After creating a VPN server and successfully adding some routers as clients, I’m able to see all the routers and ping them from the server, but I cannot reach any devices behind these router, for example
I’m able to ping router one ping 192.168.30.17 from the server but I cannot ping 192.168.8.10
VPN allowed to talk to client side network?
I’m not sure how I’m new to this, and trying to figure it out step by step
You can do port forward on each GL.iNet routers.
You can also try tap mode and the router will bridge the client devices to your vpn server.
Check this guide OpenVPN Bridge - GL.iNet Docs
Best way, use our managed Site2Site solution.
Thanks alzaho, but how I can connect my cloud server to the goodcloud?
You cannot. You need to use a GL router as the server.
This is the most important thing connecting my vps to the routers
in this case, I will not use goodcloud but I want any solution so I can connect my vps server to the routers and the devices behind these routers as a one lan
Since your cloud server is running Softether have you thought of just running the Softether software on your AR750, and use Softether to bridge your sites together without OpenVPN? Softether has its own VPN protocol which is multi-threaded and secure. Unfortunately there is a lot of bloat in the current GL iNet firmware, and with the AR750 only having 16M of flash, the Softether plug-ins do not fit. You would probably want to run the generic OpenWRT firmware for the AR750 which uses a lot less flash and would allow you to install the Softether plug-ins. As you are using the AR750 for a very specific task, there is no reason to run the GL iNet firmware. The Softether Windows based GUI would give you a nice interface to manage all your VPN routers remotely.
I have used Softether for years on my VPN servers. I have my own custom installation of the SoftEther client running on the GL iNet firmware on my travel AR750s, as it has a lot more flash than the AR750.
Remember that each subnet in your topology needs to be unique, and each VPN IP has to be unique.
Also, while I’m not familiar with Softether, be aware that this kind of network can have surprising bottlenecks based on upload/download encryption/decryption speeds. If your Cloud VPS is, say, on Oracle’s free tier, with symmetrical 500/500 speeds, it might not matter much, but if one of the notes is 100/10, uploads are going to be limited to that 10. You might be better off making direct connections among the networks.
Softether gives you the choice of running as a flat bridged network (layer 2) including vlan support, or as a routed network with each site having its own IP address space (layer 3). It is really great software for building out this type of system as it allows you to extend your Ethernet securely over the Internet. In the newer 5.x code they have added in support for the Wireguard protocol and support for CHACHA 20 encryption.
See: SoftEther / VPN · GitLab
So I connected the pc now over the router and this router is connected through openVpn client to the vps
and PC now is logging to the internet through OpenVPN and have the VPS IP but how I can connect to this PC from my vps?
Are you saying that your PC can connect through the VPS to the Internet, but not connect to the VPS itself? If so, did you configure Softether with SecureNAT?
I think he is saying he can’t connect back down from the VPS to his PC.
yes I enable the secure NAT and now I can connect to the internet through my VPN but I want to be able to ping my PC from the vps
Using SecureNAT only allows for simple exit of the packets. It is secure, but very limited. You need to turn it off, and create a local bridge to a TAP device, give it an IP address, probably setup a dhcp server, … Not hard, but a little time consuming.
Using OpenVPN vs the native the Softether protocol is going to be a problem. If you really just want to use OpenVPN, then I would get rid of Softether and install the standard OpenVPN packages. From my understanding, Softether really is only setup to use OpenVPN as a VPN protocol and not as a bridge protocol, as it has its own bridging and routing package. You may get it to work, but its going to be hard.