Site-to-site, want all traffic through the tunnel

Hi, I would really appreciate if someone could help me to get out of my problem.

Bought two GL-MV1000 and successfully configured a site-to-site between them with GoodCloud (Cloud - GL.iNet Docs).

The result:

  • Hosts in LAN1 reach hosts in LAN2 (and viceversa) through the tunnel.
  • For each LAN, internet traffic does not enter the tunnel. It exits locally through the router’s wan port.

What I need:

  • Configure router1 so that LAN1’s internet traffic goes through the tunnel and then out through router2’ wan port.
  • Router2 should stay just as is (with LAN2 internet traffic going out of router2’s wan card).

Some details:

  • Router1 (called “main node” by Goodcloud) can be reached from the internet; router2 cannot.
  • Router1’s wan port is connected to my ISP’s router which has a public IP (and port forwarding to router1 is configured).
  • Router1 receives 192.168.1.250 (DHCP) from the ISP’s router.
  • Any host in LAN1 (192.168.10.0/24) can reach any host in LAN2 (192.168.9.0/24).
  • Outputs of route and ifconfig on router1:

root@GL-MV1000:/etc/config# route -ne
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.1.254 0.0.0.0 UG 10 0 0 wan
172.30.55.2 * 255.255.255.255 UH 80 0 0 wg1
192.168.1.0 * 255.255.255.0 U 10 0 0 wan
192.168.9.0 * 255.255.255.0 U 80 0 0 wg1
192.168.10.0 * 255.255.255.0 U 0 0 0 br-lan

root@GL-MV1000:/etc/config# ifconfig
br-lan Link encap:Ethernet HWaddr 94:83:C4:09:DC:54
inet addr:192.168.10.1 Bcast:192.168.10.255 Mask:255.255.255.0
inet6 addr: fe80::9683:c4ff:fe09:dc54/64 Scope:Link
inet6 addr: fd35:1066:3feb::1/60 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:9271830 errors:0 dropped:0 overruns:0 frame:0
TX packets:13892881 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3481872692 (3.2 GiB) TX bytes:9857357013 (9.1 GiB)

eth0 Link encap:Ethernet HWaddr 94:83:C4:09:DC:53
inet6 addr: fe80::9683:c4ff:fe09:dc53/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:23794222 errors:0 dropped:0 overruns:0 frame:0
TX packets:23291209 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:532
RX bytes:13746884819 (12.8 GiB) TX bytes:13662370911 (12.7 GiB)
Interrupt:9

lan0 Link encap:Ethernet HWaddr 94:83:C4:09:DC:54
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:3866096 errors:0 dropped:23 overruns:0 frame:0
TX packets:5673909 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1201498105 (1.1 GiB) TX bytes:4153016990 (3.8 GiB)

lan1 Link encap:Ethernet HWaddr 94:83:C4:09:DC:54
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5405828 errors:0 dropped:71 overruns:0 frame:0
TX packets:8218954 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2280378911 (2.1 GiB) TX bytes:5704330259 (5.3 GiB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:6038 errors:0 dropped:0 overruns:0 frame:0
TX packets:6038 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:814990 (795.8 KiB) TX bytes:814990 (795.8 KiB)

usb0 Link encap:Ethernet HWaddr 8E:83:C4:FF:DC:53
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

wan Link encap:Ethernet HWaddr 94:83:C4:09:DC:53
inet addr:192.168.1.250 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::9683:c4ff:fe09:dc53/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:14522298 errors:0 dropped:0 overruns:0 frame:0
TX packets:9398338 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:9741534919 (9.0 GiB) TX bytes:3618693158 (3.3 GiB)

wg1 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:172.30.55.1 P-t-P:172.30.55.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MTU:1420 Metric:1
RX packets:392 errors:0 dropped:0 overruns:0 frame:0
TX packets:52 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:29168 (28.4 KiB) TX bytes:4856 (4.7 KiB)

Made it. Now:

  • LAN2:
    hosts reach the internet through router2 (VPN not used)
    hosts reach LAN1 hosts through the VPN.
  • LAN1:
    hosts reach LAN2 hosts through the VPN
    hosts reach the internet through router1 (VPN not used) except for some subnets that are reached through router2 (the VPN is used).

How: from the goodcloud dashboard → “Site to Site” → Actions (view): the drawing of the site-to-site infrastructure is shown. Click on the gear wheel (settings) of router2 and fill in the “Allow be Access for the Following Subnets” section, adding the public subnets that you want hosts in LAN1 to reach through router2 (through the VPN).

1 Like

Hi.

ok, i have 3 routers in s2s

router 1 = main node
router 2,3 Node 1,2

i want that all devides in LAN on router 2 will use the router 1 (main node) to enter the internet and open websites and so on.

I have tried out the last explaination from buzz1 but how to router the date/traffic then?