Hi all. I have searched and read several threads here to help me, but none quite did the job. Perhaps everyone’s case is too distinct to make an overall tutorial, but I hope not.
My base case is a road-warrior (e.g. using unencypted wifi from a hotel or coffee shop), wanting to encrypt through the VPN from my computer at the hotel to my home router. Let’s assume that my home router (LAN IP 192.168.99.1), which connects all my home clients (192.168.99.101 through 192.168.99.250) to the Internet, is a GL-inet using 3.X firmware and running as the VPN Server, and my remote (in hotel room) router is also GL-Inet 3.X and running VPN Client. Although I haven’t actually tried yet, I am confident I can set this up, especially with the v 3.X version of the GL-inet firmware.
My understanding is that, by default, my data would flow through the VPN client (my hotel room router) back to my home router (VPN Server), after which, my network session would appear to be originating from my home, and unencrypted.
However, the data session would never enter my home LAN, and thus from the hotel VPN client, I would not be able to reach any client inside my home. In addition, the IP addresses between the VPN Client and VPN server would be different than the IP subnet inside my house.
First, is this understanding correct?
Second, how would you make it possible to access a specific IP address on my home LAN (e.g. 192.168.99.150) from my hotel router (or a tablet or other device connected to the hotel router).
Third, how would you make it possible to access all of the clients on my home LAN (192.168.99.X)?
Fourth, what are the pros and cons of allowing your VPN Client router access to my home LAN? Assume that my VPN Client router is never lost or compromised (e.g. attacker learns my admin passsword, etc.)?
Fifth, while I understand the newly offered site to site feature could do this, and I may adopt, but first I want to learn how I can do this myself. Would I do this with a VPN Policy? A config of my firewall on my home router?
Hopefully the answers will be broadly helpful to others trying to understand VPN forwarding between subnets.