How to connect LAN to LAN using VPN?

Hi Gurus,
How do I connect two LANs using the VPN available in AR750s. Assuming I have a Office LAN A in Country A and another Office LAN B in country B, can I link them up using VPN and let them form a Big Network so that each device in one LAN and access another device in another LAN? Can each device opts to access internet through Router A or Router B.
Is the scenario achievable with two AR750s with existing App ?
Any advice would be highly appreciated.
Thank you.

Hello,

We have a site2site for you
You can download the testing firmware 3.026 from here
For setting up steps, please refer to Cloud - GL.iNet Docs

Great! Thank you very much. Will test it out.

@luochongjun

Thank you very much for pointing me to the developing project “Site to Site”
Yes, it achieved what I wanted to do to connect two LAN.
Thank you very much for introducing this new feature.

However, I have some concerns on the security due to the implementation
model using GoodCloud.

In the case of manual WireGuard, I let the server node generate a set of
public and private keys, than I pass over to the client node manually to set up
a connection. There is no need to involve GoodCloud.
Only I know the encryption keys.

In the current version of “site to site”, I deduced that the GoodCloud
control the generation of the encryption keys at the Main Node and pass
it over to the other Node. It is very convenient. However, this is exactly
the security loophole. People may ask "Can we trust the GoodCloud?
Goodcloud holds the encryption keys of our connections in my network.

I would feel more comfortable if I can implement the “Site to Site”
manually (NOT through GoodCloud"). Any plan to release a manual
implementation (without going through GoodCloud) to the those who
do not mind the trouble?

@luochongjun,
By the way, what is the connection between two devices (LAN) under “Site to Site” , is it a Wireguard or OpenVPN?

There is always a tradeoff between convenience and security concern. I mean security concern, not security itself.

We don’t keep the private keys but it depends if you trust us. When using Cloud the cloud can always generate key again and replace those in the router even it does not keep the keys. But this is alway other Wireguard VPN providers are doing. If you are using OpenVpn protocols you face the same problems as well: Keys are generated from the server side.

But we do let a user to configure by him/herself. Just a little complicated.

Use the Wireguard,if you are a developer, you can configure it manually

Using “GoodCloud” means deprivation of your right of privacy and data security.

It’s exactly as using any VPN service, no different for privacy.

NO, it is in NO case like a VPN-Provider !

Goodcloud is a client-server system which is able to control the clients = routers of Gl.inet !

Goodcloud has some similarities with a command-and-control system (C&C-System) .

It has also some functions like a Man-In-The-Middle.

If a user has a Abo let’s say with “Mullvad”, why should GL.iNet have access to encryption keys, etc. like an admin similar to the owner of the router ?

Comparing Goodcloud to a VPN-Service is an intentional misinformation !

What i am saying is that a VPN provider has their terms of service you read and agree to.

In the same way all traffic is sent via the VPN and they can see your traffic. A government request renders your privacy voided. When you downloaded your VPN keys after payment, surprise, you didn’t use a second system such as tor to download them? Well they are now logged at the ISP, at the internet backbones that have traffic analysis (where CIA, FBI and others have logging) and multiple other locations. In your own VPN list most of the providers are in countries that must comply with the governments. VPN’s offer a false sense of security if not used properly.

It’s you that is spreading misinformation here. The API is public and anyone can read it here:
https://dev.gl-inet.com/

The cloud as you say only controls the router, no data is stored on the cloud except a token for control. All other functions are done on the router itself and data is not send back to GL. Everything is listed in the TOS.

Still don’t believe it? Ok do packet logging for a few days using the cloud and post the results here of what data is sent. You can do it with cloud enabled and disabled. Until then, don’t post useless comments and misinformation.

Regarding your answer, it looks like you are missing arguments:

You start fabulating about FBI, CIA etc. way off-topic and at the end you are insinuating in a dishonest way that my comments were useless and misinformation.

Without offending you (only facts!) take notice:

I am not interested in any crude discussion with people, who are showing misbehavior and latent aggressiveness .

Sorry to all others, lets return to the topic.

The following thread shows what I mean and contains remarkable information about “GoodCloud” regarding privacy and security:

          https://forum.gl-inet.com/t/goodcloud-xyz/7496

@AlZhao Please take notice

Your comments are complete misinformation as you don’t provide any kind of proof and just state things as facts. You still haven’t posted any data dumps, any kind of analysis to anything you are saying.

You are linking to a thread where a user found the api URLs (which are public and documented on the GL site), while saying that full control of the router can be done, but fails to state that when the router has the cloud disabled, the server can’t control anything. That user has also not provided any logs, packet data or anything to “prove” (cos he can’t) that the server can do anything without your permission. You are basing your “facts” on something that is also misleading and dishonest as you say.

OK. I did take notice

  • I understand your concern and this is valuable to our product design/development. Your challenge is accepted.

  • Cloud is designed to make things easy and make things work.

  • All cloud has security and privacy issues you mentioned. It is not about one package or API. One can just use udp/tcp to achieve all of this. We make APIs which is for easy, development and transparency.

  • We are taking necessary steps to make it more secure and trustworthy, as said in your linked post. We don’t acknowledge that it is not secure unless you find the security bugs. Welcome white hat!

Regarding your fourth point of your post I cite in spirit:

-Company stance: Our code is secure till you find some bugs !

I will play here devil’s advocate and show the other side of the coin:

-Security stance: The code is insecure till you prove it’s secure

Only Quality products are making end’s meet with these two objectives.

Otherwise I am with you. And thanks for stepping in.

I agree with you but

The security stance is for our engineers. They need to prove the product is secure to the company.

To the clients, the company can declare but even with all the source code open, no one can prove because the deployed products may not use exactly the source code.

You can question whatsapp, telegram and they will tell you that they will not oversee your messages. But still it depends on you to trust them or not.

I agree with you:

Trust is a big theme in this context.

It may be helpful if one knows better about how good or bad a company is

managing this security stance.

Often you are able to form an opinion from outside a company about this

internal security stance with the aid of the external Bug Management System

used by clients reporting bugs.

It’s like a fingerprint of the internal security and quality stance of a company

and often gives you more information than the company wants to expose.

This often achieves to loose (or sometimes gain) confidence (trust) in a company.