Bidirectional VPN between sites GL-AR750S

prsiii · December 12, 2020, 8:19pm

Looking for help in implementing my VPN arrangement, here’s the brief description: I have two locations, I call Main and Remote for the sake of discussion. I have two GL-AR750S at my disposal.

Main has a fixed public IP behind a firewall (in this case, a netgear orbi) and I can easily punch a hole in it’s firewall. It also has it’s own VPN server which I can optionally enable, but I don’t know how compatible netgear’s openvpn configs are with gl. The Orbi sitting at 192.168.1.1/24 currently. Main has a network of various servers, IP cameras, and IoT devices.

Remote is a small network of various devices, which include a server, IP cameras, IoT devices, and sometimes my laptop.

The issue I’m having is being able to have devices from either site access devices from the opposite sites. In a typical VPN arrangment, the expectation is laptops on the client side access server resources and you usually can’t have the server side access client devices.

How best can I accomplish bidirectional access? I thought about the TAP bridge mode, and downloaded the special firmware for that feature, but the interface appears to be too ‘chatty’ and consumes excessive upstream bandwidth due to broadcast traffic resulting in very poor performance and dropped VPN connections.

Any wisdom appreciated!

lacoursj · December 12, 2020, 8:49pm

I’m waiting for my Amarok to arrive, so I can’t give you specific intructions, but openvpn itself allows for clients to “push” their routes to the server, such that server-side LAN devices can see client-side LAN devices. In the client conf you need “iroute ” to push the route. In the server conf you need “push route…” AND “route ” for each LAN server side.

This link explains the openvpn part of it well, perhaps you can adapt to this router.

https://community.openvpn.net/openvpn/wiki/RoutedLans?__cf_chl_jschl_tk__=4354d11debe57314fd77934379315a25d5a93cd6-1607805997-0-AdloaYK_58EmCsocb-Gxsr-niWoqy2E6Qr5xsi7vn4b1u8hAV4jmAvD7CUELV4_M1sChwMsCHKAZm-wexzoX9dKS_QOtf2F8Hx-ioTHYu7UF2-EVWHE926rJPetRlhyhzEYCxnZssSd_ulSYS5jalho0nskcpi76RCzuCRQxLUZfPnKloPxbC2S22xrEnIo0kDpYt6Zzo_4ojPTqotIszBVnIAqJYFPmXiFyVGjBBanQjmtRNd1LILxljCiRm4MdogKlrQTvFg91_RWeQvn0Kis-k5cPtkoFy3DzGVwNeF3vyqRCIQDoWkWMPojoKWZRgQUvFk0rgCaAaxS3riSVmEU

alzhao · December 14, 2020, 3:07pm

If you use tap, you should use 3.105 firmware which can detect tap proto and set up bridge. So all devices behind the remote router will be bridged to your ovpn server.

But our ready solution is Site-to-Site Network - GL.iNet

This should be much simple and managed.

axebro · April 2, 2021, 3:14am

did you get this working?