I have two AXT1800s. The main location would have one setup as a VPN Server and the remote location would have the other setup as a VPN client.
I would like to have anything that is connected to the ATX1800 at the remote location get its IP address from the DHCP server on the main location’s network.
All traffic from the remote location would route to the main location for processing.
Is this possible? And if so, general directions would be appreciated before I dive in.
TIA
Afaik the necessary bridge mode is not supported by GL devices. Maybe I am wrong, but this is what I have in mind about it.
If not GL devices, are there any other devices that do support this type of connection?
Can you explain in a little more detail what you would like to accomplish? You can configure router A as a VPN Server (either OpenVPN or WIreguard) and router B as a VPN client, so that devices connecting to router B send all internet traffic including DNS through the VPN and router A to the internet.
I need the devices that connect to the remote router (setup as VPN client) to appear as devices on the same network/subnet as my office lan when the remote router is connected to the router that is configured as the vpn server. The router setup as the vpn server will be on the inside of my office lan.
Ok. I haven’t done this myself, I configured different subnets with routing between, but maybe openvpn bridge mode could meet your needs?
So I can’t use the ATX1800s to accomplish this, correct?
I don’t know. I know that people have configured tap interfaces in openwrt. I would need to test it on my AXT1800 but I am traveling for a few days.
For example:
If you could test and report back, that would be great. Thank you.
The instructions in the YouTube tutorial appear to work on AXT1800 firmware 4.4.6 with the following changes on the client router configuration:
Clients of both routers are on the same subnet and use the server DHCP server and gateway
I did not test performance. Note, if the server router or openvpn tunnel breaks, all devices connected to the client router will not work, as they depend on the server for DHCP. and internet access.
Do you know if in this configuration will broadcast packets will passed back and forth across the VPN?
What specific type of traffic do you need? Ability to support multicast is the main reason to use OpenVPN bridging. If there is a free implementation of the application I might be able try it
I have two devices that identify each other with broadcast packets. I don’t have any need for muticast. That being said my network doesn’t use multicast so it won’t be an issue if it does send multicast over the vpn.
Ok, I will start configuring tomorrow and will report back what I find.
Can I do this with the stock UI of the ATX1800 or will I need to install a different UI on the ATX1800?
It ought to work for broadcast as the openvpn bridge is layer 2. Yes, I used the stock gl-inet 4.4.6 firmware, which includes openwrt. There is a newer 4.5 out but I haven’t tried that yet. I only used the gl-inet admin interface to set the admin password and connect the WAN interface and upgrade the firmware to 4.4.6. After that, the System->Advanced menu takes you to the luci interface. Luci and ssh are used to configure. The gl-inet admin interface has its own menu system for configuring vpn but it doesn’t offer the right options, so you need to use the underlying openwrt luci interface. Because the luci web interface varies slightly from version to version, there are sometimes slight differences between our web interface and what appears in the tutorial. In particular the network submenu items are a little different but all the same options are available.
I haven’t upgraded to 4.5 yet, so I don’t know if it’s in the AXT1800, but I just saw that gl-inet added a TAP-S2S mode in firmware 4.5. Maybe this will magically do what you need without all the manual config? I don’t quite understand all the explanations, but the network diagram appears to show all clients on the same subnet.
Look at SoftEther, as it can work as a layer 2 Ethernet bridge, across great distances. I have SoftEther running on 3.x GL iNet firmware, and on multiple versions of generic OpenWrt including 23.05. I have not tried it on GL iNet 4.x firmware yet.
SoftEther is a really well done package, but as it is so versatile, it not always easy to get running in every configuration. It is not something I would recommend if you don’t have time and some networking skills.
How do I install SoftEther on the ATX1800?
I downloaded the SoftEther packages using the package manager, then used a Windows PC with the SoftEther remote manager software loaded to do my configuration, as explained in the SoftEther documentation.
I have SoftEther installed on multiple GL iNet routers including: USB150, AR750, AR750s, AR300m, running either GL iNet 3.x firmware or generic OpenWrt. I also have SoftEther running on Windows and Ubuntu.
As I don’t own a ARX1800, I cannot say for sure if it will work on it. I would start by seeing if SoftEther is listed as an available package to load.
Ok, SoftEther does load on the ATX1800. Just want to confirm…in my scenario I just want to install softether bridge on the remote side, not softether client. Correct?
Should I setup server on the main network side? Or am I installing bridge on both sides?
You need one system to be setup as a SoftEther VPN server, and then you can have one or more remote SoftEther bridge nodes. See:
https://www.softether.org/4-docs/2-howto/1.VPN_for_On-premise/3.LAN_to_LAN_Bridge_VPN
The SoftEther client is used when you have an individual client that wants to access a remote location using a routed connection.