as it is now is that 192.168.8.x doesn't show up in the arp or route table on the server, so attempting to reach that fails.

Thanks again

May can try adding a route rule in the server, to bring the VPN tunnel all network devices find the subnet IP.

image1032×287 10.9 KB

image1211×376 17.3 KB