Enable a device to use vpn

Routers VPN, DNS, Leaks
1

Hi everyone! I'm looking for some help configuring a device to use the OpenVPN client for internet access.

The challenge is that this device is not part of the local LAN, it’s connected to a different LAN behind a remote router. The two routers are linked via WireGuard:

  • The first router acts as a WireGuard client.
  • The second router is both a WireGuard server and an OpenVPN client.

I can’t use the "client device policy" feature in the VPN dashboard since the device is not in the local LAN.

Network setup: device → WireGuard client → WireGuard server + OpenVPN client → internet

Both routers are GL-MT3000 models.

I hope I’ve described my issue clearly—let me know if anything needs clarification! Thanks a lot for your help!

2

Double VPN.
Maybe ideas here

3

Hello,

Please refer this guide:

VPN1 is also including the MT3000 etc. GL router as VPN client.

1 Like
4

Thank you so much! This is exactly what I was looking for.

I just have one more quick question:
If I have two devices behind my remote router, and i want a set up like this:

Network setup:
device → WireGuard client → WireGuard server + OpenVPN client → internet
device → WireGuard client → WireGuard server → internet

Do I need to configure any 'Customized Routing Rules,' or is there a simpler way?
(Basically, I need only one of the two devices to use VPN cascading, while the other should reach the internet using my real local IP)

Thanks again!

5

I see, let's clarify one thing:

For the two devices behind the remote router, A+B both want to access the WG server (there may be some personal resources in your lab/home), but A go to OpenVPN client and B does not go to the OpenVPN Client.

If my understanding is right, this situation cannot be achieved in same one VPN server.

Because for the WG server router, the WG clients' packet arrives at the WG server and forwards to the OpenVPN client, it is impossible to distinguish which WG clients packet from, so it seems that the routing rules cannot be defined.

If want to achieve this requirement, you should have two VPN servers, client A goes to server A and client B goes to server B. That is, the subnets are different, it can distinguish them by routing.

Here kindly tips, try to verify to test:

The v4.8 firmware (MT3000 beta released) is supported, VPN Cascading (or say Connection Methods) is more liberalized.
Example:

  1. Upgrade to v4.8 firmware for 2 MT3000.

  2. On the server router, you can enable both OpenVPN server and WireGuard server, and only select WG server is Cascading to and the OpenVPN server do not select.

    image
    image1585×957 71.9 KB

  3. On the client router (v4.7 also is support, but a little different), disable the "Auto-select Configuration", select the device A in WireGuard client (or say Primary tunnel), and device B in OpenVPN client (or say Second tunnel).

image
image1586×957 68.5 KB

image
image1586×963 77.2 KB

image
image1588×944 75.5 KB

That, the network packet route:
A device → WireGuard client → WireGuard server + OpenVPN client → internet
B device → OpenVPN client → OpenVPN server → internet